Skip to content

chore(deps): bump github.com/sigstore/rekor from 1.5.0 to 1.5.2#3583

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/sigstore/rekor-1.5.2
Open

chore(deps): bump github.com/sigstore/rekor from 1.5.0 to 1.5.2#3583
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/sigstore/rekor-1.5.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/sigstore/rekor from 1.5.0 to 1.5.2.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.2

Changelog

  • 759b98e2a7c39ea9779b6a51299c5f0f987f8802 alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee26edd8631dd417166907093a9f13b85e5 Support restricting kinds on insertion (#2814)
  • a10818a8778dcb58eb582d00ffda4b2c86bf190b fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#2812)
  • 8a2f3a2dd023b81ad8b63e2f365676ec438dc9fa add checks to ensure returned entries match client inputs to rekor-cli (#2799)
  • 0e88bac01d1173b8b2cbc8ed790106441573bbdb add nil pointer check to resolve fuzzing crash (#2807)
  • 93da954478a2ffb1821d4904a80d9a5cbe268324 client: surface last-response details after retries are exhausted (#2796)
  • 4d67ecd8ec810bc6af9761ad10ebd2ac899cfdbd Fix internal error detail leakage in 500 responses (#2801)
  • b34ca94fc01405cb50acb956cc181d57382a6b2d add defensive check to ensure tid is in config ahead of getting client (#2795)
  • 656c832ab90feef91f5dcc751ae1cb851c73f4bd restapi: include inactiveShards in the homepage total count (#2797)

Thanks for all contributors!

v1.5.1

Changelog

  • 2d46808ce98c3dd26158364ae28f4c49921c9b0d optimize memory for DSSE v0.0.1 processing (#2766)
  • 6de110d1deb7fa2d9145584fd9446608ce1a777c return correct errors in rare failure situations (#2753)
  • 7ff7c692f51d6060c6eebba0480536f5ba28abb5 raise error if decoding hash fails during inclusion proof (#2754)

Thanks for all contributors!

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.5.1

Features

  • optimize memory for DSSE v0.0.1 processing (#2766)

Bug Fixes

  • Type assert the entry bundle when verifying inclusion proof (#2755)
  • return correct errors in rare failure situations (#2753)
  • raise error if decoding hash fails during inclusion proof (#2754)
Commits
  • 3b75cd9 build(deps): Bump the all group across 1 directory with 7 updates (#2829)
  • 759b98e alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee Support restricting kinds on insertion (#2814)
  • a10818a fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#...
  • c31f3fc build(deps): Bump cloud.google.com/go/profiler from 0.4.3 to 0.6.0
  • f2a9fb0 build(deps): Bump go.uber.org/zap from 1.27.1 to 1.28.0
  • e3ba248 build(deps): Bump golang in the all group across 1 directory
  • 62e5ddd build(deps): Bump github.com/go-openapi/swag from 0.25.5 to 0.26.0
  • f4f91d5 build(deps): Bump github.com/tink-crypto/tink-go-awskms/v2 to v3 (#2827)
  • 9bc540f build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2820)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump github.com/sigstore/rekor from 1.5.0 to 1.5.2
17302d0 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.0...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jun 29, 2026
@tekton-robot tekton-robot requested review from khrm and pratap0007 June 29, 2026 07:02
@tekton-robot

tekton-robot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign jkhelil after the PR has been reviewed.
You can assign the PR to them by writing /assign @jkhelil in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@khrm khrm Awaiting requested review from khrm
@pratap0007 pratap0007 Awaiting requested review from pratap0007

Assignees

No one assigned

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tekton-robot