chore(deps): update go dependencies

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
github.com/containerd/stargz-snapshotter/estargz	indirect	minor	v0.14.3 -> v0.17.0
github.com/docker/docker-credential-helpers	indirect	minor	v0.7.0 -> v0.9.3
github.com/fsnotify/fsnotify	indirect	minor	v1.7.0 -> v1.9.0
github.com/go-logr/logr	require	patch	v1.4.1 -> v1.4.3
github.com/go-openapi/jsonpointer	indirect	minor	v0.20.2 -> v0.22.1
github.com/go-openapi/jsonreference	indirect	minor	v0.20.4 -> v0.21.2
github.com/go-openapi/swag	indirect	minor	v0.22.9 -> v0.25.1
github.com/go-task/slim-sprig	indirect	digest	52ccab3 -> 6e46e2e
github.com/golang/groupcache	indirect	digest	41bb18b -> 2c02b82
github.com/google/certificate-transparency-go	require	minor	v1.1.7 -> v1.3.2
github.com/google/gnostic-models	indirect	minor	v0.6.8 -> v0.7.0
github.com/google/go-cmp	indirect	minor	v0.6.0 -> v0.7.0
github.com/google/go-containerregistry	require	patch	v0.20.2 -> v0.20.6
github.com/google/pprof	indirect	digest	ff6d637 -> 9e5a51a
github.com/google/trillian	require	minor	v1.6.0 -> v1.7.2
github.com/klauspost/compress	indirect	minor	v1.16.5 -> v1.18.0
github.com/letsencrypt/boulder	indirect	minor	v0.0.0-20230907030200-6d76a0f91e1e -> v0.20250929.0
github.com/mailru/easyjson	indirect	minor	v0.7.7 -> v0.9.1
github.com/moby/spdystream	indirect	minor	v0.2.0 -> v0.5.0
github.com/opencontainers/image-spec	indirect	patch	v1.1.0-rc5 -> v1.1.1
github.com/openshift/api	require	digest	0f638a8 -> 7f24529
github.com/operator-framework/api	require	minor	v0.22.0 -> v0.34.0
github.com/operator-framework/operator-lib	require	minor	v0.12.0 -> v0.19.0
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring	require	minor	v0.70.0 -> v0.85.0
github.com/prometheus/client_golang	require	minor	v1.19.0 -> v1.23.2
github.com/prometheus/client_model	indirect	patch	v0.6.1 -> v0.6.2
github.com/prometheus/common	indirect	minor	v0.51.1 -> v0.66.1
github.com/prometheus/procfs	indirect	minor	v0.12.0 -> v0.17.0
github.com/secure-systems-lab/go-securesystemslib	indirect	minor	v0.8.0 -> v0.9.1
github.com/sigstore/fulcio	require	minor	v1.4.4 -> v1.7.1
github.com/sigstore/sigstore	require	minor	v1.8.1 -> v1.9.5
github.com/spf13/pflag	indirect	patch	v1.0.5 -> v1.0.10
github.com/vbatts/tar-split	indirect	minor	v0.11.3 -> v0.12.1
golang.org/x/crypto	indirect	minor	v0.32.0 -> v0.42.0
golang.org/x/exp	require	digest	ec58324 -> df92998
golang.org/x/net	require	minor	v0.34.0 -> v0.44.0
golang.org/x/oauth2	indirect	minor	v0.20.0 -> v0.31.0
golang.org/x/sync	indirect	minor	v0.10.0 -> v0.17.0
golang.org/x/sys	indirect	minor	v0.29.0 -> v0.36.0
golang.org/x/term	indirect	minor	v0.28.0 -> v0.35.0
golang.org/x/text	indirect	minor	v0.21.0 -> v0.29.0
golang.org/x/time	indirect	minor	v0.5.0 -> v0.13.0
golang.org/x/tools	indirect	minor	v0.21.1-0.20240508182429-e35e4ccd0d2d -> v0.37.0
google.golang.org/genproto/googleapis/rpc	indirect	digest	94a12d6 -> 57b25ae
k8s.io/api	require	minor	v0.28.5 -> v0.34.1
k8s.io/apiextensions-apiserver	require	minor	v0.28.5 -> v0.34.1
k8s.io/apimachinery	require	minor	v0.28.5 -> v0.34.1
k8s.io/client-go	require	minor	v0.28.5 -> v0.34.1
k8s.io/component-base	indirect	minor	v0.28.5 -> v0.34.1
k8s.io/kube-openapi	indirect	digest	70dd376 -> 589584f
k8s.io/utils	require	digest	fe8a2dd -> 0af2bda
sigs.k8s.io/controller-runtime	require	minor	v0.16.5 -> v0.22.1
sigs.k8s.io/json	indirect	digest	bc3834c -> 2d32026
sigs.k8s.io/yaml	require	minor	v1.4.0 -> v1.6.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

containerd/stargz-snapshotter (github.com/containerd/stargz-snapshotter/estargz)

v0.17.0

Compare Source

Notable Changes

• New features
  • Added support for FUSE passthourgh (#​1868, #​1870, #​1874, #​1876, #​1881, #​1923, #​1987, #​2012, #​2045, #​2068), thanks to @​wswsmao
  • Added support for detaching FUSE server as a separated processs (FUSE manager), thanks to @​wswsmao (#​1892, #​1912, #​1905) and @​ilyee (#​1892)
  • Expanded support for graceful restarting of Stargz Snapshotter (#​2077)
  • Added arm64 KIND node image (ghcr.io/containerd/stargz-snapshotter:0.17.0-kind) (#​1983)
• Fixes and changes
  • Set maximum filename length to 255 bytes (#​2024), thanks to @​wswsmao
  • Fixed EOPNOTSUPP issue on getdents64 (#​2063), thanks to @​wswsmao
  • Fixed TTLCache failed to release resources on exit (#​2076)
  • Fixed the configuration and docs to prevent GC failures in CRI plugin (#​1893)
  • Refactored blob manipulation logic to make it more modular (#​1955), thanks to @​ChengyuZhu6
  • Fix zstd:chunked converter error on duplicated blobs (#​1885), thanks to @​apostasie
• Document updates
  • Added docs about how to use Stargz Snapshotter on Lima (#​1967)
  • Added docs about how to use Stargz Snapshotter with Transfer Service (#​2084)
  • Improved legibility in docs/overview.md (#​2061), thanks to @​soulshake
• CI updates
  • Added tests for wider configrations (FUSE passthrough and FUSE manager) (#​2074, #​2083, #​1914)
  • Fixed dependabot's configuration to avoid CI failures in gomod PRs (#​1920, #​1941), thanks to @​djdongjin
  • Bump up containerd/project-checks to v1.2.2 (#​2004), thanks to @​wswsmao
• Dependencies
  • Replace harshicorp/multierror with errors.Join (#​1921), thanks to @​djdongjin
  • Bump up Kubernetes to v1.33 (#​2078)
  • go.mod dependency updates (#​1936, #​1942), thanks to @​thaJeztah

For other changes, refer to the full diff: containerd/stargz-snapshotter@v0.16.3...v0.17.0

v0.16.3

Compare Source

Notable Changes

• Fix zstd:chunked converter error on duplicated blobs (#​1894)

v0.16.2

Compare Source

Notable Changes

• go.mod: Use 1.22.0 by specifying to google.golang.org/grpc v1.67.1 (#​1877)

v0.16.1

Compare Source

Notable Changes

• prevernt go version upgraded to 1.23 in go.mod (#​1863)

v0.16.0

Compare Source

Notable Changes

• Support for the latest CRI-O(>=v1.31.0) and Podman (>=v5.1.0) Additional Layer Store (#​1673, #​1674)
• Fix log message in refnode.Lookup (#​1595), thanks to @​iain-macdonald
• store: use OnForget API for checking if a node is reusable (#​1808)
• Support for containerd v2 (#​1722), thanks to @​apostasie
• fs: Check connection only when image isn't fully cached (#​1584)

v0.15.1

Compare Source

Notable Changes

• Removed support for CRI v1alpha2 API that was deprecated in containerd v1.7 (#​1175)
• Make timeout per-request (#​1181), thanks to @​Kern--
• fix: rollback snapshot to prevent bolt deadlock (#​1326), thanks to @​goller
• Protect node.ents and node.entsCached with a mutex (#​1381), thanks to @​iain-macdonald
• Fixed the snapshotter reported incorrect number blocks for a file (#​1387), thanks to @​Kern--
• chore: pkg imported more than once (#​1363), thanks to @​testwill

Note about v0.15.0

v0.15.0 has been tagged but it didn't include release binaries due to CI issue. For trying binary release of v0.15, please use stargz-snapshotter newer than v0.15.1.

v0.15.0

Compare Source

docker/docker-credential-helpers (github.com/docker/docker-credential-helpers)

v0.9.3

Compare Source

What's Changed

• osxkeychain: fix a bug that was preventing credentials created with v0.9.0+ to be retrieved with older versions in #​367

Full Changelog: docker/docker-credential-helpers@v0.9.2...v0.9.3

v0.9.2

Compare Source

What's Changed

• osxkeychain: list: return full URIs (regression introduced in v0.9.0) in #​364
• osxkeychain: list: fix malformed URIs when a ServerURL is stored with a port specified (introduced in v0.4.2) in #​364
• go.mod: retract v0.9.1 in #​363
• gha: add ubuntu 24.04, remove 20.04 in #​366

Full Changelog: docker/docker-credential-helpers@v0.9.1...v0.9.2

v0.9.1

Compare Source

What's Changed

• [v0.9.0] osxkeychain: fix regressions on get and list in #​361
• go.mod: retract v0.9.0 in #​362

Full Changelog: docker/docker-credential-helpers@v0.9.0...v0.9.1

v0.9.0

Compare Source

[!WARNING]
This release introduced an important regression that prevents credentials stored with earlier versions of docker-credential-osxkeychain from being accessible with this version.

v0.9.1 has been released to address this issue, but credentials stored with v0.9.0 won't be accessible with >= v0.9.1 and versions prior to v0.9.0.

Additionally, we've retracted the Go module v0.9.0.

What's Changed

• client: remove some indirection and touch-up GoDoc #​342
• osxkeychain: switch to github.com/keybase/go-keychain #​282
• secretservice: fix null dereference on locked collections #​356
• secretservice: set a better displaylabel #​324
• minor formatting tweaks to README #​258
• update to go1.23.6 #​340

Dependency updates

• build(deps): bump codecov/codecov-action from 4 to 5 #​345
• build(deps): bump docker/bake-action to v6 #​328, #​352
• build(deps): bump github.com/danieljoos/wincred v1.2.2 #​357
• build(deps): bump github.com/keybase/go-keychain v0.0.1 #​358
• build(deps): bump softprops/action-gh-release to 2.2.1 #​331, #​350
• Dockerfile: bump xx to v1.6.1 #​339, #​353
• dockerfile: update debian to bookworm #​341
• Dockerfile: update golangci-lint to v1.64.5 #​338, #​359

Full Changelog: docker/docker-credential-helpers@v0.8.2...v0.9.0

v0.8.2

Compare Source

What's Changed

• pass: return correct error, and ignore empty stores on list #​321
• pass: add utilities for encoding/decoding serverURL #​322
• pass: Get: remove redundant stat #​323
• Dockerfile: update xx to v1.4.0 #​310
• ci: update github actions to latest stable #​313
• ci: set codecov token #​316
• ci: add pull-request template #​318
• ci: update GHA to macOS-13, macOS-14, and update to go1.21.10 #​320
• build(deps): bump softprops/action-gh-release from 1 to 2 #​317

Full Changelog: docker/docker-credential-helpers@v0.8.1...v0.8.2

v0.8.1

Compare Source

What's Changed

• vendor: github.com/danieljoos/wincred v1.2.1 #​307
• move trimming whitespace to error-check helpers #​306
• Dockerfile: update golangci-lint to v1.55.2 #​309
• update to go1.21.6 #​308

Full Changelog: docker/docker-credential-helpers@v0.8.0...v0.8.1

v0.8.0

Compare Source

What's Changed

• wincred: windows/arm64 support by @​crazy-max in #​279
• osxkeychain: Delete(): return typed errors by @​thaJeztah in #​278
• osxkeychain: match min macos version for xx by @​crazy-max in #​283
• pass: fix interpolation of $PASSWORD_STORE_DIR, and use os.UserHomeDir() by @​thaJeztah in #​287
• cli: assorted improvements, and add --version, -v, and --help, -h flags by @​thaJeztah in #​284
• vendor: github.com/danieljoos/wincred v1.2.0 by @​thaJeztah in #​271
• vendor: golang.org/x/sys v0.7.0 by @​crazy-max in #​265
• chore: update go to 1.20.6 by @​crazy-max @​thaJeztah in #​297 #​293 #​281 #​263
• chore: use go build constraint by @​crazy-max in #​289
• credentials: fix minor nits in tests for credentials by @​thaJeztah in #​291
• credentials: improve errors and error-handling by @​thaJeztah in #​292
• chore: remove uses of golang.org/x/sys/execabs by @​thaJeztah in #​270
• chore: format code with gofumpt by @​thaJeztah in #​273
• chore: rewrite tests to use sub-tests, improve error-handling in tests, and use t.Cleanup() by @​thaJeztah in #​275
• chore: use designated domains in tests (RFC2606) (step 1) by @​thaJeztah in #​294
• chore: fix vendor validation by @​crazy-max in #​253
• chore: update xx to 1.2.1 by @​crazy-max in #​264
• chore: use same target for sandboxed and native tests by @​crazy-max in #​285
• ci: bump runners to ubuntu-22.04 by @​crazy-max in #​276
• chore: add CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md by @​thaJeztah in #​272
• chore: fix build status badge being broken by @​okrc in #​252
• docs: install emulators when building with docker by @​crazy-max in #​286

New Contributors

• @​okrc made their first contribution in #​252

Full Changelog: docker/docker-credential-helpers@v0.7.0...v0.8.0

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.9.0

Compare Source

Changes and fixes

• all: make BufferedWatcher buffered again (#​657)

• inotify: fix race when adding/removing watches while a watched path is being deleted (#​678, #​686)

• inotify: don't send empty event if a watched path is unmounted (#​655)

• inotify: don't register duplicate watches when watching both a symlink and its target; previously that would get "half-added" and removing the second would panic (#​679)

• kqueue: fix watching relative symlinks (#​681)

• kqueue: correctly mark pre-existing entries when watching a link to a dir on kqueue (#​682)

• illumos: don't send error if changed file is deleted while processing the event (#​678)

v1.8.0

Compare Source

Additions

• all: add FSNOTIFY_DEBUG to print debug logs to stderr (#​619)

Changes and fixes

• windows: fix behaviour of WatchList() to be consistent with other platforms (#​610)

• kqueue: ignore events with Ident=0 (#​590)

• kqueue: set O_CLOEXEC to prevent passing file descriptors to children (#​617)

• kqueue: emit events as "/path/dir/file" instead of "path/link/file" when watching a symlink (#​625)

• inotify: don't send event for IN_DELETE_SELF when also watching the parent (#​620)

• inotify: fix panic when calling Remove() in a goroutine (#​650)

• fen: allow watching subdirectories of watched directories (#​621)

go-logr/logr (github.com/go-logr/logr)

v1.4.3

Compare Source

Minor release.

What's Changed

• Fix slog tests for 1.25 by @​hoeppi-google in #​361
• Remove one exception from Slog testing by @​thockin in #​362

New Contributors

• @​hoeppi-google made their first contribution in #​361

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

v1.4.2

Compare Source

What's Changed

• Fix lint: named but unused params by @​thockin in #​268
• Add a Go report card, fix lint by @​thockin in #​271
• funcr: Handle nested empty groups properly by @​thockin in #​274

Dependencies:

• build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 by @​dependabot in #​254
• build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 by @​dependabot in #​256
• build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 by @​dependabot in #​257
• build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @​dependabot in #​259
• build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 by @​dependabot in #​260
• build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @​dependabot in #​263
• build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @​dependabot in #​262
• build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @​dependabot in #​264
• build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @​dependabot in #​266
• build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @​dependabot in #​267
• build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @​dependabot in #​270
• build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @​dependabot in #​272
• build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @​dependabot in #​275
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @​dependabot in #​276
• build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @​dependabot in #​277
• build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @​dependabot in #​278
• build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @​dependabot in #​279
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @​dependabot in #​280
• build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @​dependabot in #​281
• build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @​dependabot in #​282
• build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @​dependabot in #​283
• build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @​dependabot in #​284
• build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @​dependabot in #​285
• build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @​dependabot in #​286
• build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @​dependabot in #​288
• build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @​dependabot in #​289
• build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @​dependabot in #​293
• build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @​dependabot in #​292
• build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @​dependabot in #​291
• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @​dependabot in #​290
• build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @​dependabot in #​294
• build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @​dependabot in #​295

Full Changelog: go-logr/logr@v1.4.1...v1.4.2

go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)

v0.22.1

Compare Source

v0.22.0

Compare Source

v0.21.2

Compare Source

v0.21.1

Compare Source

v0.21.0

Compare Source

v0.20.3

Compare Source

go-openapi/jsonreference (github.com/go-openapi/jsonreference)

v0.21.2

Compare Source

v0.21.1

Compare Source

v0.21.0

Compare Source

v0.20.5

Compare Source

go-openapi/swag (github.com/go-openapi/swag)

v0.25.1

Compare Source

v0.25.0

Compare Source

v0.24.1

Compare Source

v0.24.0

Compare Source

v0.23.1

Compare Source

v0.23.0

Compare Source

v0.22.10

Compare Source

google/certificate-transparency-go (github.com/google/certificate-transparency-go)

v1.3.2

Compare Source

Misc

• [migrillian] remove etcd support in #​1699
• Bump golangci-lint from 1.55.1 to 1.61.0 (developers should update to this version).
• Update ctclient tool to support SCT extensions field by @​liweitianux in #​1645
• Bump go to 1.23
• [ct_hammer] support HTTPS and Bearer token for Authentication.
• [preloader] support Bearer token Authentication for non temporal logs.
• [preloader] support end indexes
• [CTFE] Short cache max-age when get-entries returns fewer entries than requested by @​robstradling in #​1707
• [CTFE] Disalllow mismatching signature algorithm identifiers in #​702.
• [jsonclient] surface HTTP Do and Read errors #​1695 by @​FiloSottile

CTFE Storage Saving: Extra Data Issuance Chain Deduplication

• Suppress unnecessary duplicate key errors in the IssuanceChainStorage PostgreSQL implementation by @​robstradling in #​1678
• Only store IssuanceChain if not cached by @​robstradling in #​1679

CTFE Rate Limiting Of Non-Fresh Submissions

To protect a log from being flooded with requests for "old" certificates, optional rate limiting for "non-fresh submissions" can be configured by providing the following flags:

• non_fresh_submission_age
• non_fresh_submission_burst
• non_fresh_submission_limit

This can help to ensure that the log maintains its ability to (1) accept "fresh" submissions and (2) distribute all log entries to monitors.

• [CTFE] Configurable mechanism to rate-limit non-fresh submissions by @​robstradling in #​1698

Dependency updates

• Bump the docker-deps group across 5 directories with 3 updates (#​1705)
• Bump google.golang.org/grpc from 1.72.1 to 1.72.2 in the all-deps group (#​1704)
• Bump github.com/go-jose/go-jose/v4 in the go_modules group (#​1700)
• Bump the all-deps group with 7 updates (#​1701)
• Bump the all-deps group with 7 updates (#​1693)
• Bump the docker-deps group across 4 directories with 1 update (#​1694)
• Bump github/codeql-action from 3.28.13 to 3.28.16 in the all-deps group (#​1692)
• Bump the all-deps group across 1 directory with 7 updates (#​1688)
• Bump distroless/base-debian12 (#​1686)
• Bump golangci/golangci-lint-action from 6.5.1 to 7.0.0 in the all-deps group (#​1685)
• Bump the all-deps group with 4 updates (#​1681)
• Bump the all-deps group with 6 updates (#​1683)
• Bump the docker-deps group across 4 directories with 2 updates (#​1682)
• Bump github.com/golang-jwt/jwt/v4 in the go_modules group (#​1680)
• Bump golangci/golangci-lint-action in the all-deps group (#​1676)
• Bump the all-deps group with 2 updates (#​1677)
• Bump github/codeql-action from 3.28.10 to 3.28.11 in the all-deps group (#​1670)
• Bump the all-deps group with 8 updates (#​1672)
• Bump the docker-deps group across 4 directories with 1 update (#​1671)
• Bump the docker-deps group across 4 directories with 1 update (#​1668)
• Bump the all-deps group with 4 updates (#​1666)
• Bump golangci-lint from 1.55.1 to 1.61.0 (#​1667)
• Bump the all-deps group with 3 updates (#​1665)
• Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 in the all-deps group (#​1660)
• Bump the docker-deps group across 5 directories with 2 updates (#​1661)
• Bump golangci/golangci-lint-action in the all-deps group (#​1662)
• Bump the docker-deps group across 4 directories with 1 update (#​1656)
• Bump the all-deps group with 2 updates (#​1654)
• Bump the all-deps group with 4 updates (#​1657)
• Bump github/codeql-action from 3.28.5 to 3.28.8 in the all-deps group (#​1652)
• Bump github.com/spf13/pflag from 1.0.5 to 1.0.6 in the all-deps group (#​1651)
• Bump the all-deps group with 2 updates (#​1649)
• Bump the all-deps group with 5 updates (#​1650)
• Bump the docker-deps group across 5 directories with 3 updates (#​1648)
• Bump google.golang.org/protobuf in the all-deps group (#​1647)
• Bump golangci/golangci-lint-action in the all-deps group (#​1646)

v1.3.1

Compare Source

• Add AllLogListSignatureURL by @​AlexLaroche in #​1634
• Add TiledLogs to log list JSON by @​mcpherrinm in #​1635
• chore: relax go directive to permit 1.22.x by @​dnwe in #​1640

Dependency Update

• Bump github.com/fullstorydev/grpcurl from 1.9.1 to 1.9.2 in the all-deps group by @​dependabot in #​1627
• Bump the all-deps group with 3 updates by @​dependabot in #​1628
• Bump the docker-deps group across 5 directories with 3 updates by @​dependabot in #​1630
• Bump github/codeql-action from 3.27.5 to 3.27.6 in the all-deps group by @​dependabot in #​1629
• Bump golang.org/x/crypto from 0.30.0 to 0.31.0 in the go_modules group by @​dependabot in #​1631
• Bump the all-deps group with 2 updates by @​dependabot in #​1633
• Bump the all-deps group with 2 updates by @​dependabot in #​1632
• Bump the docker-deps group across 4 directories with 1 update by @​dependabot in #​1638
• Bump the all-deps group with 2 updates by @​dependabot in #​1637
• Bump the all-deps group across 1 directory with 2 updates by @​dependabot in #​1641
• Bump the all-deps group with 2 updates by @​dependabot in #​1643
• Bump google.golang.org/grpc from 1.69.2 to 1.69.4 in the all-deps group by @​dependabot in #​1642

v1.3.0

Compare Source

CTFE Storage Saving: Extra Data Issuance Chain Deduplication

This feature now supports PostgreSQL, in addition to the support for MySQL/MariaDB that was added in v1.2.0.

Log operators can choose to enable this feature for new PostgreSQL-based CT logs by adding new CTFE configs in the LogMultiConfig and importing the database schema. The other available options are documented in the v1.2.0 changelog entry.

This change is tested in Cloud Build tests using the postgres:17 Docker image as of the time of writing.

• Add IssuanceChainStorage PostgreSQL implementation by @​robstradling in #​1618

Misc

• [Dependabot] Update all docker images in one PR by @​mhutchinson in #​1614
• Explicitly include version tag by @​mhutchinson in #​1617
• Add empty cloudbuild_postgresql.yaml by @​roger2hk in #​1623

Dependency update

• Bump the all-deps group with 4 updates by @​dependabot in #​1609
• Bump golang from 1.23.2-bookworm to 1.23.3-bookworm in /internal/witness/cmd/feeder in the all-deps group by @​dependabot in #​1611
• Bump github/codeql-action from 3.27.0 to 3.27.1 in

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).