build(deps): bump the go-deps group across 1 directory with 7 updates

[dependabot]

Bumps the go-deps group with 7 updates in the / directory:

Package	From	To
github.com/minio/minio-go/v7	7.0.87	7.0.91
github.com/notaryproject/notation-core-go	1.2.0	1.3.0
github.com/notaryproject/notation-go	1.3.0	1.3.2
github.com/onsi/gomega	1.36.2	1.37.0
github.com/ory/dockertest/v3	3.11.0	3.12.0
github.com/prometheus/client_golang	1.21.0	1.22.0
github.com/sigstore/sigstore	1.8.15	1.9.3

Updates github.com/minio/minio-go/v7 from 7.0.87 to 7.0.91

Release notes

Sourced from github.com/minio/minio-go/v7's releases.

Bugfix v7.0.90

What's Changed

• Add anonymous chunked encoding with trailing headers by @​klauspost in minio/minio-go#2084
• Implement AppendObject() API by @​harshavardhana in minio/minio-go#2082
• Update x/net version by @​BorjaOuterelo in minio/minio-go#2085
• Rety iterators by @​tlyons-cs in minio/minio-go#2087
• Add function for getting creds of remote client by @​shtripat in minio/minio-go#2089

New Contributors

• @​BorjaOuterelo made their first contribution in minio/minio-go#2085
• @​tlyons-cs made their first contribution in minio/minio-go#2087

Full Changelog: minio/minio-go@v7.0.89...v7.0.90

Bugfix Release

What's Changed

• add PurgeOnDelete to versioning config by @​poornas in minio/minio-go#2074
• Adds TokenRevokeType field to credential providers. by @​taran-p in minio/minio-go#2075
• make downtime info as map to denote per target info by @​Praveenrajmani in minio/minio-go#2079
• update deps and move CI/CD to go1.23, go1.24 by @​harshavardhana in minio/minio-go#2080
• update golint version by @​harshavardhana in minio/minio-go#2083

New Contributors

• @​taran-p made their first contribution in minio/minio-go#2075

Full Changelog: minio/minio-go@v7.0.88...v7.0.89

Bugfix Release

What's Changed

• add replication stat counters and downtime info types by @​Praveenrajmani in minio/minio-go#2071
• feat: add reverse version for listObjectVersions by @​jiuker in minio/minio-go#2072

New Contributors

• @​Praveenrajmani made their first contribution in minio/minio-go#2071

Full Changelog: minio/minio-go@v7.0.87...v7.0.88

Commits

• e8e8aca fix: incorrect set x-amz-date for signV4 (#2096)
• ed6737b Add 8 new aws region (#2090)
• c94afd8 Update version to next release
• 68fb5ee Add function for getting creds of remote client (#2089)
• 1e5fd8a Replacing retry goroutines with iterators (#2087)
• 7502986 Update x/net version (#2085)
• 6c30280 Implement AppendObject() API (#2082)
• fb4bc4c Add anonymous chunked encoding with trailing headers (#2084)
• efd53f1 Update version to next release
• 8c92869 update golint version (#2083)
• Additional commits viewable in compare view

Updates github.com/notaryproject/notation-core-go from 1.2.0 to 1.3.0

Release notes

Sourced from github.com/notaryproject/notation-core-go's releases.

v1.3.0

Vote PASSED [+4 -0]: #271

Updates

• Support of delta CRL during certificate revocation check.
• Upgraded go version to v1.23.0
• Error message fix and dependency updates.

What's Changed since v1.2.0

• feat: delta CRL by @​JeyJeyGao in notaryproject/notation-core-go#247
• bump: update go v1.23 by @​JeyJeyGao in notaryproject/notation-core-go#260
• build(deps): bump golang.org/x/crypto from 0.32.0 to 0.35.0 by @​dependabot in notaryproject/notation-core-go#261
• build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 by @​dependabot in notaryproject/notation-core-go#258
• fix: use iterator instead of looping through multiple slices by @​JeyJeyGao in notaryproject/notation-core-go#259
• build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 by @​dependabot in notaryproject/notation-core-go#262
• build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @​dependabot in notaryproject/notation-core-go#263
• build(deps): bump github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0 by @​dependabot in notaryproject/notation-core-go#265
• build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 by @​dependabot in notaryproject/notation-core-go#267
• fix: error message of SignatureAuthenticityError by @​Two-Hearts in notaryproject/notation-core-go#269

Full Changelog: notaryproject/notation-core-go@v1.2.0...v1.3.0

Commits

• ef87896 fix: error message of SignatureAuthenticityError (#269)
• 46726d8 build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 (#267)
• b85e8f7 build(deps): bump github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0 (#265)
• 4d73532 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#263)
• 6a378d5 build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 (#262)
• ea37e4e fix: use iterator instead of looping through multiple slices (#259)
• fcf4512 build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 (#258)
• 9c4662f build(deps): bump golang.org/x/crypto from 0.32.0 to 0.35.0 (#261)
• 441bbe8 bump: update go v1.23 (#260)
• 7510083 feat: delta CRL (#247)
• See full diff in compare view

Updates github.com/notaryproject/notation-go from 1.3.0 to 1.3.2

Release notes

Sourced from github.com/notaryproject/notation-go's releases.

v1.3.2

Vote PASSED [+5 -0]: #538

Update

• Error message and dependency updates

What's Changed since notation-go v1.3.1

• bump: release v1.3.1 by @​Two-Hearts in notaryproject/notation-go#517
• backport: from main to release-1.3 branch by @​Two-Hearts in notaryproject/notation-go#536

Full Changelog: notaryproject/notation-go@v1.3.1...v1.3.2

New Contributors

• @​qba73 made their first contribution in notaryproject/notation-go#529

v1.3.1

Vote PASSED [+5 -0]: #517

Bug fix

• This patch release removes the timestamp check against signing time during authentic timestamp verification due to potential time skew and the unauthenticated nature of signing time field.

What's Changed

• bump: release v1.3.0 by @​Two-Hearts in notaryproject/notation-go#507
• fix: remove signing time check during authenticTimestamp by @​Two-Hearts in notaryproject/notation-go#514
• bump: bump up dependencies for release-1.3 branch by @​Two-Hearts in notaryproject/notation-go#516

Full Changelog: notaryproject/notation-go@v1.3.0...v1.3.1

Commits

• 34a1aba bump: release v1.3.2
• c447774 backport: from main to release-1.3 branch (#536)
• 727046d Merge pull request #517 from Two-Hearts/release-1.3
• 961cef1 bump: release v1.3.1
• f171fb0 bump: bump up dependencies for release-1.3 branch (#516)
• 540cc34 fix: remove signing time check during authenticTimestamp (#514)
• 1864576 Merge pull request #507 from Two-Hearts/release-1.3
• See full diff in compare view

Updates github.com/onsi/gomega from 1.36.2 to 1.37.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.37.0

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

v1.36.3

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

Commits

• 272fca3 v1.37.0
• 5666f98 add To/ToNot/NotTo aliases for AsyncAssertion
• 2251143 v1.36.3
• adb8b49 bump all the things
• 7613216 chore: replace interface{} with any
• 9fe5259 Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822)
• a0e85b9 remove spurious "toolchain" from go.mod (#819)
• 604a8b1 Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823)
• 36fbc84 Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772)
• ced70d7 Bump github-pages from 231 to 232 in /docs (#778)
• Additional commits viewable in compare view

Updates github.com/ory/dockertest/v3 from 3.11.0 to 3.12.0

Release notes

Sourced from github.com/ory/dockertest/v3's releases.

v3.12.0

What's Changed

• chore(deps): bump github.com/docker/cli from 26.1.4+incompatible to 27.1.2+incompatible by @​dependabot in ory/dockertest#524
• chore(deps): bump actions/checkout from 3 to 4 by @​dependabot in ory/dockertest#514
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#526
• chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.15 by @​dependabot in ory/dockertest#538
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#527
• feat: use creds helper by @​GuillaumeSmaha in ory/dockertest#520
• added AuthConfigs to BuildOptions and pass that to BuildImage by @​DGollings in ory/dockertest#488
• add multiple test container example by @​akoserwal in ory/dockertest#515
• fix: trying to bind to an outbound ip returns an empty list of port bindings by @​atzoum in ory/dockertest#533
• chore(deps): bump golang.org/x/sys from 0.21.0 to 0.28.0 by @​dependabot in ory/dockertest#548
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#550
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#549
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#555
• chore(deps): bump github.com/docker/cli from 27.1.2+incompatible to 27.4.1+incompatible by @​dependabot in ory/dockertest#553
• chore(deps): bump github.com/opencontainers/runc from 1.1.15 to 1.2.3 by @​dependabot in ory/dockertest#551
• chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @​dependabot in ory/dockertest#547
• feat: add support for BuildKit when building images by @​tmc in ory/dockertest#416
• chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 by @​dependabot in ory/dockertest#539
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#554

New Contributors

• @​GuillaumeSmaha made their first contribution in ory/dockertest#520
• @​DGollings made their first contribution in ory/dockertest#488
• @​akoserwal made their first contribution in ory/dockertest#515
• @​atzoum made their first contribution in ory/dockertest#533

Full Changelog: ory/dockertest@v3.11.0...v3.12.0

Commits

• 8a76ff0 chore: update repository templates to ory/meta@bc60...
• 207b20a chore: update repository templates to ory/meta@83e7...
• fabf563 autogen: update license overview
• 4b1e539 chore: update repository templates to ory/meta@44ef...
• 46d1a7b chore: update repository templates to ory/meta@c091...
• 13e6e33 chore(deps): bump actions/stale from 4 to 9 (#554)
• 91b7d0b chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 (#539)
• 28c8c5b chore(deps): bump github.com/containerd/continuity from 0.4.3 to 0.4.5 (#545)
• eec3a4f feat: add support for BuildKit when building images (#416)
• f6e65ba chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#547)
• Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.21.0 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)

• [FEATURE] prometheus: Add new CollectorFunc utility #1724
• [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
• [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
• [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

• build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 by @​dependabot in prometheus/client_golang#1720
• build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 by @​dependabot in prometheus/client_golang#1719
• Update RELEASE.md by @​bwplotka in prometheus/client_golang#1721
• chore(docs): Add links for the upstream PRs by @​kakkoyun in prometheus/client_golang#1722
• Added tips on releasing client and checking with k8s. by @​bwplotka in prometheus/client_golang#1723
• feat: Add new CollectorFunc utility by @​Saumya40-codes in prometheus/client_golang#1724
• build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 by @​dependabot in prometheus/client_golang#1725
• build(deps): bump the github-actions group with 5 updates by @​dependabot in prometheus/client_golang#1726
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#1727
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#1731
• build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 by @​dependabot in prometheus/client_golang#1739
• build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by @​dependabot in prometheus/client_golang#1740
• Cleanup dependabot config by @​SuperQ in prometheus/client_golang#1741
• Upgrade Golang version v1.24 by @​dongjiang1989 in prometheus/client_golang#1738
• build(deps): bump the github-actions group with 2 updates by @​dependabot in prometheus/client_golang#1742
• Merging 1.21 release back to main. by @​bwplotka in prometheus/client_golang#1744
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#1745
• Add support for undocumented query options for API by @​mahendrapaipuri in prometheus/client_golang#1743
• exp/api: Add experimental exp module; Add remote API with write client and handler. by @​bwplotka in prometheus/client_golang#1658
• exp/api: Add accepted msg type validation to handler by @​saswatamcode in prometheus/client_golang#1750
• build(deps): bump the github-actions group with 5 updates by @​dependabot in prometheus/client_golang#1751
• build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 by @​dependabot in prometheus/client_golang#1752
• build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @​dependabot in prometheus/client_golang#1753
• exp: Reset snappy buf by @​saswatamcode in prometheus/client_golang#1756
• Merge release 1.21.1 to main. by @​bwplotka in prometheus/client_golang#1762
• exp: Add dependabot config by @​saswatamcode in prometheus/client_golang#1754
• build(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 in the github-actions group by @​dependabot in prometheus/client_golang#1764

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)

• [FEATURE] prometheus: Add new CollectorFunc utility #1724
• [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
• [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
• [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

1.21.1 / 2025-03-04

• [BUGFIX] prometheus: Revert of Inc, Add and Observe cumulative metric CAS optimizations (#1661), causing regressions on low contention cases.
• [BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.

Commits

• d50be25 Cut 1.22.0 (#1793)
• 1043db7 Cut 1.22.0-rc.0 (#1768)
• e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
• f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
• 9df772c build(deps): bump peter-evans/create-pull-request
• a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
• 60fd2b0 Remove go.work file for now
• 8f9d0de exp: Add dependabot config
• c5cf981 Merge pull request #1762 from prometheus/release-1.21
• 8a42da3 Fix ios build. (#1758)
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.15 to 1.9.3

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.9.3

What's Changed

• add proto hash algorithm to registry by @​loosebazooka in sigstore/sigstore#2048

New Contributors

• @​loosebazooka made their first contribution in sigstore/sigstore#2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

• Add tink package by @​cmurphy in sigstore/sigstore#2024
• pkg/signature: add P384/P521 compatibility algo to algorithm registry by @​ret2libc in sigstore/sigstore#2037

New Contributors

• @​cmurphy made their first contribution in sigstore/sigstore#2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

v1.9.1

What's Changed

• Implement default signing algorithms based on the key type by @​ret2libc in sigstore/sigstore#2014

Full Changelog: sigstore/sigstore@v1.9.0...v1.9.1

v1.9.0

What's Changed

• Update KMS policy for new plugin interface by @​haydentherapper in sigstore/sigstore#1987
• Update TUF root to latest v12 root by @​haydentherapper in sigstore/sigstore#1988
• build(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 by @​dependabot in sigstore/sigstore#1994
• upgrade go-jose to v4 by @​cpanato in sigstore/sigstore#2000
• pkg/signature: expose Algorithm Details information by @​ret2libc in sigstore/sigstore#2001

Full Changelog: sigstore/sigstore@v1.8.15...v1.9.0

Commits

• 1e63a21 add proto hash algorithm to registry (#2048)
• 404e5b5 Bump deps (#2047)
• 0a5d37c build(deps): Bump the gomod group across 1 directory with 2 updates (#2046)
• a14c5f0 build(deps): Bump actions/dependency-review-action in the all group (#2044)
• e842090 pkg/signature: add P384/P521 compatibility algo to algorithm registry (#2037)
• ac746e0 Update linter to v2 (#2041)
• 9e5a36c change how we copy keys (#2036)
• 8489e15 build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2028)
• d2fa167 build(deps): Bump the all group across 1 directory with 3 updates (#2032)
• 77973f8 build(deps): Bump golang.org/x/net in /pkg/signature/kms/azure (#2034)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.