chore(deps): Bump the minor-patch group across 1 directory with 8 updates by dependabot[bot] · Pull Request #1948 · sigstore/policy-controller

dependabot · 2026-03-23T17:51:58Z

Bumps the minor-patch group with 7 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2	`1.41.2`	`1.41.4`
github.com/letsencrypt/boulder	`0.20251110.0`	`0.20260317.0`
github.com/sigstore/rekor	`1.5.0`	`1.5.1`
golang.org/x/time	`0.14.0`	`0.15.0`
k8s.io/api	`0.35.2`	`0.35.3`
k8s.io/client-go	`0.35.2`	`0.35.3`
github.com/sigstore/scaffolding	`0.7.22`	`0.7.33`

Updates github.com/aws/aws-sdk-go-v2 from 1.41.2 to 1.41.4

Commits

b84293d Release 2026-03-13
6f28694 Regenerated Clients
f0f2436 Update endpoints model
042a1ea Update API model
f3d4207 test sigv4 stream signer (#3347)
56f2f26 Add polly SynthesizeSpeech presign missing fields serd (#3344)
a330a45 add changelog for #3283
58b98f6 Remove X-Amz-Security-Token header on redirect to different host (#3283)
238eead add changelog for #3238
65e8aea docs: fix typo (#3238)
Additional commits viewable in compare view

Updates github.com/letsencrypt/boulder from 0.20251110.0 to 0.20260317.0

Release notes

Sourced from github.com/letsencrypt/boulder's releases.

v0.20260317.0

What's Changed

test: Remove badNonce retries and increase nonce maxConnectionAge by @beautifulentropy in letsencrypt/boulder#8661

Remove ra.validateContacts because it is unused by @aarongable in letsencrypt/boulder#8666

Remove TODOs from challenge.RecordsSane by @aarongable in letsencrypt/boulder#8670

Remove sa.Count[Pending|Invalid]Authorizations2 by @aarongable in letsencrypt/boulder#8669

observer: add CCADB CRL prober by @jsha in letsencrypt/boulder#8644

test: make health-checker quieter by @jsha in letsencrypt/boulder#8671

CI: Drop go1.25.x by @beautifulentropy in letsencrypt/boulder#8675

vitess: add vschemas with vindexes by @jsha in letsencrypt/boulder#8634

Update publicsuffix-go (PSL) from v0.50.2 to v0.50.3 by @jprenken in letsencrypt/boulder#8678

ratelimits: stricter() should always prefer denied decisions by @beautifulentropy in letsencrypt/boulder#8674

Full Changelog: letsencrypt/boulder@v0.20260309.0...v0.20260317.0

v0.20260309.0

What's Changed

sa: improve errors from SetOrderError by @jsha in letsencrypt/boulder#8656

test: Update from go1.25.5 and go1.25.7 to go1.25.8 and go1.26.1 by @beautifulentropy in letsencrypt/boulder#8664

features: Small comment fix for DNSAccount01Enabled by @beautifulentropy in letsencrypt/boulder#8663

CI: Update release jobs to use go1.25.8 and go1.26.1 by @beautifulentropy in letsencrypt/boulder#8665

Full Changelog: letsencrypt/boulder@v0.20260303.0...v0.20260309.0

v0.20260303.0

What's Changed

Reduce maximum allowed valid authorization lifetime by @aarongable in letsencrypt/boulder#8648

observer: Reduce memory usage by @beautifulentropy in letsencrypt/boulder#8649

Remove extraneous top-level struct args to IsAnyNilOrZero by @aarongable in letsencrypt/boulder#8651

Fix miscellaneous value/pointer receiver mismatches by @aarongable in letsencrypt/boulder#8652

test: Update challtestsrv for dns-persist-01 by @beautifulentropy in letsencrypt/boulder#8653

Exempt ARI renewals from on-demand blocklisting by @aarongable in letsencrypt/boulder#8655

Full Changelog: letsencrypt/boulder@v0.20260225.0...v0.20260303.0

v0.20260225.0

What's Changed

build: support native architecture builds on ARM hosts by @sheurich in letsencrypt/boulder#8547

Run go fix by @mcpherrinm in letsencrypt/boulder#8636

release: tag based on refs/remotes/origin/main. by @jsha in letsencrypt/boulder#8640

observer: remove TCP prober by @jsha in letsencrypt/boulder#8637

Use context.WithoutCancel instead of context.Background by @aarongable in letsencrypt/boulder#8635

Don't modify http.DefaultTransport by @aarongable in letsencrypt/boulder#8641

VA: properly initialize slowRemoteTimeout by @aarongable in letsencrypt/boulder#8642

VA: ensure wildcard hostname is lowercased by @aarongable in letsencrypt/boulder#8643

Add blocklisting for recursive on-demand domains by @aarongable in letsencrypt/boulder#8646

Improve error handling in admin block-key and revoke-cert by @aarongable in letsencrypt/boulder#8647

... (truncated)

Commits

e7eb105 ratelimits: stricter() should always prefer denied decisions (#8674)
f05103a Update publicsuffix-go (PSL) from v0.50.2 to v0.50.3 (#8678)
d2c1c53 vitess: add vschemas with vindexes (#8634)
bb274ec CI: Drop go1.25.x (#8675)
b871820 test: make health-checker quieter (#8671)
00dd199 observer: add CCADB CRL prober (#8644)
84b88da Remove sa.Count[Pending|Invalid]Authorizations2 (#8669)
e30bf45 Remove TODOs from challenge.RecordsSane (#8670)
a838861 Remove ra.validateContacts because it is unused (#8666)
a5929e6 test: Remove badNonce retries and increase nonce maxConnectionAge (#8661)
Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.5.0 to 1.5.1

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.1

Changelog

2d46808ce98c3dd26158364ae28f4c49921c9b0d optimize memory for DSSE v0.0.1 processing (#2766)

6de110d1deb7fa2d9145584fd9446608ce1a777c return correct errors in rare failure situations (#2753)

7ff7c692f51d6060c6eebba0480536f5ba28abb5 raise error if decoding hash fails during inclusion proof (#2754)

Thanks for all contributors!

Commits

bb573aa build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2773)
6188957 build(deps): Bump google.golang.org/api from 0.264.0 to 0.269.0 (#2770)
f76fb2a build(deps): Bump github/codeql-action in the all group (#2772)
ae85b80 build(deps): Bump github.com/redis/go-redis/v9 from 9.17.3 to 9.18.0 (#2769)
9836e32 build(deps): Bump the all group with 11 updates (#2768)
b81ecd3 build(deps): Bump gocloud.dev from 0.40.0 to 0.44.0 (#2757)
2d46808 optimize memory for DSSE v0.0.1 processing (#2766)
bd11cb9 build(deps): Bump go.step.sm/crypto from 0.74.0 to 0.76.2 (#2760)
c302fdb build(deps): Bump github.com/secure-systems-lab/go-securesystemslib (#2758)
3444350 build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#2763)
Additional commits viewable in compare view

Updates golang.org/x/time from 0.14.0 to 0.15.0

Commits

812b343 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Updates k8s.io/api from 0.35.2 to 0.35.3

Commits

3897036 Update dependencies to v0.35.3 tag
See full diff in compare view

Updates k8s.io/apimachinery from 0.35.2 to 0.35.3

Commits

See full diff in compare view

Updates k8s.io/client-go from 0.35.2 to 0.35.3

Commits

4f1f0a2 Update dependencies to v0.35.3 tag
f80003c Merge pull request #136903pohly/automated-cherry-pick-of-#136455
8b41556 fake client-go: un-deprecate NewSimpleClientset
See full diff in compare view

Updates github.com/sigstore/scaffolding from 0.7.22 to 0.7.33

Release notes

Sourced from github.com/sigstore/scaffolding's releases.

v0.7.31

What's Changed

Add namespace to tesseract images in sigstore/scaffolding#1792

Full Changelog: sigstore/scaffolding@v0.7.30...v0.7.31

v0.7.30

What's Changed

Build and publish GCP & POSIX TesseraCT in sigstore/scaffolding#1789

Full Changelog: sigstore/scaffolding@v0.7.29...v0.7.30

v0.7.29

What's Changed

This release reverts a previous change to the prober to allow for insecure gRPC connections, in favor of allowing for gRPC testing to be disabled.

Allow disabling Fulcio gRPC testing via flag in sigstore/scaffolding#1787

Full Changelog: sigstore/scaffolding@v0.7.28...v0.7.29

v0.7.28

What's Changed

Allow insecure transport for Fulcio gRPC requests to be configured by flag in sigstore/scaffolding#1786

Full Changelog: sigstore/scaffolding@v0.7.27...v0.7.28

v0.7.27

What's Changed

fix: Adjust Fulcio gRPC URL handling for internal services in sigstore/scaffolding#1774

Full Changelog: sigstore/scaffolding@v0.7.26...v0.7.27

v0.7.26

What's Changed

Build GCP omniwitness on release in sigstore/scaffolding#1775

Full Changelog: sigstore/scaffolding@v0.7.25...v0.7.26

v0.7.25

What's Changed

Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot[bot] in sigstore/scaffolding#1617

update docs and clean up scripts by @cpanato in sigstore/scaffolding#1624

Parallelize service setup by @cmurphy in sigstore/scaffolding#1618

... (truncated)

Commits

8bd6867 Fix TUF workflow file (#1842)
62e684c Fix goreleaser hook (#1841)
6c76ec3 Bump tesseract (#1835)
28cccde Move commands to separate modules (#1814)
9d6e1a3 Bump the docker-deps group across 3 directories with 3 updates (#1832)
4fb9911 Bump github.com/sigstore/timestamp-authority/v2 in the go-deps group (#1831)
08da4a8 Bump github.com/sigstore/fulcio from 1.8.2 to 1.8.3 (#1830)
f3ca261 Bump the go-deps group across 1 directory with 2 updates (#1828)
5f2eae0 Bump sigstore deps (#1826)
cb48a63 Add unit test job (#1823)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ates Bumps the minor-patch group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.2` | `1.41.4` | | [github.com/letsencrypt/boulder](https://github.com/letsencrypt/boulder) | `0.20251110.0` | `0.20260317.0` | | [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.5.0` | `1.5.1` | | [golang.org/x/time](https://github.com/golang/time) | `0.14.0` | `0.15.0` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.35.2` | `0.35.3` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.35.2` | `0.35.3` | | [github.com/sigstore/scaffolding](https://github.com/sigstore/scaffolding) | `0.7.22` | `0.7.33` | Updates `github.com/aws/aws-sdk-go-v2` from 1.41.2 to 1.41.4 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.2...v1.41.4) Updates `github.com/letsencrypt/boulder` from 0.20251110.0 to 0.20260317.0 - [Release notes](https://github.com/letsencrypt/boulder/releases) - [Changelog](https://github.com/letsencrypt/boulder/blob/main/docs/release.md) - [Commits](letsencrypt/boulder@v0.20251110.0...v0.20260317.0) Updates `github.com/sigstore/rekor` from 1.5.0 to 1.5.1 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.5.0...v1.5.1) Updates `golang.org/x/time` from 0.14.0 to 0.15.0 - [Commits](golang/time@v0.14.0...v0.15.0) Updates `k8s.io/api` from 0.35.2 to 0.35.3 - [Commits](kubernetes/api@v0.35.2...v0.35.3) Updates `k8s.io/apimachinery` from 0.35.2 to 0.35.3 - [Commits](kubernetes/apimachinery@v0.35.2...v0.35.3) Updates `k8s.io/client-go` from 0.35.2 to 0.35.3 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.2...v0.35.3) Updates `github.com/sigstore/scaffolding` from 0.7.22 to 0.7.33 - [Release notes](https://github.com/sigstore/scaffolding/releases) - [Changelog](https://github.com/sigstore/scaffolding/blob/main/release.md) - [Commits](sigstore/scaffolding@v0.7.22...v0.7.33) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.41.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/letsencrypt/boulder dependency-version: 0.20260317.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/sigstore/rekor dependency-version: 1.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: golang.org/x/time dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: k8s.io/api dependency-version: 0.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: k8s.io/apimachinery dependency-version: 0.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: k8s.io/client-go dependency-version: 0.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/scaffolding dependency-version: 0.7.33 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-30T18:51:44Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 23, 2026

dependabot bot closed this Mar 30, 2026

dependabot bot deleted the dependabot/go_modules/minor-patch-442c06bc5e branch March 30, 2026 18:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the minor-patch group across 1 directory with 8 updates#1948

chore(deps): Bump the minor-patch group across 1 directory with 8 updates#1948
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/minor-patch-442c06bc5e

dependabot bot commented on behalf of github Mar 23, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Mar 30, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.20260317.0

What's Changed

v0.20260309.0

What's Changed

v0.20260303.0

What's Changed

v0.20260225.0

What's Changed

v1.5.1

Changelog

Thanks for all contributors!

v0.7.31

What's Changed

v0.7.30

What's Changed

v0.7.29

What's Changed

v0.7.28

What's Changed

v0.7.27

What's Changed

v0.7.26

What's Changed

v0.7.25

What's Changed

Uh oh!

dependabot bot commented on behalf of github Mar 30, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 23, 2026 •

edited

Loading