Skip to content

chore(deps): bump github.com/sigstore/sigstore-go from 1.1.4 to 1.2.0#3692

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/sigstore/sigstore-go-1.2.0
Open

chore(deps): bump github.com/sigstore/sigstore-go from 1.1.4 to 1.2.0#3692
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/sigstore/sigstore-go-1.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/sigstore/sigstore-go from 1.1.4 to 1.2.0.

Release notes

Sourced from github.com/sigstore/sigstore-go's releases.

v1.2.0

What's Changed

New Contributors

... (truncated)

Commits
  • 8ca80c4 Fix conformance test failures for managed-key verification (#561) (#638)
  • 40d743a Bump the minor-patch group across 2 directories with 10 updates (#637)
  • 7960906 Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#631)
  • ef6e924 Encode Rekor v2 DSSE envelopes as hashedrekord (#627)
  • 56c2528 Verify Rekor v2 inclusion using reconstructed leaf hash (#635)
  • dbb07e6 Prevent multi-log threshold bypasses via single compromised log (#633)
  • 7e8ee0f bundle: cap raw TlogEntries length before per-entry parse (#630)
  • 58c7950 Bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 (#624)
  • 1ad51ea Bump github.com/in-toto/in-toto-golang (#623)
  • 566ec6c Bump sigstore/sigstore-conformance from 0.0.26 to 0.0.27 (#621)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jul 10, 2026
@tekton-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign savitaashture after the PR has been reviewed.
You can assign the PR to them by writing /assign @savitaashture in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jul 10, 2026
@codecov-commenter

codecov-commenter commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 25.51%. Comparing base (6a356d3) to head (2b507e0).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #3692   +/-   ##
=======================================
  Coverage   25.51%   25.51%           
=======================================
  Files         448      448           
  Lines       23309    23309           
=======================================
  Hits         5948     5948           
  Misses      16675    16675           
  Partials      686      686           
Flag Coverage Δ
unit-tests 25.51% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Bumps [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) from 1.1.4 to 1.2.0.
- [Release notes](https://github.com/sigstore/sigstore-go/releases)
- [Commits](sigstore/sigstore-go@v1.1.4...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore-go
  dependency-version: 1.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/sigstore/sigstore-go-1.2.0 branch from 45807b8 to 2b507e0 Compare July 13, 2026 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants