build(deps): bump the go-deps group across 1 directory with 8 updates

[dependabot]

Bumps the go-deps group with 8 updates in the / directory:

Package	From	To
github.com/elazarl/goproxy	1.7.0	1.7.2
github.com/go-git/go-git/v5	5.13.2	5.15.0
github.com/minio/minio-go/v7	7.0.87	7.0.90
github.com/notaryproject/notation-go	1.3.0	1.3.1
github.com/onsi/gomega	1.36.2	1.37.0
github.com/ory/dockertest/v3	3.11.0	3.12.0
github.com/prometheus/client_golang	1.21.0	1.22.0
github.com/sigstore/sigstore	1.8.15	1.9.3

Updates github.com/elazarl/goproxy from 1.7.0 to 1.7.2

Release notes

Sourced from github.com/elazarl/goproxy's releases.

v1.7.2

What's Changed

• Avoid breaking changes and port them to the v2 branch instead

Full Changelog: elazarl/goproxy@v1.7.1...v1.7.2

v1.7.1

What's Changed

• Add MITM request cancel test by @​ErikPelli in elazarl/goproxy#644
• Bump golang.org/x/text from 0.21.0 to 0.22.0 in /ext by @​dependabot in elazarl/goproxy#645
• Bump golang.org/x/net from 0.34.0 to 0.35.0 in /ext by @​dependabot in elazarl/goproxy#647
• Bump golang.org/x/net from 0.34.0 to 0.35.0 by @​dependabot in elazarl/goproxy#646
• Add next protocols in default TLS configuration by @​ErikPelli in elazarl/goproxy#651

Full Changelog: elazarl/goproxy@v1.7.0...v1.7.1

Commits

• 09a5680 Revert "Add next protocols in default TLS configuration (#651)"
• 948b6ca Revert "Connect related changes - add optional hooks (#504)"
• 44bab45 Connect related changes - add optional hooks (#504)
• 0003d27 Add next protocols in default TLS configuration (#651)
• 591e8ff Merge pull request #646 from elazarl/dependabot/go_modules/golang.org/x/net-0...
• be1818f Merge pull request #647 from elazarl/dependabot/go_modules/ext/golang.org/x/n...
• 41dd5c9 Bump golang.org/x/net from 0.34.0 to 0.35.0 in /ext
• b0ba765 Bump golang.org/x/net from 0.34.0 to 0.35.0
• 1f65b1b Merge pull request #645 from elazarl/dependabot/go_modules/ext/golang.org/x/t...
• 3d75816 Bump golang.org/x/text from 0.21.0 to 0.22.0 in /ext
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.15.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.15.0

What's Changed

• plumbing: add cert auth support to releases/v5.x by @​Javier-varez in go-git/go-git#1482
• v5: Bump dependencies by @​pjbgf in go-git/go-git#1505

Full Changelog: go-git/go-git@v5.14.0...v5.15.0

v5.14.0

What's Changed

• v5: Bump Go and dependencies to mitigate GO-2025-3487 by @​pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/[email protected] which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

Commits

• 6f444d3 Merge pull request #1505 from pjbgf/bump
• 9996069 v5: Bump dependencies
• 768fda7 Merge pull request #1482 from Javier-varez/add-cert-auth-support-v5.x
• ba9d693 plumbing: support setting custom host key algorithms along with host key call...
• 61916be plumbing: re-add support for cert-authorities using skeema's HostKeyDB
• 863c621 Merge pull request #1436 from pjbgf/v5-bumps
• 2e69e81 build: Bump dependencies
• b2c1ec9 build: Bump Go versions
• See full diff in compare view

Updates github.com/minio/minio-go/v7 from 7.0.87 to 7.0.90

Release notes

Sourced from github.com/minio/minio-go/v7's releases.

Bugfix v7.0.90

What's Changed

• Add anonymous chunked encoding with trailing headers by @​klauspost in minio/minio-go#2084
• Implement AppendObject() API by @​harshavardhana in minio/minio-go#2082
• Update x/net version by @​BorjaOuterelo in minio/minio-go#2085
• Rety iterators by @​tlyons-cs in minio/minio-go#2087
• Add function for getting creds of remote client by @​shtripat in minio/minio-go#2089

New Contributors

• @​BorjaOuterelo made their first contribution in minio/minio-go#2085
• @​tlyons-cs made their first contribution in minio/minio-go#2087

Full Changelog: minio/minio-go@v7.0.89...v7.0.90

Bugfix Release

What's Changed

• add PurgeOnDelete to versioning config by @​poornas in minio/minio-go#2074
• Adds TokenRevokeType field to credential providers. by @​taran-p in minio/minio-go#2075
• make downtime info as map to denote per target info by @​Praveenrajmani in minio/minio-go#2079
• update deps and move CI/CD to go1.23, go1.24 by @​harshavardhana in minio/minio-go#2080
• update golint version by @​harshavardhana in minio/minio-go#2083

New Contributors

• @​taran-p made their first contribution in minio/minio-go#2075

Full Changelog: minio/minio-go@v7.0.88...v7.0.89

Bugfix Release

What's Changed

• add replication stat counters and downtime info types by @​Praveenrajmani in minio/minio-go#2071
• feat: add reverse version for listObjectVersions by @​jiuker in minio/minio-go#2072

New Contributors

• @​Praveenrajmani made their first contribution in minio/minio-go#2071

Full Changelog: minio/minio-go@v7.0.87...v7.0.88

Commits

• 68fb5ee Add function for getting creds of remote client (#2089)
• 1e5fd8a Replacing retry goroutines with iterators (#2087)
• 7502986 Update x/net version (#2085)
• 6c30280 Implement AppendObject() API (#2082)
• fb4bc4c Add anonymous chunked encoding with trailing headers (#2084)
• efd53f1 Update version to next release
• 8c92869 update golint version (#2083)
• 1744ff2 update deps and move CI/CD to go1.23, go1.24 (#2080)
• bf00584 make downtime info as map to denote per target info (#2079)
• 07d26d9 Adds TokenRevokeType field to credential providers. (#2075)
• Additional commits viewable in compare view

Updates github.com/notaryproject/notation-go from 1.3.0 to 1.3.1

Release notes

Sourced from github.com/notaryproject/notation-go's releases.

v1.3.1

Vote PASSED [+5 -0]: #517

Bug fix

• This patch release removes the timestamp check against signing time during authentic timestamp verification due to potential time skew and the unauthenticated nature of signing time field.

What's Changed

• bump: release v1.3.0 by @​Two-Hearts in notaryproject/notation-go#507
• fix: remove signing time check during authenticTimestamp by @​Two-Hearts in notaryproject/notation-go#514
• bump: bump up dependencies for release-1.3 branch by @​Two-Hearts in notaryproject/notation-go#516

Full Changelog: notaryproject/notation-go@v1.3.0...v1.3.1

Commits

• 961cef1 bump: release v1.3.1
• f171fb0 bump: bump up dependencies for release-1.3 branch (#516)
• 540cc34 fix: remove signing time check during authenticTimestamp (#514)
• 1864576 Merge pull request #507 from Two-Hearts/release-1.3
• See full diff in compare view

Updates github.com/onsi/gomega from 1.36.2 to 1.37.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.37.0

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

v1.36.3

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

Commits

• 272fca3 v1.37.0
• 5666f98 add To/ToNot/NotTo aliases for AsyncAssertion
• 2251143 v1.36.3
• adb8b49 bump all the things
• 7613216 chore: replace interface{} with any
• 9fe5259 Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822)
• a0e85b9 remove spurious "toolchain" from go.mod (#819)
• 604a8b1 Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823)
• 36fbc84 Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772)
• ced70d7 Bump github-pages from 231 to 232 in /docs (#778)
• Additional commits viewable in compare view

Updates github.com/ory/dockertest/v3 from 3.11.0 to 3.12.0

Release notes

Sourced from github.com/ory/dockertest/v3's releases.

v3.12.0

What's Changed

• chore(deps): bump github.com/docker/cli from 26.1.4+incompatible to 27.1.2+incompatible by @​dependabot in ory/dockertest#524
• chore(deps): bump actions/checkout from 3 to 4 by @​dependabot in ory/dockertest#514
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#526
• chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.15 by @​dependabot in ory/dockertest#538
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#527
• feat: use creds helper by @​GuillaumeSmaha in ory/dockertest#520
• added AuthConfigs to BuildOptions and pass that to BuildImage by @​DGollings in ory/dockertest#488
• add multiple test container example by @​akoserwal in ory/dockertest#515
• fix: trying to bind to an outbound ip returns an empty list of port bindings by @​atzoum in ory/dockertest#533
• chore(deps): bump golang.org/x/sys from 0.21.0 to 0.28.0 by @​dependabot in ory/dockertest#548
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#550
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#549
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#555
• chore(deps): bump github.com/docker/cli from 27.1.2+incompatible to 27.4.1+incompatible by @​dependabot in ory/dockertest#553
• chore(deps): bump github.com/opencontainers/runc from 1.1.15 to 1.2.3 by @​dependabot in ory/dockertest#551
• chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @​dependabot in ory/dockertest#547
• feat: add support for BuildKit when building images by @​tmc in ory/dockertest#416
• chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 by @​dependabot in ory/dockertest#539
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#554

New Contributors

• @​GuillaumeSmaha made their first contribution in ory/dockertest#520
• @​DGollings made their first contribution in ory/dockertest#488
• @​akoserwal made their first contribution in ory/dockertest#515
• @​atzoum made their first contribution in ory/dockertest#533

Full Changelog: ory/dockertest@v3.11.0...v3.12.0

Commits

• 8a76ff0 chore: update repository templates to ory/meta@bc60...
• 207b20a chore: update repository templates to ory/meta@83e7...
• fabf563 autogen: update license overview
• 4b1e539 chore: update repository templates to ory/meta@44ef...
• 46d1a7b chore: update repository templates to ory/meta@c091...
• 13e6e33 chore(deps): bump actions/stale from 4 to 9 (#554)
• 91b7d0b chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 (#539)
• 28c8c5b chore(deps): bump github.com/containerd/continuity from 0.4.3 to 0.4.5 (#545)
• eec3a4f feat: add support for BuildKit when building images (#416)
• f6e65ba chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#547)
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.21.0 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)

• [FEATURE] prometheus: Add new CollectorFunc utility #1724
• [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
• [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
• [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

• build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 by @​dependabot in prometheus/client_golang#1720
• build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 by @​dependabot in prometheus/client_golang#1719
• Update RELEASE.md by @​bwplotka in prometheus/client_golang#1721
• chore(docs): Add links for the upstream PRs by @​kakkoyun in prometheus/client_golang#1722
• Added tips on releasing client and checking with k8s. by @​bwplotka in prometheus/client_golang#1723
• feat: Add new CollectorFunc utility by @​Saumya40-codes in prometheus/client_golang#1724
• build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 by @​dependabot in prometheus/client_golang#1725
• build(deps): bump the github-actions group with 5 updates by @​dependabot in prometheus/client_golang#1726
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#1727
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#1731
• build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 by @​dependabot in prometheus/client_golang#1739
• build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by @​dependabot in prometheus/client_golang#1740
• Cleanup dependabot config by @​SuperQ in prometheus/client_golang#1741
• Upgrade Golang version v1.24 by @​dongjiang1989 in prometheus/client_golang#1738
• build(deps): bump the github-actions group with 2 updates by @​dependabot in prometheus/client_golang#1742
• Merging 1.21 release back to main. by @​bwplotka in prometheus/client_golang#1744
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#1745
• Add support for undocumented query options for API by @​mahendrapaipuri in prometheus/client_golang#1743
• exp/api: Add experimental exp module; Add remote API with write client and handler. by @​bwplotka in prometheus/client_golang#1658
• exp/api: Add accepted msg type validation to handler by @​saswatamcode in prometheus/client_golang#1750
• build(deps): bump the github-actions group with 5 updates by @​dependabot in prometheus/client_golang#1751
• build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 by @​dependabot in prometheus/client_golang#1752
• build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @​dependabot in prometheus/client_golang#1753
• exp: Reset snappy buf by @​saswatamcode in prometheus/client_golang#1756
• Merge release 1.21.1 to main. by @​bwplotka in prometheus/client_golang#1762
• exp: Add dependabot config by @​saswatamcode in prometheus/client_golang#1754
• build(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 in the github-actions group by @​dependabot in prometheus/client_golang#1764

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)

• [FEATURE] prometheus: Add new CollectorFunc utility #1724
• [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
• [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
• [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

1.21.1 / 2025-03-04

• [BUGFIX] prometheus: Revert of Inc, Add and Observe cumulative metric CAS optimizations (#1661), causing regressions on low contention cases.
• [BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.

Commits

• d50be25 Cut 1.22.0 (#1793)
• 1043db7 Cut 1.22.0-rc.0 (#1768)
• e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
• f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
• 9df772c build(deps): bump peter-evans/create-pull-request
• a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
• 60fd2b0 Remove go.work file for now
• 8f9d0de exp: Add dependabot config
• c5cf981 Merge pull request #1762 from prometheus/release-1.21
• 8a42da3 Fix ios build. (#1758)
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.15 to 1.9.3

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.9.3

What's Changed

• add proto hash algorithm to registry by @​loosebazooka in sigstore/sigstore#2048

New Contributors

• @​loosebazooka made their first contribution in sigstore/sigstore#2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

• Add tink package by @​cmurphy in sigstore/sigstore#2024
• pkg/signature: add P384/P521 compatibility algo to algorithm registry by @​ret2libc in sigstore/sigstore#2037

New Contributors

• @​cmurphy made their first contribution in sigstore/sigstore#2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

v1.9.1

What's Changed

• Implement default signing algorithms based on the key type by @​ret2libc in sigstore/sigstore#2014

Full Changelog: sigstore/sigstore@v1.9.0...v1.9.1

v1.9.0

What's Changed

• Update KMS policy for new plugin interface by @​haydentherapper in sigstore/sigstore#1987
• Update TUF root to latest v12 root by @​haydentherapper in sigstore/sigstore#1988
• build(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 by @​dependabot in sigstore/sigstore#1994
• upgrade go-jose to v4 by @​cpanato in sigstore/sigstore#2000
• pkg/signature: expose Algorithm Details information by @​ret2libc in sigstore/sigstore#2001

Full Changelog: sigstore/sigstore@v1.8.15...v1.9.0

Commits

• 1e63a21 add proto hash algorithm to registry (#2048)
• 404e5b5 Bump deps (#2047)
• 0a5d37c build(deps): Bump the gomod group across 1 directory with 2 updates (#2046)
• a14c5f0 build(deps): Bump actions/dependency-review-action in the all group (#2044)
• e842090 pkg/signature: add P384/P521 compatibility algo to algorithm registry (#2037)
• ac746e0 Update linter to v2 (#2041)
• 9e5a36c change how we copy keys (#2036)
• 8489e15 build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2028)
• d2fa167 build(deps): Bump the all group across 1 directory with 3 updates (#2032)
• 77973f8 build(deps): Bump golang.org/x/net in /pkg/signature/kms/azure (#2034)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions