Skip to content

build(deps): bump github.com/sigstore/rekor from 1.5.0 to 1.5.2 in /prober/hack#798

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/prober/hack/github.com/sigstore/rekor-1.5.2
Open

build(deps): bump github.com/sigstore/rekor from 1.5.0 to 1.5.2 in /prober/hack#798
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/prober/hack/github.com/sigstore/rekor-1.5.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/sigstore/rekor from 1.5.0 to 1.5.2.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.2

Changelog

  • 759b98e2a7c39ea9779b6a51299c5f0f987f8802 alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee26edd8631dd417166907093a9f13b85e5 Support restricting kinds on insertion (#2814)
  • a10818a8778dcb58eb582d00ffda4b2c86bf190b fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#2812)
  • 8a2f3a2dd023b81ad8b63e2f365676ec438dc9fa add checks to ensure returned entries match client inputs to rekor-cli (#2799)
  • 0e88bac01d1173b8b2cbc8ed790106441573bbdb add nil pointer check to resolve fuzzing crash (#2807)
  • 93da954478a2ffb1821d4904a80d9a5cbe268324 client: surface last-response details after retries are exhausted (#2796)
  • 4d67ecd8ec810bc6af9761ad10ebd2ac899cfdbd Fix internal error detail leakage in 500 responses (#2801)
  • b34ca94fc01405cb50acb956cc181d57382a6b2d add defensive check to ensure tid is in config ahead of getting client (#2795)
  • 656c832ab90feef91f5dcc751ae1cb851c73f4bd restapi: include inactiveShards in the homepage total count (#2797)

Thanks for all contributors!

v1.5.1

Changelog

  • 2d46808ce98c3dd26158364ae28f4c49921c9b0d optimize memory for DSSE v0.0.1 processing (#2766)
  • 6de110d1deb7fa2d9145584fd9446608ce1a777c return correct errors in rare failure situations (#2753)
  • 7ff7c692f51d6060c6eebba0480536f5ba28abb5 raise error if decoding hash fails during inclusion proof (#2754)

Thanks for all contributors!

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.5.2

Features

  • Support restricting kinds on insertion (#2814)

Bug Fixes

  • alpine: Enforce max size limit on decompression (#2831)
  • fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#2812)
  • Fix internal error detail leakage in 500 responses (#2801)
  • add checks to ensure returned entries match client inputs to rekor-cli (#2799)
  • add defensive check to ensure tid is in config ahead of getting client (#2795)
  • add nil pointer check to resolve fuzzing crash (#2807)

Improvements

  • restapi: include inactiveShards in the homepage total count (#2797)
  • client: surface last-response details after retries are exhausted (#2796)

v1.5.1

Features

  • optimize memory for DSSE v0.0.1 processing (#2766)

Bug Fixes

  • Type assert the entry bundle when verifying inclusion proof (#2755)
  • return correct errors in rare failure situations (#2753)
  • raise error if decoding hash fails during inclusion proof (#2754)
Commits
  • 3b75cd9 build(deps): Bump the all group across 1 directory with 7 updates (#2829)
  • 759b98e alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee Support restricting kinds on insertion (#2814)
  • a10818a fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#...
  • c31f3fc build(deps): Bump cloud.google.com/go/profiler from 0.4.3 to 0.6.0
  • f2a9fb0 build(deps): Bump go.uber.org/zap from 1.27.1 to 1.28.0
  • e3ba248 build(deps): Bump golang in the all group across 1 directory
  • 62e5ddd build(deps): Bump github.com/go-openapi/swag from 0.25.5 to 0.26.0
  • f4f91d5 build(deps): Bump github.com/tink-crypto/tink-go-awskms/v2 to v3 (#2827)
  • 9bc540f build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2820)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2026
@dependabot dependabot Bot requested review from a team as code owners July 1, 2026 18:51
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2026
@bobcallaway

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.0...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/prober/hack/github.com/sigstore/rekor-1.5.2 branch from 9e61cff to 2d9cf8a Compare July 9, 2026 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant