chore: bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0 in /test/docker/presync-webhook-server by dependabot[bot] · Pull Request #2156 · GoogleContainerTools/config-sync

dependabot · 2026-05-08T23:10:08Z

Bumps github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0.

Release notes

Sourced from github.com/in-toto/in-toto-golang's releases.

v0.11.0

What's Changed

chore(deps): bump the all group with 2 updates by @dependabot[bot] in in-toto/in-toto-golang#453

chore(deps): bump the all group across 1 directory with 2 updates by @dependabot[bot] in in-toto/in-toto-golang#452

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 by @dependabot[bot] in in-toto/in-toto-golang#457

chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in in-toto/in-toto-golang#459

match: Replace ^ with ! for negation in character classes by @adityasaky in in-toto/in-toto-golang#462

Full Changelog: in-toto/in-toto-golang@v0.10.0...v0.11.0

v0.10.0

What's Changed

chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 by @dependabot[bot] in in-toto/in-toto-golang#232

Update maintainers and governance by @adityasaky in in-toto/in-toto-golang#233

chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot[bot] in in-toto/in-toto-golang#234

chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.3 to 2.1.5 by @dependabot[bot] in in-toto/in-toto-golang#235

chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot[bot] in in-toto/in-toto-golang#236

Fix expired signature in test by @adityasaky in in-toto/in-toto-golang#241

chore(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot[bot] in in-toto/in-toto-golang#240

chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.5 to 2.1.6 by @dependabot[bot] in in-toto/in-toto-golang#239

chore(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.0 by @dependabot[bot] in in-toto/in-toto-golang#242

chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.1 by @dependabot[bot] in in-toto/in-toto-golang#243

Update GitHub Actions workflows by @adityasaky in in-toto/in-toto-golang#246

chore(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0 by @dependabot[bot] in in-toto/in-toto-golang#245

remove linters that are no longer supported and add to make file by @pxp928 in in-toto/in-toto-golang#249

Add match products feature by @adityasaky in in-toto/in-toto-golang#237

Remove unfinished link on record stop by @PradyumnaKrishna in in-toto/in-toto-golang#248

chore(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2 by @dependabot[bot] in in-toto/in-toto-golang#250

chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.6.0 to 0.7.0 by @dependabot[bot] in in-toto/in-toto-golang#251

chore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 by @dependabot[bot] in in-toto/in-toto-golang#255

Add tests for coverage in envelope.go by @adityasaky in in-toto/in-toto-golang#256

chore(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0 by @dependabot[bot] in in-toto/in-toto-golang#257

chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot[bot] in in-toto/in-toto-golang#258

chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot[bot] in in-toto/in-toto-golang#259

Fixes filepath pattern matching in windows by @PradyumnaKrishna in in-toto/in-toto-golang#254

chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot[bot] in in-toto/in-toto-golang#261

chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot[bot] in in-toto/in-toto-golang#262

chore(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 by @dependabot[bot] in in-toto/in-toto-golang#263

chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.58.0 by @dependabot[bot] in in-toto/in-toto-golang#264

chore(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.1 by @dependabot[bot] in in-toto/in-toto-golang#266

Deprecate Provenance v1 struct in favor of /attestation protobufs by @marcelamelara in in-toto/in-toto-golang#267

chore(deps): bump google.golang.org/grpc from 1.58.1 to 1.58.2 by @dependabot[bot] in in-toto/in-toto-golang#269

chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot[bot] in in-toto/in-toto-golang#270

Drop use of any for hash objects by @adityasaky in in-toto/in-toto-golang#238

chore(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0 by @dependabot[bot] in in-toto/in-toto-golang#271

chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot[bot] in in-toto/in-toto-golang#273

chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 by @dependabot[bot] in in-toto/in-toto-golang#272

chore(deps): bump golang.org/x/net from 0.12.0 to 0.17.0 by @dependabot[bot] in in-toto/in-toto-golang#274

chore(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 by @dependabot[bot] in in-toto/in-toto-golang#275

... (truncated)

Commits

36d782f Merge pull request #462 from in-toto/fix-negation-character
4a09e3b match: Replace ^ with ! for negation in character classes
c3302e8 Merge pull request #459 from in-toto/dependabot/go_modules/github.com/go-jose...
016e87e chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
5b9df76 Merge pull request #457 from in-toto/dependabot/go_modules/google.golang.org/...
595b3fe chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3
e396d24 Merge pull request #452 from in-toto/dependabot/github_actions/all-502588e1ca
142b779 Merge pull request #453 from in-toto/dependabot/go_modules/all-d8ef5820aa
f741bcc chore(deps): bump the all group with 2 updates
c374dc9 chore(deps): bump the all group across 1 directory with 2 updates
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/in-toto/in-toto-golang](https://github.com/in-toto/in-toto-golang) from 0.9.0 to 0.11.0. - [Release notes](https://github.com/in-toto/in-toto-golang/releases) - [Changelog](https://github.com/in-toto/in-toto-golang/blob/master/CHANGELOG.md) - [Commits](in-toto/in-toto-golang@v0.9.0...v0.11.0) --- updated-dependencies: - dependency-name: github.com/in-toto/in-toto-golang dependency-version: 0.11.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

google-oss-prow · 2026-05-08T23:10:19Z

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a GoogleContainerTools member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Camila-B · 2026-05-12T16:16:23Z

/ok-to-test

Camila-B · 2026-05-12T22:58:43Z

/retest

cowsking · 2026-05-19T22:49:56Z

/test kpt-config-sync-presubmit

cowsking

/lgtm

google-oss-prow · 2026-05-20T04:59:45Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cowsking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [cowsking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

* chore: bump golang.org/x/mod from 0.34.0 to 0.35.0 (#2128) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.34.0 to 0.35.0. - [Commits](golang/mod@v0.34.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump cloud.google.com/go/logging from 1.13.2 to 1.15.0 (#2129) Bumps [cloud.google.com/go/logging](https://github.com/googleapis/google-cloud-go) from 1.13.2 to 1.15.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@redis/v1.13.2...kms/v1.15.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/logging dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Revert "chore: bump cloud.google.com/go/logging from 1.13.2 to 1.15.0 (#2129)" (#2130) This reverts commit 339c5cf. * chore: bump cloud.google.com/go/auth from 0.19.0 to 0.20.0 (#2120) Bumps [cloud.google.com/go/auth](https://github.com/googleapis/google-cloud-go) from 0.19.0 to 0.20.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/auth dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump google.golang.org/api from 0.274.0 to 0.275.0 (#2132) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.274.0 to 0.275.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.274.0...v0.275.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.275.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump cloud.google.com/go/trace from 1.12.0 to 1.13.0 (#2131) Bumps [cloud.google.com/go/trace](https://github.com/googleapis/google-cloud-go) from 1.12.0 to 1.13.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@kms/v1.12.0...dlp/v1.13.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/trace dependency-version: 1.13.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump github.com/sigstore/timestamp-authority/v2 (#2134) Bumps [github.com/sigstore/timestamp-authority/v2](https://github.com/sigstore/timestamp-authority) from 2.0.3 to 2.0.6. - [Release notes](https://github.com/sigstore/timestamp-authority/releases) - [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md) - [Commits](sigstore/timestamp-authority@v2.0.3...v2.0.6) --- updated-dependencies: - dependency-name: github.com/sigstore/timestamp-authority/v2 dependency-version: 2.0.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump cloud.google.com/go/monitoring from 1.24.3 to 1.26.0 (#2127) Bumps [cloud.google.com/go/monitoring](https://github.com/googleapis/google-cloud-go) from 1.24.3 to 1.26.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@monitoring/v1.24.3...kms/v1.26.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/monitoring dependency-version: 1.26.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump github.com/google/go-containerregistry from 0.21.3 to 0.21.5 (#2133) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.21.3 to 0.21.5. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.21.3...v0.21.5) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump Helm to v3.20.2-gke.1 (#2138) * chore: bump Helm to v3.20.2-gke.2 (#2139) Fixes CVE-2026-33186 * chore: bump the k8s-io group across 1 directory with 10 updates (#2135) Bumps the k8s-io group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [k8s.io/api](https://github.com/kubernetes/api) | `0.35.3` | `0.35.4` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.35.3` | `0.35.4` | | [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.35.3` | `0.35.4` | | [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) | `0.35.3` | `0.35.4` | | [k8s.io/kubectl](https://github.com/kubernetes/kubectl) | `0.35.3` | `0.35.4` | | [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) | `1.35.3` | `1.35.4` | Updates `k8s.io/api` from 0.35.3 to 0.35.4 - [Commits](kubernetes/api@v0.35.3...v0.35.4) Updates `k8s.io/apiextensions-apiserver` from 0.35.3 to 0.35.4 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.35.3...v0.35.4) Updates `k8s.io/apimachinery` from 0.35.3 to 0.35.4 - [Commits](kubernetes/apimachinery@v0.35.3...v0.35.4) Updates `k8s.io/apiserver` from 0.35.3 to 0.35.4 - [Commits](kubernetes/apiserver@v0.35.3...v0.35.4) Updates `k8s.io/cli-runtime` from 0.35.3 to 0.35.4 - [Commits](kubernetes/cli-runtime@v0.35.3...v0.35.4) Updates `k8s.io/client-go` from 0.35.3 to 0.35.4 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.3...v0.35.4) Updates `k8s.io/code-generator` from 0.35.3 to 0.35.4 - [Commits](kubernetes/code-generator@v0.35.3...v0.35.4) Updates `k8s.io/kube-aggregator` from 0.35.3 to 0.35.4 - [Commits](kubernetes/kube-aggregator@v0.35.3...v0.35.4) Updates `k8s.io/kubectl` from 0.35.3 to 0.35.4 - [Commits](kubernetes/kubectl@v0.35.3...v0.35.4) Updates `k8s.io/kubernetes` from 1.35.3 to 1.35.4 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](kubernetes/kubernetes@v1.35.3...v1.35.4) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apimachinery dependency-version: 0.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apiserver dependency-version: 0.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/cli-runtime dependency-version: 0.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/client-go dependency-version: 0.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/code-generator dependency-version: 0.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/kube-aggregator dependency-version: 0.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/kubectl dependency-version: 0.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/kubernetes dependency-version: 1.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump otelcontribcol to v0.150.0-gke.2 (#2142) Fixes CVEs * chore: bump cloud.google.com/go/logging from 1.13.2 to 1.16.0 (#2136) Bumps [cloud.google.com/go/logging](https://github.com/googleapis/google-cloud-go) from 1.13.2 to 1.16.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@redis/v1.13.2...kms/v1.16.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/logging dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump sigs.k8s.io/structured-merge-diff/v6 from 6.3.2 to 6.4.0 (#2137) Bumps [sigs.k8s.io/structured-merge-diff/v6](https://github.com/kubernetes-sigs/structured-merge-diff) from 6.3.2 to 6.4.0. - [Release notes](https://github.com/kubernetes-sigs/structured-merge-diff/releases) - [Changelog](https://github.com/kubernetes-sigs/structured-merge-diff/blob/master/RELEASE.md) - [Commits](kubernetes-sigs/structured-merge-diff@v6.3.2...v6.4.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/structured-merge-diff/v6 dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump go.uber.org/zap from 1.27.1 to 1.28.0 (#2143) Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.27.1 to 1.28.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.27.1...v1.28.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0 (#2144) Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](Masterminds/semver@v3.4.0...v3.5.0) --- updated-dependencies: - dependency-name: github.com/Masterminds/semver/v3 dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump google.golang.org/api from 0.276.0 to 0.277.0 (#2146) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.276.0 to 0.277.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.276.0...v0.277.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.277.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump cloud.google.com/go/logging from 1.16.0 to 1.17.0 (#2147) Bumps [cloud.google.com/go/logging](https://github.com/googleapis/google-cloud-go) from 1.16.0 to 1.17.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@dlp/v1.16.0...kms/v1.17.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/logging dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump cloud.google.com/go/trace from 1.14.0 to 1.15.0 (#2148) Bumps [cloud.google.com/go/trace](https://github.com/googleapis/google-cloud-go) from 1.14.0 to 1.15.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@iap/v1.14.0...kms/v1.15.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/trace dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump cloud.google.com/go/monitoring from 1.27.0 to 1.28.0 (#2149) Bumps [cloud.google.com/go/monitoring](https://github.com/googleapis/google-cloud-go) from 1.27.0 to 1.28.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@dlp/v1.27.0...kms/v1.28.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/monitoring dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump otelcontribcol to v0.150.0-gke.5 (#2151) * chore: bump Golang to 1.25.10 (#2155) * chore: bump google.golang.org/api from 0.277.0 to 0.278.0 (#2150) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.277.0 to 0.278.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.277.0...v0.278.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.278.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump cloud.google.com/go/logging from 1.17.0 to 1.18.0 (#2153) Bumps [cloud.google.com/go/logging](https://github.com/googleapis/google-cloud-go) from 1.17.0 to 1.18.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@dlp/v1.17.0...kms/v1.18.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/logging dependency-version: 1.18.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump Helm and Kustomize (#2157) * Upgrades Helm to v3.20.2-gke.3 * Upgrades Kustomize to v5.4.2-gke.7 * chore: bump git-sync (#2158) Upgrades git-sync to v4.4.2-gke.20 * chore: bump cloud.google.com/go/trace from 1.15.0 to 1.16.0 (#2152) Bumps [cloud.google.com/go/trace](https://github.com/googleapis/google-cloud-go) from 1.15.0 to 1.16.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@kms/v1.15.0...kms/v1.16.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/trace dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump golang.org/x/mod from 0.35.0 to 0.36.0 (#2154) Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.35.0 to 0.36.0. - [Commits](golang/mod@v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump the k8s-io group across 1 directory with 10 updates (#2160) Bumps the k8s-io group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [k8s.io/api](https://github.com/kubernetes/api) | `0.35.4` | `0.35.5` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.35.4` | `0.35.5` | | [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.35.4` | `0.35.5` | | [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) | `0.35.4` | `0.35.5` | | [k8s.io/kubectl](https://github.com/kubernetes/kubectl) | `0.35.4` | `0.35.5` | | [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) | `1.35.4` | `1.35.5` | Updates `k8s.io/api` from 0.35.4 to 0.35.5 - [Commits](kubernetes/api@v0.35.4...v0.35.5) Updates `k8s.io/apiextensions-apiserver` from 0.35.4 to 0.35.5 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.35.4...v0.35.5) Updates `k8s.io/apimachinery` from 0.35.4 to 0.35.5 - [Commits](kubernetes/apimachinery@v0.35.4...v0.35.5) Updates `k8s.io/apiserver` from 0.35.4 to 0.35.5 - [Commits](kubernetes/apiserver@v0.35.4...v0.35.5) Updates `k8s.io/cli-runtime` from 0.35.4 to 0.35.5 - [Commits](kubernetes/cli-runtime@v0.35.4...v0.35.5) Updates `k8s.io/client-go` from 0.35.4 to 0.35.5 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.4...v0.35.5) Updates `k8s.io/code-generator` from 0.35.4 to 0.35.5 - [Commits](kubernetes/code-generator@v0.35.4...v0.35.5) Updates `k8s.io/kube-aggregator` from 0.35.4 to 0.35.5 - [Commits](kubernetes/kube-aggregator@v0.35.4...v0.35.5) Updates `k8s.io/kubectl` from 0.35.4 to 0.35.5 - [Commits](kubernetes/kubectl@v0.35.4...v0.35.5) Updates `k8s.io/kubernetes` from 1.35.4 to 1.35.5 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](kubernetes/kubernetes@v1.35.4...v1.35.5) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apimachinery dependency-version: 0.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apiserver dependency-version: 0.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/cli-runtime dependency-version: 0.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/client-go dependency-version: 0.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/code-generator dependency-version: 0.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/kube-aggregator dependency-version: 0.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/kubectl dependency-version: 0.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/kubernetes dependency-version: 1.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump cloud.google.com/go/monitoring from 1.28.0 to 1.29.0 (#2159) Bumps [cloud.google.com/go/monitoring](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.29.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@dlp/v1.28.0...kms/v1.29.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/monitoring dependency-version: 1.29.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump git-sync (#2163) * chore: bump google.golang.org/api from 0.278.0 to 0.279.0 (#2161) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.278.0 to 0.279.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.278.0...v0.279.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.279.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: update Debian base image version to bookworm-v1.0.7-gke.3 (#2165) * chore: bump git-sync to v4.4.2-gke.22 (#2166) * chore: bump github.com/in-toto/in-toto-golang (#2156) Bumps [github.com/in-toto/in-toto-golang](https://github.com/in-toto/in-toto-golang) from 0.9.0 to 0.11.0. - [Release notes](https://github.com/in-toto/in-toto-golang/releases) - [Changelog](https://github.com/in-toto/in-toto-golang/blob/master/CHANGELOG.md) - [Commits](in-toto/in-toto-golang@v0.9.0...v0.11.0) --- updated-dependencies: - dependency-name: github.com/in-toto/in-toto-golang dependency-version: 0.11.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump github.com/google/go-containerregistry from 0.21.5 to 0.21.6 (#2164) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.21.5 to 0.21.6. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.21.5...v0.21.6) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Camila Bustos <camilabustos@google.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 8, 2026

google-oss-prow Bot requested review from cowsking and janetkuo May 8, 2026 23:10

google-oss-prow Bot added the needs-ok-to-test label May 8, 2026

google-oss-prow Bot added the size/XS label May 8, 2026

google-oss-prow Bot added ok-to-test and removed needs-ok-to-test labels May 12, 2026

cowsking approved these changes May 20, 2026

View reviewed changes

google-oss-prow Bot assigned cowsking May 20, 2026

google-oss-prow Bot added the lgtm label May 20, 2026

google-oss-prow Bot added the approved label May 20, 2026

google-oss-prow Bot merged commit db77aef into main May 20, 2026
8 checks passed

dependabot Bot deleted the dependabot/go_modules/test/docker/presync-webhook-server/github.com/in-toto/in-toto-golang-0.11.0 branch May 20, 2026 05:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0 in /test/docker/presync-webhook-server#2156

chore: bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0 in /test/docker/presync-webhook-server#2156
google-oss-prow[bot] merged 1 commit into
mainfrom
dependabot/go_modules/test/docker/presync-webhook-server/github.com/in-toto/in-toto-golang-0.11.0

dependabot Bot commented on behalf of github May 8, 2026

Uh oh!

google-oss-prow Bot commented May 8, 2026

Uh oh!

Camila-B commented May 12, 2026

Uh oh!

Camila-B commented May 12, 2026

Uh oh!

cowsking commented May 19, 2026

Uh oh!

cowsking left a comment

Uh oh!

google-oss-prow Bot commented May 20, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github May 8, 2026

v0.11.0

What's Changed

v0.10.0

What's Changed

Uh oh!

google-oss-prow Bot commented May 8, 2026

Uh oh!

Camila-B commented May 12, 2026

Uh oh!

Camila-B commented May 12, 2026

Uh oh!

cowsking commented May 19, 2026

Uh oh!

cowsking left a comment

Choose a reason for hiding this comment

Uh oh!

google-oss-prow Bot commented May 20, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants