chore(deps): bump the go-minor-and-patch group with 70 updates#3193
Merged
migmartri merged 3 commits intoJun 12, 2026
Conversation
dependabot
Bot
added
dependencies
migmartri
force-pushed
the
dependabot/go_modules/go-minor-and-patch-11eadb3c32
branch
from
2881fd9 to
0106517
Compare
Contributor
AI Session Analysis
|
| Status | Attribution | File | Lines |
|---|---|---|---|
| modified | ai | app/controlplane/plugins/core/guac/v1/guac_test.go |
+8 / -4 |
Policies (4)
| Status | Policy | Material | Messages |
|---|---|---|---|
| ✅ Passed | ai-config-ai-agents-allowed |
ai-coding-session-d31e26 |
- |
| ✅ Passed | ai-config-no-dangerous-commands |
ai-coding-session-d31e26 |
- |
| ✅ Passed | ai-config-no-secrets |
ai-coding-session-d31e26 |
- |
| ✅ Passed | ai-config-mcp-servers-allowed |
ai-coding-session-d31e26 |
- |
Powered by Chainloop and Chainloop Trace
This was referenced Jun 12, 2026
--- updated-dependencies: - dependency-name: cloud.google.com/go/secretmanager dependency-version: 1.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: code.cloudfoundry.org/bytefmt dependency-version: 0.75.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: cuelang.org/go dependency-version: 0.16.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/adrg/xdg dependency-version: 0.5.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.41.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.32.22 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.19.21 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager dependency-version: 1.42.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/aws/aws-sdk-go-v2/service/sso dependency-version: 1.31.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/aws/smithy-go dependency-version: 1.27.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/coreos/go-oidc/v3 dependency-version: 3.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/docker/go-connections dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/getsentry/sentry-go dependency-version: 0.46.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/go-kratos/kratos/v2 dependency-version: 2.9.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/google/wire dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/googleapis/gax-go/v2 dependency-version: 2.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/hashicorp/vault/api dependency-version: 1.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/jedib0t/go-pretty/v6 dependency-version: 6.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/lib/pq dependency-version: 1.12.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/rs/zerolog dependency-version: 1.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/secure-systems-lab/go-securesystemslib dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/spdx/tools-golang dependency-version: 0.5.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: go.uber.org/zap dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: google.golang.org/api dependency-version: 0.274.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: google.golang.org/grpc dependency-version: 1.81.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: buf.build/go/protovalidate dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: buf.build/go/protoyaml dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: cloud.google.com/go/storage dependency-version: 1.62.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-version: 1.21.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/storage/azblob dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager dependency-version: 1.22.24 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.103.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/casbin/casbin/v2 dependency-version: 2.135.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2 dependency-version: 2.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/in-toto/attestation dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/invopop/jsonschema dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/nats-io/nats-server/v2 dependency-version: 2.14.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/nats-io/nats.go dependency-version: 1.51.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/openvex/go-vex dependency-version: 0.2.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/cosign/v3 dependency-version: 3.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/fulcio dependency-version: 1.8.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/protobuf-specs dependency-version: 0.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/sigstore-go dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/sigstore/timestamp-authority/v2 dependency-version: 2.1.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/zricethezav/gitleaks/v8 dependency-version: 8.30.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: gitlab.com/gitlab-org/security-products/analyzers/report/v5 dependency-version: 5.13.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: go.step.sm/crypto dependency-version: 0.81.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: google.golang.org/genproto/googleapis/api dependency-version: 0.0.0-20260526163538-3dc84a4a5aaa dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: google.golang.org/genproto/googleapis/bytestream dependency-version: 0.0.0-20260511170946-3700d4141b60 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/vektah/gqlparser/v2 dependency-version: 2.5.33 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc dependency-version: 0.67.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-version: 1.43.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/fsouza/fake-gcs-server dependency-version: 1.54.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/hashicorp/go-plugin dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: github.com/minio/minio-go/v7 dependency-version: 7.0.98 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch - dependency-name: github.com/prometheus/common dependency-version: 0.68.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: go.opentelemetry.io/otel dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: go.opentelemetry.io/otel/trace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: golang.org/x/crypto dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-and-patch - dependency-name: k8s.io/apimachinery dependency-version: 0.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
The kratos v2.9.2 bump in this group moves its auth/jwt middleware to golang-jwt/v5, so the codebase must use v5 to interoperate at the middleware boundary. Migrate all JWT usage from v4 to v5: - Switch all imports to github.com/golang-jwt/jwt/v5 and drop v4 from go.mod. - Replace the removed Claims.Valid() with the v5 ClaimsValidator Validate() method on the CAS robot-account claims. - Replace the removed RegisteredClaims.VerifyAudience helper with a small GetAudience-based audience check (claimsHaveAudience). - Replace v4 *ValidationError bitmask handling with v5 sentinel errors (errors.Is against jwt.ErrTokenMalformed/Expired/NotValidYet). - Fix a token test fixture whose signature segment was not valid base64, which v5's stricter ParseUnverified now rejects. Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Chainloop-Trace-Sessions: 8335ea5b-d667-4053-8a95-5633a6aedad0
The fake-gcs-server upgrade no longer tolerates stopping the server before the tests run, so move the Stop call from SetupTest to TearDownTest. Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Chainloop-Trace-Sessions: d31e2664-2e8f-4fba-af3c-11a534992986
migmartri
force-pushed
the
dependabot/go_modules/go-minor-and-patch-11eadb3c32
branch
from
0106517 to
7fcf95a
Compare
migmartri
approved these changes
Jun 12, 2026
migmartri
deleted the
dependabot/go_modules/go-minor-and-patch-11eadb3c32
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsAI disclosure: This PR was rebased onto main and fixed up (golang-jwt v4 to v5 migration for kratos 2.9.2, fake GCS server test teardown fix) with AI assistance (Claude Code).
🤖 Posted by Maximus bot (Claude Code) on behalf of @migmartri