Skip to content

build(deps): bump the minor-and-patch group across 1 directory with 2 updates#262

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/sdk/minor-and-patch-bd25751d74
Open

build(deps): bump the minor-and-patch group across 1 directory with 2 updates#262
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/sdk/minor-and-patch-bd25751d74

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 2 updates in the /sdk directory: github.com/brokenbots/criteria and golang.org/x/net.

Updates github.com/brokenbots/criteria from 0.3.0 to 0.5.0

Release notes

Sourced from github.com/brokenbots/criteria's releases.

v0.5.0

[Unreleased] — Adapter system v2 (protocol v2; clean break from v0.3.0)

Headline: The adapter system was rewritten end to end. Adapters are now signed OCI artifacts pulled from any registry and pinned per workflow, the wire protocol is v2 (a hard cut — v1 adapters no longer load), and a single term — "adapter" — is used throughout. Existing adapters were migrated in parallel; artifacts track the 0.5.0 line (v2 is the protocol version, not a product version). The release tag and date are finalized by the release gate.

Adapter system rewrite

  • OCI-based distribution. Adapters publish as multi-platform OCI artifacts (per-platform binary blobs + an adapter.yaml manifest) to any OCI-compliant registry. No central registry; adapters are referenced by source + version.
  • Per-workflow lockfile. .criteria.lock.hcl pins every referenced adapter by digest and records the signer identity, for run-to-run reproducibility. Populated by criteria adapter lock.
  • Signing & verification. cosign signatures attached as OCI referrers, with the lockfile as the trust anchor: lock pins the signer and pull/compile/apply re-verify against the pin (a changed signer is a SignerChanged diff). Keyless (Sigstore/Fulcio OIDC) is the default CI path — signatures are now recorded in the Rekor transparency log and shipped as a Sigstore bundle, so they remain verifiable after the ephemeral Fulcio certificate expires; an adapter signed by its own repo's CI verifies with no per-consumer config. Explicit Ed25519 keys are supported for offline/ enterprise trust via a trusted_key config (~/.criteria/trust.hcl, a workflow-dir trust.hcl, or --trusted-key). A uniform unsigned-override (--allow-unsigned / CRITERIA_ALLOW_UNSIGNED) and the workflow-level verification = "strict" | "warn" | "off" attribute are honored across pull/lock/compile/apply. The effective default is warn during the signing-completion transition and returns to strict once keyless verification is confirmed in CI.
  • New criteria adapter CLI group: pull, lock, list, info, where, remove, prune, dev, publish. publish supports --keyless, --sign-key, and --image (record an already-pushed runnable container image).
  • Environment block expanded. New types sandbox (Linux namespaces + landlock
    • seccomp, or bubblewrap; macOS sandbox-exec), container (docker/podman), and remote (phone-home) join shell, with policy fields (policy_mode, sandbox, filesystem, network, secrets, resources, os).
  • Lifecycle operations. Protocol v2 adds Pause/Resume, Snapshot/Restore, and Inspect, driven by the host and exercised by the shared conformance suite.
  • Secrets channel. Declared secrets resolve through a provider stack and flow over a dedicated channel (never config/process env), with automatic log redaction and compile-time taint propagation.
  • Three SDKs with consistent helper APIs and single-binary builds — TypeScript (Bun), Python (Nuitka), Go — each in its own repo, plus starter templates and a reusable publish-adapter action.

Breaking changes

... (truncated)

Changelog

Sourced from github.com/brokenbots/criteria's changelog.

Changelog

All notable changes to Criteria are recorded here.

Commits
  • a868571 Merge pull request #256 from brokenbots/repo-cleanup
  • cb9568b docs: remove inert validator directives from prose
  • e6ac0ee docs: technical rewrite of prose docs; align with reality
  • 1d25994 docs: fix stale links and a dead example reference
  • ae4bc65 examples: consolidate single-feature demos; trim non-useful ones
  • 411da42 docs(readme): drop removed-item row; demote server mode to a footnote
  • 77459f4 docs(readme): technical, concise rewrite with status tables
  • c99097a docs(readme): reframe as an honest WIP; AI-driven agent workflow engine
  • 1910039 docs(readme): rewrite for current layout; expand what/why; note stabilizing
  • eeaab95 chore: remove repo cruft and the workstream-automation subsystem
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.55.0 to 0.56.0

Commits
  • 9e7fdbf internal/http3: fix wrong argument being given when validating header value
  • b686e5f internal/http3: add gzip support to transport
  • 8a34885 go.mod: update golang.org/x dependencies
  • 72eaf98 dns/dnsmessage: correctly validate SVCB record parameter order
  • 82e7868 dns/dnsmessage: avoid panic when parsing SVCB record with truncated data
  • b64f1fa internal/http3: add server support for "Trailer:" magic prefix
  • 2707ee2 internal/http3: implement HTTP/3 clientConn methods
  • 31358cc internal/http3: snapshot response headers at WriteHeader time
  • 8ecbaa9 html: don't adjust xml:base
  • 8ae811a html: properly handle end script tag in fragment mode
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 22, 2026
… updates

Bumps the minor-and-patch group with 2 updates in the /sdk directory: [github.com/brokenbots/criteria](https://github.com/brokenbots/criteria) and [golang.org/x/net](https://github.com/golang/net).


Updates `github.com/brokenbots/criteria` from 0.3.0 to 0.5.0
- [Release notes](https://github.com/brokenbots/criteria/releases)
- [Changelog](https://github.com/brokenbots/criteria/blob/main/CHANGELOG.md)
- [Commits](v0.3.0...v0.5.0)

Updates `golang.org/x/net` from 0.55.0 to 0.56.0
- [Commits](golang/net@v0.55.0...v0.56.0)

---
updated-dependencies:
- dependency-name: github.com/brokenbots/criteria
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: golang.org/x/net
  dependency-version: 0.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/sdk/minor-and-patch-bd25751d74 branch from bc140c3 to 8d9539b Compare July 10, 2026 04:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants