Skip to content

🌱 Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 in /tools#5018

Merged
justaugustus merged 1 commit intomainfrom
dependabot/go_modules/tools/github.com/sigstore/timestamp-authority/v2-2.0.6
Apr 16, 2026
Merged

🌱 Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 in /tools#5018
justaugustus merged 1 commit intomainfrom
dependabot/go_modules/tools/github.com/sigstore/timestamp-authority/v2-2.0.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 14, 2026
edited
Loading

Bumps github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6.

Release notes

Sourced from github.com/sigstore/timestamp-authority/v2's releases.

v2.0.6

What's Changed

Full Changelog: sigstore/timestamp-authority@v2.0.5...v2.0.6

v2.0.5

What's Changed

This release updates the chi middleware to resolve a panic.

Full Changelog: sigstore/timestamp-authority@v2.0.4...v2.0.5

v2.0.4

Changelog

  • 5ddd4e6ad32117ae431eca6299ed9d29a6d33f5a update changelog for v2.0.4 (#1258)

What's Changed

Full Changelog: sigstore/timestamp-authority@v2.0.3...v2.0.4

Changelog

Sourced from github.com/sigstore/timestamp-authority/v2's changelog.

v2.0.5

This release updates the chi middleware to resolve a panic.

Bug Fixes

  • Upgrade chi middleware v4 -> v5 (#1307)

Docs

  • Update the semantics of the NTP monitoring so its clear in the README (#1276)
  • docs: note that CRL/OCSP checks are not performed (#1277)

Misc

  • Increase default HTTP idle timeout (#1287)

v2.0.4

Only contains dependency updates, but fixes #1252 due to breaking API change in sigstore/sigstore

Commits
  • 9583b61 Ensure correct certificate is used for TSA auth checks (GHSA-xm5m-wgh2-rrg3) ...
  • 7aab8b4 chore(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 (#1322)
  • 48c7b2c chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 (#1327)
  • 49ca4e4 chore(deps): bump the gomod group with 2 updates (#1326)
  • 5812ba0 chore(deps): bump go.step.sm/crypto from 0.76.2 to 0.77.2 (#1328)
  • 6a334a8 chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#1329)
  • d799204 chore(deps): bump actions/upload-artifact in the actions group (#1332)
  • b9ce102 chore(deps): bump golang from 1.26.0 to 1.26.2 in the docker group (#1331)
  • 54bc0c1 chore(deps): bump the gomod group across 1 directory with 6 updates (#1324)
  • ffb897a chore(deps): bump the actions group across 1 directory with 4 updates (#1325)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 14, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 14, 2026 01:03
@dependabot dependabot bot requested review from jeffmendoza and spencerschrock and removed request for a team April 14, 2026 01:03
@dependabot dependabot bot temporarily deployed to integration-test April 14, 2026 01:03 Inactive
@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Apr 14, 2026
@justaugustus justaugustus enabled auto-merge (squash) April 16, 2026 04:12
justaugustus
justaugustus approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@justaugustus justaugustus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot rebase

@dependabot
🌱 Bump github.com/sigstore/timestamp-authority/v2 in /tools
42849ee 
Bumps [github.com/sigstore/timestamp-authority/v2](https://github.com/sigstore/timestamp-authority) from 2.0.3 to 2.0.6.
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](sigstore/timestamp-authority@v2.0.3...v2.0.6)

---
updated-dependencies:
- dependency-name: github.com/sigstore/timestamp-authority/v2
  dependency-version: 2.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/tools/github.com/sigstore/timestamp-authority/v2-2.0.6 branch from 1031a6a to 42849ee Compare April 16, 2026 04:14
@dependabot dependabot bot temporarily deployed to integration-test April 16, 2026 04:14 Inactive
@justaugustus justaugustus merged commit 4b8e9d1 into main Apr 16, 2026
35 checks passed
@justaugustus justaugustus deleted the dependabot/go_modules/tools/github.com/sigstore/timestamp-authority/v2-2.0.6 branch April 16, 2026 04:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justaugustus justaugustus justaugustus approved these changes

@jeffmendoza jeffmendoza Awaiting requested review from jeffmendoza jeffmendoza is a code owner automatically assigned from ossf/scorecard-maintainers

@spencerschrock spencerschrock Awaiting requested review from spencerschrock spencerschrock is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code size:L This PR changes 100-499 lines, ignoring generated files.

Projects

OpenSSF Scorecard
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@justaugustus