Bump github.com/sigstore/rekor from 1.4.0 to 1.4.1 in the all group #339

dependabot · 2025-08-29T20:06:06Z

Bumps the all group with 1 update: github.com/sigstore/rekor.

Updates github.com/sigstore/rekor from 1.4.0 to 1.4.1

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.4.1

Changelog

7c83add6b10b15d4665b1773ccb6144da95394b7 add changelog for v1.4.1 release (#2597)

978d430f0599737a3716712731bc3e3dcf8c4ea6 build(deps): Bump google.golang.org/api from 0.246.0 to 0.248.0 (#2595)

692a2aafc9d09618e5a51feef6f26bf94ce040cb build(deps): Bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#2596)

04cf79c6e5512d51796c4fcfba0af05cea6d2db5 build(deps): Bump the all group with 2 updates (#2593)

f6e19d80e2dcfaa4bafe976f759f7b4dc1a3c0d8 build(deps): Bump github.com/stretchr/testify from 1.10.0 to 1.11.0

d34ab93bacd15f02d0a76933cbbaab3008136702 build(deps): Bump go.step.sm/crypto from 0.69.0 to 0.70.0

ee8f373f27a84ef6df433f8983afb52aad74782f build(deps): Bump google.golang.org/protobuf in the all group

1fcc0a64f121936a0c806db17394e5801e873ed8 build(deps): Bump google.golang.org/grpc from 1.74.2 to 1.75.0

8038b35a398a48a863ca3b4da7816f6fe3cb8bd2 build(deps): Bump google.com/cloudsdktool/google-cloud-cli

7b8da09119cc4345234fabe41e1456e813f508df build(deps): Bump actions/checkout from 4.3.0 to 5.0.0

ec92ffe2b94f1c6d63004b0d85e73c40ac0f2b56 build(deps): Bump github.com/redis/go-redis/v9 from 9.11.0 to 9.12.1

96937bf08c14dbf7c0a81bd21cd2741562424528 build(deps): Bump github.com/go-viper/mapstructure/v2

907cc317d596fd74b2a2d5595b7a9af922b91bcb build(deps): Bump github.com/go-viper/mapstructure/v2 in /hack/tools

cdd95725eb110514391daf272a976b40a899bf7d use less expensive gRPC call to implement GetLeafAndProofByHash (#2581)

97e852137553b583388af781ad5820a78a47d27c move to per-shard trillian client manager (#2564)

9ea5d3a7fbc8c2b285c3936182b72e70352336d4 use cheaper gRPC endpoint when we already have the inclusion proof (#2580)

a7768259127ee26d61e71738c4394cd501f767a0 simplify hash and signature verification in rekord type (#2579)

b73bee38e92a18f7f27403f0f78e4aa8c21cd0af build(deps): Bump google.golang.org/api from 0.245.0 to 0.246.0

c0e965ab1f74669f20672bd38b4e8f76ac91f0cf build(deps): Bump go.step.sm/crypto from 0.68.0 to 0.69.0 (#2577)

f97155a3d47d87687b59a527faa0cba88b7b4052 build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2572)

9d72099c9081b22b939300163a653898526fbf53 build(deps): Bump golang.org/x/mod from 0.26.0 to 0.27.0 (#2571)

ce643733aa0730e330795d756765319a717ba4e8 build(deps): Bump golang from 1.24.5 to 1.24.6 in the all group (#2568)

1defac6e13d9700c914cdb99d76f0266b7f1420a build(deps): Bump the all group with 3 updates (#2567)

3764030d20cf1e4ab9387c1fc190f4efb8a89155 build(deps): Bump the all group with 2 updates (#2565)

d2372a3781b58211f7d6b49b877fdc822093cf9e use correct type; just look for len() instead of nil check (#2576)

1720e3eae862b2fa7a292ea0a074e3b143d0cda2 return correct error if GetLeafAndProofByHash fails (#2574)

4b655cc2374e05471afee2a09ef383980615c4cf build(deps): Bump golang.org/x/net from 0.42.0 to 0.43.0

2cbf2d6ed4fa20f69daab630faac9a828486f88a add go mod updates

21758e03780396c68dddd6c9dbd714c3c0bae781 move to v2 api

c36cdfdba25b5e35544ab4fa6ad2a4c49d89dca7 build(deps): Bump cloud.google.com/go/pubsub from 1.49.0 to 1.50.0

bdb43b805b57fe9449c737578c9aba32952a7f30 build(deps): Bump google.golang.org/api from 0.242.0 to 0.244.0 (#2561)

9cf5f665780c407ba1c4bae0c8d605907cd3bc76 build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2556)

0b80f3f32d8bb37557f8f25b1debe6ae28a793d3 sec(deps): update go-chi/chi to v5

62d4ab4a582d08453372a7b4355bc9435f8875f6 build(deps): Bump google.golang.org/grpc from 1.73.0 to 1.74.2

9b894c13342ffeca3e977edc0a672ca371e00dd4 build(deps): Bump sigs.k8s.io/yaml from 1.4.0 to 1.6.0

e131eab108758711ad272ba2c1e1df87b21eb9d4 build(deps): Bump github.com/prometheus/client_golang

edb7c4fa2ff21c61c2a7991293771fc6923d482a build(deps): Bump github.com/redis/go-redis/v9 from 9.10.0 to 9.11.0

ac17a05649bd7eb209a2bee8fb167d2fdb7c237f build(deps): Bump the all group with 2 updates

437244a4821380a33022e6655cb231884789385f build(deps): Bump the all group with 2 updates

88f9fb97cd621905713bab0f9d518711d1b9329e build(deps): Bump golang from 14fd8a5 to ef5b4be

ed92cb62a2cf6354a5dcb61d0ac8732a56583197 build(deps): Bump go.step.sm/crypto from 0.67.0 to 0.68.0

58962be5cf37a8dae007effebabba8133ee10798 fix incorrect client lb policy in test config (#2551)

Thanks for all contributors!

What's Changed

fix incorrect client lb policy in test config by @bobcallaway in sigstore/rekor#2551

build(deps): Bump go.step.sm/crypto from 0.67.0 to 0.68.0 by @dependabot[bot] in sigstore/rekor#2559

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.4.1

This release includes updated dependencies for known CVEs, as well as some optimizations to minimize gRPC traffic between Rekor and Trillian.

Fixes

use less expensive gRPC call to implement GetLeafAndProofByHash (#2581)

move to per-shard trillian client manager (#2564)

use cheaper gRPC endpoint when we already have the inclusion proof (#2580)

simplify hash and signature verification in rekord type (#2579)

use correct type; just look for len() instead of nil check (#2576)

return correct error if GetLeafAndProofByHash fails (#2574)

fix incorrect client lb policy in test config (#2551)

numerous upgraded dependencies

Contributors

Bob Callaway

Carlos Alexandro Becker

Commits

7c83add add changelog for v1.4.1 release (#2597)
978d430 build(deps): Bump google.golang.org/api from 0.246.0 to 0.248.0 (#2595)
692a2aa build(deps): Bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#2596)
04cf79c build(deps): Bump the all group with 2 updates (#2593)
f6e19d8 build(deps): Bump github.com/stretchr/testify from 1.10.0 to 1.11.0
d34ab93 build(deps): Bump go.step.sm/crypto from 0.69.0 to 0.70.0
ee8f373 build(deps): Bump google.golang.org/protobuf in the all group
1fcc0a6 build(deps): Bump google.golang.org/grpc from 1.74.2 to 1.75.0
8038b35 build(deps): Bump google.com/cloudsdktool/google-cloud-cli
7b8da09 build(deps): Bump actions/checkout from 4.3.0 to 5.0.0
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 1 update: [github.com/sigstore/rekor](https://github.com/sigstore/rekor). Updates `github.com/sigstore/rekor` from 1.4.0 to 1.4.1 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-version: 1.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 29, 2025

dependabot bot force-pushed the dependabot/go_modules/all-c3fb94c022 branch from f28147e to 6c70889 Compare September 5, 2025 20:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump github.com/sigstore/rekor from 1.4.0 to 1.4.1 in the all group #339

Bump github.com/sigstore/rekor from 1.4.0 to 1.4.1 in the all group #339

Uh oh!

dependabot bot commented on behalf of github Aug 29, 2025 •

edited

Loading

Uh oh!

Uh oh!

Bump github.com/sigstore/rekor from 1.4.0 to 1.4.1 in the all group #339

Are you sure you want to change the base?

Bump github.com/sigstore/rekor from 1.4.0 to 1.4.1 in the all group #339

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 29, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.4.1

Changelog

Thanks for all contributors!

What's Changed

v1.4.1

Fixes

Contributors

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Aug 29, 2025 •

edited

Loading