Update go modules (release-v0.6) (patch)

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cuelang.org/go	v0.11.1 → v0.11.2
github.com/cucumber/godog	v0.15.0 → v0.15.1
github.com/daixiang0/gci	v0.13.5 → v0.13.7
github.com/enterprise-contract/enterprise-contract-controller/api	v0.1.79 → v0.1.254
github.com/enterprise-contract/go-containerregistry	v0.20.3-0.20250120083621-7be5271048b1 → v0.20.6
github.com/evanphx/json-patch	v5.9.0+incompatible → v5.9.11+incompatible
github.com/evanphx/json-patch/v5	v5.9.0 → v5.9.11
github.com/gkampitakis/go-snaps	v0.5.7 → v0.5.19
github.com/google/go-containerregistry	v0.20.2 → v0.20.7
github.com/otiai10/copy	v1.14.0 → v1.14.1
github.com/secure-systems-lab/go-securesystemslib	v0.9.0 → v0.9.1
github.com/sigstore/rekor	v1.3.6 → v1.3.10
github.com/spf13/pflag	v1.0.6 → v1.0.10
github.com/tektoncd/chains	v0.22.2 → v0.22.3
github.com/tektoncd/cli	v0.38.0 → v0.38.2
github.com/testcontainers/testcontainers-go	v0.34.0 → v0.34.1
k8s.io/api	v0.34.2 → v0.34.3
k8s.io/apiextensions-apiserver	v0.34.2 → v0.34.3
k8s.io/apimachinery	v0.34.2 → v0.34.3
k8s.io/kubernetes	v1.34.2 → v1.34.3

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

cue-lang/cue (cuelang.org/go)

v0.11.2

Compare Source

This release includes fixes for bugs which were uncovered and resolved in the last few weeks.

Evaluator

CL 1206279 fixes a regression in the old evaluator which could lead to "conflicting value" errors.

cmd/cue

CL 1207330 fixes a regression where cue get go stopped copying some CUE files from Go package directories.

CL 1207402 fixes a regression where cue def --inline-imports could result in invalid CUE which failed to evaluate.

Full list of changes since v0.11.1

• internal/cueversion: bump LanguageVersion for the next release by @​mvdan in 079dc4a
• internal/ci: update pinned Go for the next release by @​mvdan in b1a57a5
• internal/core/dep: fix handling sharing in non-rooted nodes by @​mpvl in 8d97e7a
• cmd/cue: add test for 3646 by @​mpvl in 815cb30
• cmd/cue: fix a regression with cue get go dropping CUE files by @​mvdan in 5b0e411
• cmd/cue: add a test case to reproduce #​3644 by @​mvdan in 801f976
• internal/core/adt: fix let issue for eval v2 by @​mpvl in a1fbeaa
• internal/core/adt: add tests for 3590 and 3591 by @​mpvl in 0ae498f

cucumber/godog (github.com/cucumber/godog)

v0.15.1

Compare Source

Added

• Step text is added to "step is undefined" error - (669 - vearutop)
• Localisation support by @​MegaGrindStone in #​665
• feat: support uint types by @​chengxilo in #​695

Changed

• Replace deprecated ::set-output - (681 - nodeg)

Fixed

• fix(errors): fix(errors): Fix expected Step argument count for steps with context.Context (679 - tigh-latte)
• fix(formatter): On concurrent execution, execute formatter at end of Scenario - (645 - tigh-latte)
• Pretty printing results now prints the line where the step is declared instead of the line where the handler is declared. (668 - spencerc)
• Update honnef.co/go/tools/cmd/staticcheck version in Makefile by @​RezaZareiii in #​670
• fix: verify dogT exists in the context before using it by @​cakoolen in #​692
• fix: change bang to being in README by @​nahomEagleLion in #​687
• Mark junit test cases as skipped if no pickle step results available by @​mrsheepuk in #​597
• Print step declaration line instead of handler declaration line by @​SpencerC in #​668

daixiang0/gci (github.com/daixiang0/gci)

v0.13.7

Compare Source

What's Changed

• fix: scrape all goos/goarch pair for stdlib by @​Zxilly in #​208
• chore: get module info from pass by @​ldez in #​221
• chore: remove analyzer by @​ldez in #​222
• feat: update standard list to go1.25 by @​ldez in #​233
• bump up version by @​daixiang0 in #​234

New Contributors

• @​Zxilly made their first contribution in #​208

Full Changelog: daixiang0/gci@v0.13.6...v0.13.7

v0.13.6

Compare Source

What's Changed

• fix: update standard list to go1.24 by @​ldez in #​227
• bump up version by @​daixiang0 in #​229

Full Changelog: daixiang0/gci@v0.13.5...v0.13.6

enterprise-contract/go-containerregistry (github.com/enterprise-contract/go-containerregistry)

v0.20.6

Compare Source

v0.20.5

Compare Source

v0.20.4

Compare Source

evanphx/json-patch (github.com/evanphx/json-patch)

v5.9.11+incompatible

Compare Source

v5.9.10+incompatible

Compare Source

gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)

v0.5.19

Compare Source

What's Changed

• fix: use backticks for inline snaps when appropriate by @​gkampitakis in #​149

Full Changelog: gkampitakis/go-snaps@0.5.18...v0.5.19

v0.5.18

Compare Source

v0.5.17

Compare Source

v0.5.16

Compare Source

What's Changed

• fix: don't drop /r character when scanning by @​gkampitakis in #​139
• chore: replace vendored go-diff with upstream by @​gkampitakis in #​143
• chore: update golangci-lint to v2 by @​G-Rath in #​141
• fix: detect no_color support by @​gkampitakis in #​123
• experimenting with inline snapshot support by @​gkampitakis in #​70

Full Changelog: gkampitakis/go-snaps@v0.5.15...v0.5.16

v0.5.15

Compare Source

What's Changed

• test: explicitly return named variables by @​G-Rath in #​137
• ci: show diff after running linting by @​G-Rath in #​136
• fix: only update snapshots when actually allowed by @​G-Rath in #​135

Full Changelog: gkampitakis/go-snaps@v0.5.14...v0.5.15

v0.5.14

Compare Source

What's Changed

• feat: snaps.Clean now returns if snaps dirty and err by @​gkampitakis in #​131

Full Changelog: gkampitakis/go-snaps@v0.5.13...v0.5.14

v0.5.13

Compare Source

What's Changed

• feat: support MatchStandaloneYAML by @​gkampitakis in #​128
• chore: update go-yaml and gh-action deps by @​gkampitakis in #​129

Full Changelog: gkampitakis/go-snaps@v0.5.12...v0.5.13

v0.5.12

Compare Source

What's Changed

• feat: add UPDATE_SNAPS=always for updating and creating snaps on CI setup by @​gkampitakis in #​126

Full Changelog: gkampitakis/go-snaps@v0.5.11...v0.5.12

v0.5.11

Compare Source

What's Changed

• feat: add json format config by @​kitimark in #​121

New Contributors

• @​kitimark made their first contribution in #​121

Full Changelog: gkampitakis/go-snaps@v0.5.10...v0.5.11

v0.5.10

Compare Source

What's Changed

• fix: handle builds with trimpath enabled by @​gkampitakis in #​120

Full Changelog: gkampitakis/go-snaps@v0.5.9...v0.5.10

v0.5.9

Compare Source

What's Changed

• fix: snaps.Update should apply and on snapshot create by @​gkampitakis in #​119

Full Changelog: gkampitakis/go-snaps@v0.5.8...v0.5.9

Kudos to @​orloffv for this issue #​116

v0.5.8

Compare Source

What's Changed

• feat: implement matchYAML by @​gkampitakis in #​114
• feat: implement matchStandaloneJSON by @​gkampitakis in #​113

Full Changelog: gkampitakis/go-snaps@v0.5.7...v0.5.8

google/go-containerregistry (github.com/google/go-containerregistry)

v0.20.7

Compare Source

What's Changed

• Fix ArgsEscaped lint directive by @​Subserial in #​2137
• transport: Fix broken links to distribution docs by @​guzalv in #​2136
• fix(remote): using customized retry predicate func if provided by @​derekhjray in #​2135
• Adding docker file by @​HassanJasim in #​2138
• crane: Add timestamp to flatten layer by @​Stephanie0829 in #​2117
• feat(remote): pass retryBackoff option to transport by @​aslafy-z in #​1628
• Expose clobber refusal error by @​pjbgf in #​2146
• Build artifacts for riscv64 by @​ffgan in #​2159
• Update dependencies and deprecate DockerVersion field by @​Subserial in #​2164

New Contributors

• @​guzalv made their first contribution in #​2136
• @​derekhjray made their first contribution in #​2135
• @​HassanJasim made their first contribution in #​2138
• @​Stephanie0829 made their first contribution in #​2117
• @​pjbgf made their first contribution in #​2146
• @​ffgan made their first contribution in #​2159

Full Changelog: google/go-containerregistry@v0.20.6...v0.20.7

v0.20.6

Compare Source

What's Changed

• Ensure that tag name is not empty if name contains colon by @​SaschaSchwarze0 in #​2094
• Bump some deps by @​jonjohnsonjr in #​2110

New Contributors

• @​SaschaSchwarze0 made their first contribution in #​2094

Full Changelog: google/go-containerregistry@v0.20.4...v0.20.6

v0.20.5

Compare Source

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in #​2071
• Migrate linter to v2 by @​Subserial in #​2096
• bump go version + bump deps by @​Subserial in #​2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in #​2097
• Update CodeQL permissions by @​Subserial in #​2103
• Update goreleaser permissions by @​Subserial in #​2104
• Update provenance action in release by @​Subserial in #​2105
• Update validator action by @​Subserial in #​2106

New Contributors

• @​luhring made their first contribution in #​2071
• @​Subserial made their first contribution in #​2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.5

v0.20.4: - Not usable as a go module

Compare Source

🚨 This release was published to the Go module proxy and then re-tagged with a different commit. This means it's not usable as a Go module (#​2107) -- please us v0.20.5 instead.

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in #​2071
• Migrate linter to v2 by @​Subserial in #​2096
• bump go version + bump deps by @​Subserial in #​2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in #​2097
• Update CodeQL permissions by @​Subserial in #​2103
• Update goreleaser permissions by @​Subserial in #​2104
• Update provenance action in release by @​Subserial in #​2105
• Update validator action by @​Subserial in #​2106

New Contributors

• @​luhring made their first contribution in #​2071
• @​Subserial made their first contribution in #​2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.4

v0.20.3

Compare Source

What's Changed

• remote/transport: Make bearer transport go-routine-safe by @​2opremio in #​1806
• Expose compare package by @​jonjohnsonjr in #​2001
• fix: redact.URL uses (*URL).Redacted to omit basic-auth password by @​bmoylan in #​1947
• bump actions to latest by @​ajayk in #​2011
• don't pin chainguard-dev/actions by @​imjasonh in #​2025
• Check for 406 status code when handling referrers API endpoint response by @​malancas in #​2026
• mutate: Create a defensive annotations copy by @​jonjohnsonjr in #​2030
• Detect zstd in crane append by @​jonjohnsonjr in #​2023
• bump deps using hack/bump-deps.sh by @​imjasonh in #​2042

New Contributors

• @​bmoylan made their first contribution in #​1947
• @​ajayk made their first contribution in #​2011
• @​malancas made their first contribution in #​2026

Full Changelog: google/go-containerregistry@v0.20.2...v0.20.3

otiai10/copy (github.com/otiai10/copy)

v1.14.1

Compare Source

secure-systems-lab/go-securesystemslib (github.com/secure-systems-lab/go-securesystemslib)

v0.9.1

Compare Source

sigstore/rekor (github.com/sigstore/rekor)

v1.3.10

Compare Source

Note that Rekor v1 is in maintenance mode as we are actively developing
its successor, Rekor v2, designed to be easy to maintain and cheaper to operate.. See the
README
for more information.

Features

• Added --client-signing-algorithms flag (#​1974)

Fixes / Misc

• emit unpopulated values when marshalling (#​2438)
• pkg/api: better logs when algorithm registry rejects a key (#​2429)
• chore: improve mysql readiness checks (#​2397)

Contributors

• Bob Callaway
• cangqiaoyuzhuo
• Carlos Tadeu Panato Junior
• cpanato
• Hayden B
• Praful Khanduri
• Ramon Petgrave
• Riccardo Schirone
• rubyisrust
• Sascha Grunert

v1.3.9

Compare Source

Features

• Cache checkpoint for inactive shards (#​2332)
• Support per-shard signing keys (#​2330)

Contributors

• Hayden B

v1.3.8

Compare Source

Bug Fixes

• fix zizmor issues (#​2298)
• remove unneeded value in log message (#​2282)

Quality Enhancements

• chore: relax go directive to permit 1.22.x
• fetch minisign from homebrew instead of custom ppa (#​2329)
• fix(ci): simplify GOVERSION extraction
• chore(deps): bump actions pins to latest
• Updates go and golangci-lint (#​2302)
• update builder to use go1.23.4 (#​2301)
• clean up spaces
• log request body on 500 error to aid debugging (#​2283)

Contributors

• Appu Goundan
• Bob Callaway
• Carlos Tadeu Panato Junior
• Dominic Evans
• sgpinkus

v1.3.7

Compare Source

New Features

• log request body on 500 error to aid debugging (#​2283)
• Add support for signing with Tink keyset (#​2228)
• Add public key hash check in Signed Note verification (#​2214)
• update Trillian TLS configuration (#​2202)
• Add TLS support for Trillian server (#​2164)
• Replace docker-compose with plugin if available (#​2153)
• Add flags to backfill script (#​2146)
• Unset DisableKeepalive for backfill HTTP client (#​2137)
• Add script to delete indexes from Redis (#​2120)
• Run CREATE statement in backfill script (#​2109)
• Add MySQL support to backfill script (#​2081)
• Run e2e tests on mysql and redis index backends (#​2079)

Bug Fixes

• remove unneeded value in log message (#​2282)
• Add error message when computing consistency proof (#​2278)
• fix validation error handling on API (#​2217)
• fix error in pretty-printed inclusion proof from verify subcommand (#​2210)
• Fix index scripts (#​2203)
• fix failing sharding test
• Better error handling in backfill script (#​2148)
• Batch entries in cleanup script (#​2158)
• Add missing workflow for index cleanup test (#​2121)
• hashedrekord: fix schema $id (#​2092)

Contributors

• Aditya Sirish
• Bob Callaway
• Colleen Murphy
• cpanato
• Firas Ghanmi
• Hayden B
• Hojoung (Brian) Jang
• William Woodruff

spf13/pflag (github.com/spf13/pflag)

v1.0.10

Compare Source

What's Changed

• fix deprecation comment for (FlagSet.)ParseErrorsWhitelist by @​thaJeztah in #​447
• remove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by @​thaJeztah in #​448

New Contributors

• @​thaJeztah made their first contribution in #​447

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

v1.0.9

Compare Source

What's Changed

• fix: Restore ParseErrorsWhitelist name for now by @​tomasaschan in #​446

Full Changelog: spf13/pflag@v1.0.8...v1.0.9

v1.0.8

Compare Source

⚠️ Breaking Change

This version, while only a patch bump, includes a (very minor) breaking change: the flag.ParseErrorsWhitelist struct and corresponding FlagSet.parseErrorsWhitelist field have been renamed to ParseErrorsAllowlist.

This should result in compilation errors in any code that uses these fields, which can be fixed by adjusting the names at call sites. There is no change in semantics or behavior of the struct or field referred to by these names. If your code compiles without errors after bumping to/past v1.0.8, you are not affected by this change.

The breaking change was reverted in v1.0.9, by means of re-introducing the old names with deprecation warnings. The plan is still to remove them in a future release, so if your code does depend on the old names, please change them to use the new names at your earliest convenience.

What's Changed

• Remove Redundant "Unknown-Flag" Error by @​vaguecoder in #​364
• Switching from whitelist to Allowlist terminology by @​dubrie in #​261
• Omit zero time.Time default from usage line by @​mologie in #​438
• implement CopyToGoFlagSet by @​pohly in #​330
• flag: Emulate stdlib behavior and do not print ErrHelp by @​tmc in #​407
• Print Default Values of String-to-String in Sorted Order by @​vaguecoder in #​365
• fix: Don't print ErrHelp in ParseAll by @​tomasaschan in #​443
• Reset args on re-parse even if empty by @​tomasaschan in #​444

New Contributors

• @​vaguecoder made their first contribution in #​364
• @​dubrie made their first contribution in #​261
• @​mologie made their first contribution in #​438
• @​pohly made their first contribution in #​330
• @​tmc made their first contribution in #​407
• @​tomasaschan made their first contribution in #​443

Full Changelog: spf13/pflag@v1.0.7...v1.0.8

v1.0.7

Compare Source

What's Changed

• Fix defaultIsZeroValue check for generic Value types by @​MidnightRocket in #​422
• feat: Use structs for errors returned by pflag. by @​eth-p in #​425
• Fix typos by @​co63oc in #​428
• fix #​423 : Add helper function and some documentation to parse shorthand go test flags. by @​valdar in #​424
• add support equivalent to golang flag.TextVar(), also fixes the test failure as described in #​368 by @​hujun-open in #​418
• add support for Func() and BoolFunc() #​426 by @​LeGEC in #​429
• fix: correct argument length check in FlagSet.Parse by @​ShawnJeffersonWang in #​409
• fix usage message for func flags, fix arguments order by @​LeGEC in #​431
• Add support for time.Time flags by @​max-frank in #​348

New Contributors

• @​MidnightRocket made their first contribution in #​422
• @​eth-p made their first contribution in #​425
• @​co63oc made their first contribution in #​428
• @​valdar made their first contribution in #​424
• @​hujun-open made their first contribution in #​418
• @​LeGEC made their first contribution in #​429
• @​ShawnJeffersonWang made their first contribution in #​409
• @​max-frank made their first contribution in #​348

Full Changelog: spf13/pflag@v1.0.6...v1.0.7

tektoncd/chains (github.com/tektoncd/chains)

v0.22.3: Tekton Chains release v0.22.3 "v0.22.3"

Compare Source

-Docs @​ v0.22.3
-Examples @​ v0.22.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677abc5f8010a0a21be4daa53325a217f4df92955848f73f226c6ed054c429fb9f82

Obtain the attestation:

REKOR_UUID=108e9186e8c5677abc5f8010a0a21be4daa53325a217f4df92955848f73f226c6ed054c429fb9f82
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.3/release.yaml
REKOR_UUID=108e9186e8c5677abc5f8010a0a21be4daa53325a217f4df92955848f73f226c6ed054c429fb9f82

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.22.3@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 Fix nil-pointer references (#​1286 and #​1246)

Misc

• 🔨 Upgrade golang.org/x/crypto to 0.31.0 (#​1269)

Thanks

Thanks to these contributors who contributed to v0.22.3!

• ❤️ @​jkhelil
• ❤️ @​lcarva
• ❤️ @​savitaashture
• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​jkhelil
• 😍 @​lcarva
• 😍 @​savitaashture
• 😍 @​tekton-robot

If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.