Bump the all-deps group across 1 directory with 13 updates by dependabot[bot] · Pull Request #1375 · google/trillian-examples

dependabot · 2026-04-01T05:01:46Z

Bumps the all-deps group with 7 updates in the / directory:

Package	From	To
github.com/apache/beam/sdks/v2	`2.68.0`	`2.72.0`
github.com/google/certificate-transparency-go	`1.3.2`	`1.3.3`
github.com/google/trillian	`1.7.2`	`1.7.3`
github.com/mattn/go-sqlite3	`1.14.32`	`1.14.38`
github.com/transparency-dev/formats	`0.0.0-20250723101439-be3b1008ec3a`	`0.1.0`
github.com/u-root/u-root	`0.15.0`	`0.16.0`
github.com/usbarmory/tamago	`1.25.1`	`1.26.1`

Updates github.com/apache/beam/sdks/v2 from 2.68.0 to 2.72.0

Release notes

Sourced from github.com/apache/beam/sdks/v2's releases.

Beam 2.72.0 release

We are happy to present the new 2.72.0 release of Beam. This release includes both improvements and new functionality. See the download page for this release.

For more information on changes in 2.72.0, check out the detailed release notes.

Highlights

Flink 2.0 support (#36947).

I/Os

Add Datadog IO support (Java) (#37318).

Remove Pubsublite IO support, since service will be deprecated in March 2026. (#37375).

(Java) ClickHouse - migrating from the legacy JDBC driver (v0.6.3) to ClickHouse Java Client v2 (v0.9.6). See the class documentation for migration guide (#37610).

(Java) Upgraded GoogleAdsIO to use GoogleAdsIO API v23 (#37620).

New Features / Improvements

(Python) Added exception chaining to preserve error context in CloudSQLEnrichmentHandler, processes utilities, and core transforms (#37422).

(Python) Added a pipeline option --experiments=pip_no_build_isolation to disable build isolation when installing dependencies in the runtime environment (#37331).

Deprecations

(Python) Removed previously deprecated list_prefix method for filesystem interfaces (#37587).

Bugfixes

Fixed (Yaml) issue with validate compatible method (#37588).

Fixed (Yaml) issue with Create transform dealing with different type elements (#37585).

Security Fixes

Fixed CVE-2024-28397 by switching from js2py to pythonmonkey (Yaml) (#37560).

List of Contributors

According to git shortlog, the following people contributed to the 2.72.0 release. Thank you to all contributors!

Abdelrahman Ibrahim, Ahmed Abualsaud, Andrew Crites, Arun Pandian, Ben Feinstein, Bentsi Leviav, Celeste Zeng, Danny McCormick, Danny Mccormick, Derrick Williams, Elia LIU, Ganesh, Jack McCluskey, Kenneth Knowles, Labesse Kévin, M Junaid Shaukat, Mansi Singh, Mattie Fu, Nayan Mathur, Pablo Estrada, Pirzada Ahmad Faraz, Radek Stankiewicz, Radosław Stankiewicz, Robert Bradshaw, Rohan Sah, RuiLong J., Sakthivel Subramanian, Sam Whittle, Shaheer Amjad, Shunping Huang, Steven van Rossum, Tarun Annapareddy, Tobias Kaymak, Valentyn Tymofieiev, Vitaly Terentyev, Yi Hu, XQ Hu, ZIHAN DAI, apanich, chenxuesdu, claudevdm, franzonia137

Beam 2.71.0 release

We are happy to present the new 2.71.0 release of Beam. This release includes both improvements and new functionality.

... (truncated)

Changelog

Sourced from github.com/apache/beam/sdks/v2's changelog.

[2.72.0] - 2026-03-30

Highlights

Flink 2.0 support (#36947).

I/Os

Add Datadog IO support (Java) (#37318).

Remove Pubsublite IO support, since service will be deprecated in March 2026. (#37375).

(Java) ClickHouse - migrating from the legacy JDBC driver (v0.6.3) to ClickHouse Java Client v2 (v0.9.6). See the class documentation for migration guide (#37610).

(Java) Upgraded GoogleAdsIO to use GoogleAdsIO API v23 (#37620).

(Java) Added support for withMinRowCountForPageSizeCheck to ParquetIO.Sink to avoid OOM when writing large columns (#37740).

New Features / Improvements

(Python) Added exception chaining to preserve error context in CloudSQLEnrichmentHandler, processes utilities, and core transforms (#37422).

(Python) Added a pipeline option --experiments=pip_no_build_isolation to disable build isolation when installing dependencies in the runtime environment (#37331).

(Python) Added support for tagged output typehints (#37434).

Deprecations

(Python) Removed previously deprecated list_prefix method for filesystem interfaces (#37587).

Bugfixes

Fixed (Yaml) issue with validate compatible method (#37588).

Fixed (Yaml) issue with Create transform dealing with different type elements (#37585).

Security Fixes

Fixed CVE-2024-28397 by switching from js2py to pythonmonkey (Yaml) (#37560).

[2.71.0] - 2026-01-22

I/Os

(Java) Elasticsearch 9 Support (#36491).

(Java) Upgraded HCatalogIO to Hive 4.0.1 (#32189).

New Features / Improvements

Support configuring Firestore database on ReadFn transforms (Java) (#36904).

(Python) Inference args are now allowed in most model handlers, except where they are explicitly/intentionally disallowed (#37093).

(Python) Add support for EnvoyRateLimiter, to allow rate limiting in DoFns (#37135).

(Python) Add support for RateLimiting in Remote Model Handler (#37218).

Bugfixes

Fixed FirestoreV1 Beam connectors allow configuring inconsistent project/database IDs between RPC requests and routing headers #36895 (Java) (#36895).

... (truncated)

Commits

e6351df Set version for 2.72.0 RC5
19a220d Merge pull request #37935 from apache/cp-37927
d66713f Merge pull request #37934 from apache/cp-37924
cf88d3f Cherrypick #37927
a2536ab Cherrypick #37924
2073109 Merge pull request #37921 from apache/cp-37920
bc39f36 Cherrypick #37920
9943971 Merge pull request #37919 from Abacn/cp-37918
9fc8a13 Sync clickhouse resource manager client version with IO
1c24558 Cherrypick #37871 (#37895)
Additional commits viewable in compare view

Updates github.com/google/certificate-transparency-go from 1.3.2 to 1.3.3

Release notes

Sourced from github.com/google/certificate-transparency-go's releases.

v1.3.3

What's Changed

CTFE

set explicit http server timeouts by @1seal in google/certificate-transparency-go#1755

Regenerate protos by @phbnf in google/certificate-transparency-go#1743

Update instructions to generate protos by @phbnf in google/certificate-transparency-go#1742

ctfe: Enforce max request and header size limits by @fghanmi in google/certificate-transparency-go#1720

[CTFE] Add a /log.v3.json endpoint to help satisfy a requirement of the Chrome CT Log Policy by @robstradling in google/certificate-transparency-go#1703

Tools

Log list library

Support tiled logs in the loglist3 logfilter functions by @robstradling in google/certificate-transparency-go#1762

Add FindTiledLog* functions by @robstradling in google/certificate-transparency-go#1763

Submission proxy

Cap request body size in submission proxy by @1seal in google/certificate-transparency-go#1754

add some additional log messages around CT log compatibility by @breadyzhang in google/certificate-transparency-go#1734

Other

jsonclient: don't depend on error text from other packages in tests by @neild in google/certificate-transparency-go#1741

Parse klog flags in preloader. by @phbnf in google/certificate-transparency-go#1711

Fix incorrect leaf hash calculation for precertificates in upload command by @Barre in google/certificate-transparency-go#1710

Misc

Remove internal witness by @roger2hk in google/certificate-transparency-go#1765

Update transparency-dev slack invite link by @taknira in google/certificate-transparency-go#1718

Dependency updates

Bump golangci-lint version to v2.10.1 by @roger2hk in google/certificate-transparency-go#1769

Bump the docker-deps group across 2 directories with 2 updates by @dependabot[bot] in google/certificate-transparency-go#1766

Bump github/codeql-action from 4.32.0 to 4.32.4 in the all-deps group by @dependabot[bot] in google/certificate-transparency-go#1767

Bump the all-deps group with 7 updates by @dependabot[bot] in google/certificate-transparency-go#1768

Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 by @dependabot[bot] in google/certificate-transparency-go#1764

Bump golang.org/x/crypto from 0.46.0 to 0.47.0 in the all-deps group by @dependabot[bot] in google/certificate-transparency-go#1756

Bump the all-deps group with 3 updates by @dependabot[bot] in google/certificate-transparency-go#1757

Bump the docker-deps group across 5 directories with 3 updates by @dependabot[bot] in google/certificate-transparency-go#1758

Bumped linter and fixed a potential race condition by @mhutchinson in google/certificate-transparency-go#1753

Bump the all-deps group with 9 updates by @dependabot[bot] in google/certificate-transparency-go#1749

Bump the all-deps group across 1 directory with 5 updates by @dependabot[bot] in google/certificate-transparency-go#1748

Bump the docker-deps group across 5 directories with 3 updates by @dependabot[bot] in google/certificate-transparency-go#1750

Bump the all-deps group with 4 updates by @dependabot[bot] in google/certificate-transparency-go#1745

Bump the docker-deps group across 4 directories with 1 update by @dependabot[bot] in google/certificate-transparency-go#1744

Bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in google/certificate-transparency-go#1740

Bump the all-deps group with 2 updates by @dependabot[bot] in google/certificate-transparency-go#1735

Bump the docker-deps group across 5 directories with 3 updates by @dependabot[bot] in google/certificate-transparency-go#1737

Bump the all-deps group with 4 updates by @dependabot[bot] in google/certificate-transparency-go#1736

Bump the docker-deps group across 4 directories with 2 updates by @dependabot[bot] in google/certificate-transparency-go#1732

Bump Go from 1.23 to 1.24 by @roger2hk in google/certificate-transparency-go#1733

Bump the all-deps group with 10 updates by @dependabot[bot] in google/certificate-transparency-go#1731

Bump the all-deps group with 3 updates by @dependabot[bot] in google/certificate-transparency-go#1730

Bump the all-deps group with 2 updates by @dependabot[bot] in google/certificate-transparency-go#1726

... (truncated)

Changelog

Sourced from github.com/google/certificate-transparency-go's changelog.

v1.3.3

CTFE

set explicit http server timeouts by @1seal in google/certificate-transparency-go#1755

Regenerate protos by @phbnf in google/certificate-transparency-go#1743

Update instructions to generate protos by @phbnf in google/certificate-transparency-go#1742

ctfe: Enforce max request and header size limits by @fghanmi in google/certificate-transparency-go#1720

[CTFE] Add a /log.v3.json endpoint to help satisfy a requirement of the Chrome CT Log Policy by @robstradling in google/certificate-transparency-go#1703

Tools

Log list library

Support tiled logs in the loglist3 logfilter functions by @robstradling in google/certificate-transparency-go#1762

Add FindTiledLog* functions by @robstradling in google/certificate-transparency-go#1763

Submission proxy

Cap request body size in submission proxy by @1seal in google/certificate-transparency-go#1754

add some additional log messages around CT log compatibility by @breadyzhang in google/certificate-transparency-go#1734

Other

jsonclient: don't depend on error text from other packages in tests by @neild in google/certificate-transparency-go#1741

Parse klog flags in preloader. by @phbnf in google/certificate-transparency-go#1711

Fix incorrect leaf hash calculation for precertificates in upload command by @Barre in google/certificate-transparency-go#1710

Misc

Remove internal witness by @roger2hk in google/certificate-transparency-go#1765

Update transparency-dev slack invite link by @taknira in google/certificate-transparency-go#1718

Dependency updates

Bump golangci-lint version to v2.10.1 by @roger2hk in google/certificate-transparency-go#1769

Bump the all-deps group with 7 updates by @dependabot[bot] in google/certificate-transparency-go#1768

Bump github/codeql-action from 4.32.0 to 4.32.4 in the all-deps group by @dependabot[bot] in google/certificate-transparency-go#1767

Bump the docker-deps group across 2 directories with 2 updates by @dependabot[bot] in google/certificate-transparency-go#1766

Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 by @dependabot[bot] in google/certificate-transparency-go#1764

Bump the docker-deps group across 5 directories with 3 updates by @dependabot[bot] in google/certificate-transparency-go#1758

Bump the all-deps group with 3 updates by @dependabot[bot] in google/certificate-transparency-go#1757

Bump golang.org/x/crypto from 0.46.0 to 0.47.0 in the all-deps group by @dependabot[bot] in google/certificate-transparency-go#1756

Bumped linter and fixed a potential race condition by @mhutchinson in google/certificate-transparency-go#1753

Bump the docker-deps group across 5 directories with 3 updates by @dependabot[bot] in google/certificate-transparency-go#1750

Bump the all-deps group with 9 updates by @dependabot[bot] in google/certificate-transparency-go#1749

Bump the all-deps group across 1 directory with 5 updates by @dependabot[bot] in google/certificate-transparency-go#1748

Bump the all-deps group with 4 updates by @dependabot[bot] in google/certificate-transparency-go#1745

Bump the docker-deps group across 4 directories with 1 update by @dependabot[bot] in google/certificate-transparency-go#1744

Bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in google/certificate-transparency-go#1740

Bump the docker-deps group across 5 directories with 3 updates by @dependabot[bot] in google/certificate-transparency-go#1737

... (truncated)

Commits

e8f9317 Support tiled logs in the loglist3 logfilter functions (#1762)
f571c2e Cap request body size in submission proxy (#1754)
b0a55e9 Bump golangci-lint version to v2.10.1 (#1769)
f8d8cda Bump the docker-deps group across 2 directories with 2 updates (#1766)
e030cb1 Bump github/codeql-action from 4.32.0 to 4.32.4 in the all-deps group (#1767)
537ff1f Bump the all-deps group with 7 updates (#1768)
8c5792c Remove internal witness (#1765)
a599ccc Add FindTiledLog* functions (#1763)
3782b4d Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#1764)
a6d1ef5 Bump golang.org/x/crypto from 0.46.0 to 0.47.0 in the all-deps group (#1756)
Additional commits viewable in compare view

Updates github.com/google/trillian from 1.7.2 to 1.7.3

Release notes

Sourced from github.com/google/trillian's releases.

v1.7.3

What's Changed

Recommended go version for development: 1.25

This is the version used by the cloudbuild presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.

Storage

PostgreSQL quota manager: Use SELECT(*) instead of ANALYZE up to 10,000 rows instead of 1,000 by @robstradling in google/trillian#3813

Add TLS support for PostgreSQL by @fghanmi in google/trillian#3831

--postgresql_tls_ca: users can provide a CA certificate, that is used to establish a secure communication with PostgreSQL server.

--postgresql_verify_full: users can enable full TLS verification for PostgreSQL (sslmode=verify-full). If false, only sslmode=verify-ca is used.

CloudSpanner: Many storage-specific options are deprecated and have likely been ineffective for some time in google/trillian#3860

Election system

Ensure leader resignation on shutdown by @osmman in google/trillian#3790

Documentation

[Claimant Model] New intro by @mhutchinson in google/trillian#3804

Refresh README by @roger2hk in google/trillian#3865

Misc

add optional gRPC max message size limit to trillian logserver and logsigner by @fghanmi in google/trillian#3801

Updated slack invite link by @mhutchinson in google/trillian#3791

Update transparency-dev slack invite link by @taknira in google/trillian#3796

Delete k8s CI steps by @mhutchinson in google/trillian#3838

Deleted gcb2slack by @mhutchinson in google/trillian#3849

Dependency update

Bump @google-cloud/functions-framework from 3.5.1 to 4.0.0 in /scripts/gcb2slack by @dependabot[bot] in google/trillian#3780

Bump the docker-deps group across 5 directories with 3 updates by @dependabot[bot] in google/trillian#3781

Bump github/codeql-action from 3.28.15 to 3.28.16 in the github-actions-deps group by @dependabot[bot] in google/trillian#3782

Bump the docker-deps group across 7 directories with 6 updates by @dependabot[bot] in google/trillian#3787

update golangci-lint to v2.1.6 by @phbnf in google/trillian#3788

Bump the github-actions-deps group with 4 updates by @dependabot[bot] in google/trillian#3786

Bump the docker-deps group across 6 directories with 5 updates by @dependabot[bot] in google/trillian#3792

Bump github/codeql-action from 3.28.18 to 3.29.2 in the github-actions-deps group by @dependabot[bot] in google/trillian#3795

Bump google-auth-library from 9.15.1 to 10.1.0 in /scripts/gcb2slack by @dependabot[bot] in google/trillian#3793

Bump form-data from 4.0.2 to 4.0.4 in /scripts/gcb2slack in the npm_and_yarn group by @dependabot[bot] in google/trillian#3797

Bump the docker-deps group across 7 directories with 6 updates by @dependabot[bot] in google/trillian#3800

Bump google-auth-library from 10.1.0 to 10.2.0 in /scripts/gcb2slack by @dependabot[bot] in google/trillian#3799

Bump github/codeql-action from 3.29.2 to 3.29.5 in the github-actions-deps group by @dependabot[bot] in google/trillian#3798

Bump the go-deps group across 1 directory with 24 updates by @dependabot[bot] in google/trillian#3794

Bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in the go_modules group by @dependabot[bot] in google/trillian#3802

Bump google-auth-library from 10.2.0 to 10.3.0 in /scripts/gcb2slack by @dependabot[bot] in google/trillian#3808

... (truncated)

Changelog

Sourced from github.com/google/trillian's changelog.

v1.7.3

Recommended go version for development: 1.25

This is the version used by the cloudbuild presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.

Storage

PostgreSQL quota manager: Use SELECT(*) instead of ANALYZE up to 10,000 rows instead of 1,000 by @robstradling in google/trillian#3813

Add TLS support for PostgreSQL by @fghanmi in google/trillian#3831

--postgresql_tls_ca: users can provide a CA certificate, that is used to establish a secure communication with PostgreSQL server.

--postgresql_verify_full: users can enable full TLS verification for PostgreSQL (sslmode=verify-full). If false, only sslmode=verify-ca is used.

CloudSpanner: Many storage-specific options are deprecated and have likely been ineffective for some time in google/trillian#3860

Election system

Ensure leader resignation on shutdown by @osmman in google/trillian#3790

Documentation

[Claimant Model] New intro by @mhutchinson in google/trillian#3804

Refresh README by @roger2hk in google/trillian#3865

Misc

add optional gRPC max message size limit to trillian logserver and logsigner by @fghanmi in google/trillian#3801

Updated slack invite link by @mhutchinson in google/trillian#3791

Update transparency-dev slack invite link by @taknira in google/trillian#3796

Delete k8s CI steps by @mhutchinson in google/trillian#3838

Deleted gcb2slack by @mhutchinson in google/trillian#3849

Dependency update

Bump @google-cloud/functions-framework from 3.5.1 to 4.0.0 in /scripts/gcb2slack by @dependabot[bot] in google/trillian#3780

Bump the docker-deps group across 5 directories with 3 updates by @dependabot[bot] in google/trillian#3781

Bump github/codeql-action from 3.28.15 to 3.28.16 in the github-actions-deps group by @dependabot[bot] in google/trillian#3782

Bump the docker-deps group across 7 directories with 6 updates by @dependabot[bot] in google/trillian#3787

update golangci-lint to v2.1.6 by @phbnf in google/trillian#3788

Bump the github-actions-deps group with 4 updates by @dependabot[bot] in google/trillian#3786

Bump the docker-deps group across 6 directories with 5 updates by @dependabot[bot] in google/trillian#3792

Bump github/codeql-action from 3.28.18 to 3.29.2 in the github-actions-deps group by @dependabot[bot] in google/trillian#3795

Bump google-auth-library from 9.15.1 to 10.1.0 in /scripts/gcb2slack by @dependabot[bot] in google/trillian#3793

Bump form-data from 4.0.2 to 4.0.4 in /scripts/gcb2slack in the npm_and_yarn group by @dependabot[bot] in google/trillian#3797

Bump the docker-deps group across 7 directories with 6 updates by @dependabot[bot] in google/trillian#3800

Bump google-auth-library from 10.1.0 to 10.2.0 in /scripts/gcb2slack by @dependabot[bot] in google/trillian#3799

Bump github/codeql-action from 3.29.2 to 3.29.5 in the github-actions-deps group by @dependabot[bot] in google/trillian#3798

Bump the go-deps group across 1 directory with 24 updates by @dependabot[bot] in google/trillian#3794

Bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in the go_modules group by @dependabot[bot] in google/trillian#3802

... (truncated)

Commits

16c60b3 Update changelog for v1.7.3 (#3871)
53da4ca Bump the go-deps group with 15 updates (#3869)
cee61ba Bump the docker-deps group across 6 directories with 5 updates (#3867)
0288868 Bump the github-actions-deps group with 2 updates (#3868)
b17288a Refresh README (#3865)
b0323c1 Bump go.etcd.io/etcd/v3 from 3.6.8 to 3.6.9 (#3864)
a447916 Bump google.golang.org/grpc from 1.79.1 to 1.79.3 (#3863)
c302fde Bump the go-deps group across 1 directory with 17 updates (#3860)
379be0a Bumped go/x/net to fix GO-2026-4559 (#3859)
34636ce Bump the github-actions-deps group across 1 directory with 3 updates (#3856)
Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.32 to 1.14.38

Commits

edadafa Merge pull request #1381 from mattn/eliminate-bounds-checks
8f9f86e Eliminate unnecessary bounds checks in hot paths
0d23881 Merge pull request #1379 from theimpostor/pr-1322-missing-constraint-op-types
84bdc43 add missing index constraint op types
57e5007 Merge pull request #1313 from Jaculabilis/json-example
bb8d0b2 Bump Go test matrix versions from 1.23-1.25 to 1.24-1.26
bc7436e Bump GitHub Actions versions to latest
0f12d4e Ensure Close always removes runtime finalizer to prevent memory leak
d71eda8 Fix upgrade.sh: add already-up-to-date check and fix changelog URL format
4ea2a9f Upgrade SQLite to version 3051003
Additional commits viewable in compare view

Updates github.com/transparency-dev/formats from 0.0.0-20250723101439-be3b1008ec3a to 0.1.0

Release notes

Sourced from github.com/transparency-dev/formats's releases.

v0.1.0

What's Changed

Added link to GenerateKey and noted algorithm id is required by @mhutchinson in transparency-dev/formats#1

Added a section on checkpoint merging by @mhutchinson in transparency-dev/formats#2

Add CI test + coverage by @AlCutter in transparency-dev/formats#3

Add CODEOWNERS with default team assignment by @AlCutter in transparency-dev/formats#4

Added lint config and presubmit script by @mhutchinson in transparency-dev/formats#5

Format code according to go1.19rc2 by @mhutchinson in transparency-dev/formats#6

Create scorecards.yml by @AlCutter in transparency-dev/formats#7

Create codeql.yml by @AlCutter in transparency-dev/formats#8

Tighten action permissions by @AlCutter in transparency-dev/formats#9

Add dependabot.yml by @AlCutter in transparency-dev/formats#10

Pin GitHub actions to git hashes by @AlCutter in transparency-dev/formats#13

Breaking change: Change the log ID function to also include the origin string by @mhutchinson in transparency-dev/formats#15

Enable all the linters by @mhutchinson in transparency-dev/formats#20

Update go version to minimum supported version by @mhutchinson in transparency-dev/formats#21

Update the docs on Origin string re #22 by @mhutchinson in transparency-dev/formats#23

Update ecosystem -> origin. by @jiggoha in transparency-dev/formats#24

Update and rename scorecards.yml to scorecard.yml by @AlCutter in transparency-dev/formats#26

Add dns_name recommendations for the Origin by @phbnf in transparency-dev/formats#25

Update log ID to not include the public key. by @jiggoha in transparency-dev/formats#27

Added scorecard badge by @mhutchinson in transparency-dev/formats#30

Added scorecard token by @mhutchinson in transparency-dev/formats#31

Update linter action and version, and auto-update by @mhutchinson in transparency-dev/formats#32

Add a benchmark on signing/verifying by @AlCutter in transparency-dev/formats#43

Group dependabot updates by ecosystem by @AlCutter in transparency-dev/formats#52

Updated Slack channel details by @mhutchinson in transparency-dev/formats#64

Migrate signers by @AlCutter in transparency-dev/formats#66

Add support for extracting CoSigV1 timestamps from signatures by @AlCutter in transparency-dev/formats#69

Bump to go1.21 by @AlCutter in transparency-dev/formats#100

Add support for verifying Sunlight checkpoints by @AlCutter in transparency-dev/formats#99

Update dependabot weekly instead of daily by @mhutchinson in transparency-dev/formats#131

Drop dep on the certificate-transparency-go repo by @AlCutter in transparency-dev/formats#125

Update token used for scorecard by @mhutchinson in transparency-dev/formats#141

Bump to go1.22 by @AlCutter in transparency-dev/formats#148

Drop TLS dep entirely by @AlCutter in transparency-dev/formats#150

Fix cosig timestamp endianness by @AlCutter in transparency-dev/formats#153

Added test for sigsum ID by @mhutchinson in transparency-dev/formats#157

Fix typo by @phbnf in transparency-dev/formats#163

Bump go version from 1.22 to 1.23 by @roger2hk in transparency-dev/formats#179

Bump golangci lint by @AlCutter in transparency-dev/formats#183

Update slack invite link by @taknira in transparency-dev/formats#197

Added function to generate vkey from skey by @mhutchinson in transparency-dev/formats#199

Fix failed scorecard analysis by @roger2hk in transparency-dev/formats#205

Bump Go version in go test workflow by @roger2hk in transparency-dev/formats#206

Add support for native CosignatureV1 (alg 0x04) verifier keys by @AlCutter in transparency-dev/formats#216

Deps

... (truncated)

Commits

See full diff in compare view

Updates github.com/u-root/u-root from 0.15.0 to 0.16.0

Release notes

Sourced from github.com/u-root/u-root's releases.

last release before moving to go1.25

What's Changed

kmodule: insert independent modules in parallel (Fixes #3424) by @khazhyk in u-root/u-root#3429

menu cleanups by @jelischer in u-root/u-root#3427

Revert "menu cleanups" to unblock Github CI by @AjanZhong in u-root/u-root#3441

pkg/boot/universalpayload: Skip system memory in handoff blocks. by @AjanZhong in u-root/u-root#3440

configs/arm: add CONFIG_COMPAT_32BIT_TIME by @orangecms in u-root/u-root#3442

README: explain minimum requirements by @orangecms in u-root/u-root#3443

core/ps: when using /proc//cmdline, replace null by space by @rminnich in u-root/u-root#3445

update to ulikunits/xz 5.15 by @rminnich in u-root/u-root#3447

bump mkuimage to use -skip-ldd flag by @jenstopp in u-root/u-root#3448

Add smbios_modifier RemoveSystemSlotInfo by @andrewsun2898 in

dpebot · 2026-04-01T05:01:59Z

/gcbrun

dpebot · 2026-04-02T09:24:46Z

/gcbrun

dpebot · 2026-04-02T10:07:08Z

/gcbrun

Bumps the all-deps group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/apache/beam/sdks/v2](https://github.com/apache/beam) | `2.68.0` | `2.72.0` | | [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) | `1.3.2` | `1.3.3` | | [github.com/google/trillian](https://github.com/google/trillian) | `1.7.2` | `1.7.3` | | [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.32` | `1.14.38` | | [github.com/transparency-dev/formats](https://github.com/transparency-dev/formats) | `0.0.0-20250723101439-be3b1008ec3a` | `0.1.0` | | [github.com/u-root/u-root](https://github.com/u-root/u-root) | `0.15.0` | `0.16.0` | | [github.com/usbarmory/tamago](https://github.com/usbarmory/tamago) | `1.25.1` | `1.26.1` | Updates `github.com/apache/beam/sdks/v2` from 2.68.0 to 2.72.0 - [Release notes](https://github.com/apache/beam/releases) - [Changelog](https://github.com/apache/beam/blob/master/CHANGES.md) - [Commits](apache/beam@v2.68.0...v2.72.0) Updates `github.com/google/certificate-transparency-go` from 1.3.2 to 1.3.3 - [Release notes](https://github.com/google/certificate-transparency-go/releases) - [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md) - [Commits](google/certificate-transparency-go@v1.3.2...v1.3.3) Updates `github.com/google/trillian` from 1.7.2 to 1.7.3 - [Release notes](https://github.com/google/trillian/releases) - [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md) - [Commits](google/trillian@v1.7.2...v1.7.3) Updates `github.com/mattn/go-sqlite3` from 1.14.32 to 1.14.38 - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](mattn/go-sqlite3@v1.14.32...v1.14.38) Updates `github.com/transparency-dev/formats` from 0.0.0-20250723101439-be3b1008ec3a to 0.1.0 - [Release notes](https://github.com/transparency-dev/formats/releases) - [Commits](https://github.com/transparency-dev/formats/commits/v0.1.0) Updates `github.com/u-root/u-root` from 0.15.0 to 0.16.0 - [Release notes](https://github.com/u-root/u-root/releases) - [Changelog](https://github.com/u-root/u-root/blob/main/RELEASES) - [Commits](u-root/u-root@v0.15.0...v0.16.0) Updates `github.com/usbarmory/tamago` from 1.25.1 to 1.26.1 - [Release notes](https://github.com/usbarmory/tamago/releases) - [Commits](usbarmory/tamago@v1.25.1...v1.26.1) Updates `golang.org/x/crypto` from 0.46.0 to 0.49.0 - [Commits](golang/crypto@v0.46.0...v0.49.0) Updates `golang.org/x/mod` from 0.30.0 to 0.34.0 - [Commits](golang/mod@v0.30.0...v0.34.0) Updates `golang.org/x/oauth2` from 0.34.0 to 0.36.0 - [Commits](golang/oauth2@v0.34.0...v0.36.0) Updates `golang.org/x/sync` from 0.19.0 to 0.20.0 - [Commits](golang/sync@v0.19.0...v0.20.0) Updates `google.golang.org/protobuf` from 1.36.10 to 1.36.11 Updates `k8s.io/klog/v2` from 2.130.1 to 2.140.0 - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](kubernetes/klog@v2.130.1...2.140.0) --- updated-dependencies: - dependency-name: github.com/apache/beam/sdks/v2 dependency-version: 2.72.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: github.com/google/certificate-transparency-go dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: github.com/google/trillian dependency-version: 1.7.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: github.com/mattn/go-sqlite3 dependency-version: 1.14.38 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: github.com/transparency-dev/formats dependency-version: 0.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: github.com/u-root/u-root dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: github.com/usbarmory/tamago dependency-version: 1.26.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: golang.org/x/crypto dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: golang.org/x/mod dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: golang.org/x/oauth2 dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: golang.org/x/sync dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: google.golang.org/protobuf dependency-version: 1.36.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: k8s.io/klog/v2 dependency-version: 2.140.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dpebot · 2026-04-02T10:17:06Z

/gcbrun

dpebot · 2026-04-02T10:22:59Z

/gcbrun

dpebot · 2026-04-02T11:44:05Z

/gcbrun

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 1, 2026

dependabot bot requested a review from a team as a code owner April 1, 2026 05:01

dependabot bot removed the request for review from a team April 1, 2026 05:01

dependabot bot added the dependencies Pull requests that update a dependency file label Apr 1, 2026

dependabot bot requested a review from AlCutter April 1, 2026 05:01

dependabot bot added the go Pull requests that update Go code label Apr 1, 2026

dependabot bot and others added 3 commits April 2, 2026 10:16

Bump golangci-lint to v2.11.4

23416c7

Fix golangci-lint warnings

c891ae8

roger2hk force-pushed the dependabot/go_modules/all-deps-a2687b98dd branch from 1b39cd9 to c891ae8 Compare April 2, 2026 10:16

Bump tamago-go to 1.26.1

7eea121

Set GOOSPKG environment variable for armory bootloader build

6386a07

roger2hk approved these changes Apr 2, 2026

View reviewed changes

roger2hk merged commit 9c23b6c into master Apr 2, 2026
8 checks passed

roger2hk deleted the dependabot/go_modules/all-deps-a2687b98dd branch April 2, 2026 11:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all-deps group across 1 directory with 13 updates#1375

Bump the all-deps group across 1 directory with 13 updates#1375
roger2hk merged 5 commits intomasterfrom
dependabot/go_modules/all-deps-a2687b98dd

dependabot bot commented on behalf of github Apr 1, 2026

Uh oh!

dpebot commented Apr 1, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github Apr 1, 2026

Beam 2.72.0 release

Highlights

I/Os

New Features / Improvements

Deprecations

Bugfixes

Security Fixes

List of Contributors

Beam 2.71.0 release

[2.72.0] - 2026-03-30

Highlights

I/Os

New Features / Improvements

Deprecations

Bugfixes

Security Fixes

[2.71.0] - 2026-01-22

I/Os

New Features / Improvements

Bugfixes

v1.3.3

What's Changed

CTFE

Tools

Log list library

Submission proxy

Other

Misc

Dependency updates

v1.3.3

CTFE

Tools

Log list library

Submission proxy

Other

Misc

Dependency updates

v1.7.3

What's Changed

Storage

Election system

Documentation

Misc

Dependency update

v1.7.3

Storage

Election system

Documentation

Misc

Dependency update

v0.1.0

What's Changed

Deps

last release before moving to go1.25

What's Changed

Uh oh!

dpebot commented Apr 1, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

dpebot commented Apr 2, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants