Bump the gomod group across 1 directory with 5 updates

[dependabot]

Bumps the gomod group with 3 updates in the / directory: github.com/carabiner-dev/collector, github.com/sirupsen/logrus and sigs.k8s.io/release-utils.

Updates github.com/carabiner-dev/collector from 0.2.6 to 0.2.7

Release notes

Sourced from github.com/carabiner-dev/collector's releases.

v0.2.7

No release notes provided.

Commits

• 4f12aee Merge pull request #57 from puerco/notes-store
• c0a215a Add drivers table
• c4cb5b5 Add test to ensure writing entries is always sorted
• e07b321 Order entries to fix bug storing tree
• dc018cb Merge pull request #56 from puerco/notes-store
• 6940eae Add withInit support to notes and github
• cf9eb6d Add StoreFromFiles method to agent
• 9c1591b Merge pull request #55 from puerco/notes-store
• 5b67bf8 Add author in commit tests
• a01a57f Prealocate slices when known length
• Additional commits viewable in compare view

Updates github.com/carabiner-dev/signer from 0.3.4 to 0.3.5

Release notes

Sourced from github.com/carabiner-dev/signer's releases.

v0.3.5

No release notes provided.

Commits

• dd77ebd Merge pull request #55 from puerco/fix-tests-on-forks
• a342d2d Fix lintern nits
• 0fd2ba9 Skip signer tests when running from forks
• c7ee143 Merge pull request #52 from ralphbean/add-gitlab-sigstore-id-token
• 4e3f16c Add GitLab CI OIDC token provider (SIGSTORE_ID_TOKEN)
• 973214d Merge pull request #50 from carabiner-dev/dependabot/go_modules/gomod-f6fa4ac55c
• 2b6d8b3 Bump the gomod group with 3 updates
• 0bec35e Merge pull request #51 from carabiner-dev/dependabot/go_modules/golang.org/x/...
• 0017a0e Bump golang.org/x/term from 0.37.0 to 0.38.0
• See full diff in compare view

Updates github.com/sigstore/sigstore from 1.10.0 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

• Add back ValidatePubKey as a deprecated, minimal function in sigstore/sigstore#2235

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

v1.10.2

Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

• feat(hashivault): token helper in sigstore/sigstore#2174
• set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

• cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194
• Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209
• remove duplicative dependency for portable browser opener in sigstore/sigstore#2178
• consolidate deep Equal usage to one library in sigstore/sigstore#2177
• Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172

Commits

• 72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
• b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
• 84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
• bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
• 11dfe81 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/aws (#2236)
• 0214948 Add back ValidatePubKey as a deprecated, minimal function (#2235)
• cc26bb8 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2227)
• 63ab8d8 build(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms (#2229)
• 9e629f0 build(deps): Bump the all group with 2 updates (#2219)
• 234b99d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 (#2223)
• Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Commits

• b61f268 Merge pull request #1472 from goldlinker/master
• 15c29db refactor: replace the deprecated function in the ioutil package
• cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
• 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
• d916819 Merge pull request #1427 from dolmen/fix-testify-usage
• 135e482 README: small touch-ups
• 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
• 877ecec README: remove travis badge
• 55cf256 Merge pull request #1393 from jsoref/grammar
• 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
• Additional commits viewable in compare view

Updates sigs.k8s.io/release-utils from 0.12.2 to 0.12.3

Release notes

Sourced from sigs.k8s.io/release-utils's releases.

v0.12.3

No release notes provided.

Commits

• 97fe534 Merge pull request #167 from puerco/bump-ko
• 11254e8 Bump ko to 0.18.1
• 4399ec1 Merge pull request #166 from kubernetes-sigs/dependabot/go_modules/all-a2c59b...
• 1fca68c build(deps): bump github.com/sirupsen/logrus in the all group
• 7e56f68 Merge pull request #164 from kubernetes-sigs/dependabot/docker/all-711e1845b7
• be48f19 Merge pull request #163 from kubernetes-sigs/dependabot/github_actions/action...
• f7341a3 build(deps): bump golang from 1.25.4 to 1.25.5 in the all group
• f74c412 build(deps): bump actions/checkout in the actions group
• 7ecd440 Merge pull request #162 from kubernetes-sigs/dependabot/go_modules/all-f0625c...
• f838842 build(deps): bump github.com/spf13/cobra in the all group
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions