Skip to content

Bump the minor-patch group across 2 directories with 2 updates#410

Closed
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/go_modules/minor-patch-592000c891
Closed

Bump the minor-patch group across 2 directories with 2 updates#410
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/go_modules/minor-patch-592000c891

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 17, 2025
edited
Loading

Bumps the minor-patch group with 2 updates in the / directory: github.com/sigstore/sigstore and github.com/google/go-containerregistry.
Bumps the minor-patch group with 2 updates in the /examples/oci-image-verification directory: github.com/sigstore/sigstore and github.com/google/go-containerregistry.

Updates github.com/sigstore/sigstore from 1.8.12 to 1.8.14

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.14

What's Changed

This is the same content as v1.8.13, with a CI/CD fix.

v1.8.13

What's Changed

Full Changelog: sigstore/sigstore@v1.8.12...v1.8.13

Commits

Updates github.com/google/go-containerregistry from 0.20.2 to 0.20.3

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.3

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.20.2...v0.20.3

Commits

Updates github.com/sigstore/sigstore from 1.8.12 to 1.8.14

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.14

What's Changed

This is the same content as v1.8.13, with a CI/CD fix.

v1.8.13

What's Changed

Full Changelog: sigstore/sigstore@v1.8.12...v1.8.13

Commits

Updates github.com/google/go-containerregistry from 0.20.2 to 0.20.3

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.3

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.20.2...v0.20.3

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot requested a review from a team as a code owner February 17, 2025 09:49
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 17, 2025
@dmitris dmitris mentioned this pull request Feb 18, 2025
Closed
@codysoyland
Copy link
Copy Markdown
Member

codysoyland commented Feb 18, 2025

@kommendorkapten Due to decisions made in #384, we intend to continue supporting go 1.22 until sigstore-go 1.0. We need to decline the upgrade to go-containerregistry until google/go-containerregistry#2047 is merged.

@kommendorkapten
Copy link
Copy Markdown
Member

kommendorkapten commented Feb 18, 2025

@codysoyland Oh, nice. I missed that.

@Hayden-IO
Copy link
Copy Markdown
Contributor

Hayden-IO commented Feb 18, 2025

We also discussed going back to that contributor and discussing this. Trying to fight dependabot up to and past 1.0 is not a great use of maintainer time unfortunately.

@codysoyland
Copy link
Copy Markdown
Member

codysoyland commented Feb 18, 2025

@dependabot ignore github.com/google/go-containerregistry 0.20.3

@codysoyland
Copy link
Copy Markdown
Member

codysoyland commented Feb 18, 2025

I think the chat command I just sent should prevent dependabot from reopening this specific update for go-containerregistry again. Hopefully this will save us some time.

@codysoyland
Copy link
Copy Markdown
Member

codysoyland commented Feb 18, 2025

@dependabot recreate

@dependabot
Bump the minor-patch group across 2 directories with 2 updates
e122e46 
Bumps the minor-patch group with 2 updates in the / directory: [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry).
Bumps the minor-patch group with 2 updates in the /examples/oci-image-verification directory: [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry).


Updates `github.com/sigstore/sigstore` from 1.8.12 to 1.8.14
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.12...v1.8.14)

Updates `github.com/google/go-containerregistry` from 0.20.2 to 0.20.3
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.2...v0.20.3)

Updates `github.com/sigstore/sigstore` from 1.8.12 to 1.8.14
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.12...v1.8.14)

Updates `github.com/google/go-containerregistry` from 0.20.2 to 0.20.3
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.2...v0.20.3)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/minor-patch-592000c891 branch from c71c3de to e122e46 Compare February 18, 2025 16:14
@codysoyland
Set go-containerregistry v0.20.2 to preserve go1.22 compat
e4689f1 
Signed-off-by: Cody Soyland <codysoyland@github.com>
@codysoyland codysoyland enabled auto-merge (squash) February 18, 2025 16:24
@codysoyland
Copy link
Copy Markdown
Member

codysoyland commented Feb 18, 2025

@dependabot ignore github.com/google/go-containerregistry patch version

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Feb 18, 2025

OK, I won't notify you about version 0.20.3 of github.com/google/go-containerregistry again, unless you unignore it.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Feb 18, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Feb 18, 2025
auto-merge was automatically disabled February 18, 2025 18:37

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/go_modules/minor-patch-592000c891 branch February 18, 2025 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codysoyland @kommendorkapten @Hayden-IO