Bump the all group across 1 directory with 14 updates

[dependabot]

Bumps the all group with 10 updates in the / directory:

Package	From	To
cloud.google.com/go/storage	1.52.0	1.53.0
github.com/in-toto/archivista	0.9.1	0.9.2
github.com/sigstore/sigstore/pkg/signature/kms/aws	1.9.1	1.9.4
github.com/sigstore/sigstore/pkg/signature/kms/azure	1.9.1	1.9.4
github.com/sigstore/sigstore/pkg/signature/kms/gcp	1.9.1	1.9.4
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	1.9.1	1.9.4
golang.org/x/crypto	0.37.0	0.38.0
k8s.io/api	0.32.2	0.33.0
k8s.io/client-go	0.32.2	0.33.0
k8s.io/code-generator	0.32.2	0.33.0

Updates cloud.google.com/go/storage from 1.52.0 to 1.53.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.53.0

1.53.0 (2025-05-02)

Features

• storage/control: Add Anywhere cache control APIs (83ae06c)

Bug Fixes

• storage: Fix append edge cases (#12074) (0eee1f9)
• storage: Fix retries for redirection errors. (#12093) (3e177e7)
• storage: Handle gRPC deadlines in tests. (#12092) (30b7cd2)
• storage: Update offset on resumable upload retry (#12086) (6ce8fe5)
• storage: Validate Bidi option for MRD (#12033) (d9018cf)

Documentation

• storage/control: Added comments for Anywhere cache messages (83ae06c)

Commits

• 5d5e547 chore(main): release spanner 1.53.0 (#9009)
• 5d181bb feat(spanner): enable long running transaction clean up (#8969)
• 9f9b01e chore(storage): add server mode [benchmarks] (#8562)
• See full diff in compare view

Updates github.com/in-toto/archivista from 0.9.1 to 0.9.2

Release notes

Sourced from github.com/in-toto/archivista's releases.

v0.9.2

Changelog

Commits

• b11e53f feat: add ability to pass headers when making requests to archivista (#554)
• ee2e37e chore: bump github.com/99designs/gqlgen from 0.17.70 to 0.17.73 (#552)
• 1187777 build: Update pre-commit hooks (#549)
• 8733c41 Update version of witness for run action (#555)
• be4bf1c chore: bump the github-actions group with 2 updates (#550)
• 5a4f7c7 chore: bump github.com/in-toto/go-witness from 0.8.3 to 0.8.4 (#551)
• 067191e chore: bump the github-actions group with 3 updates (#547)
• cdfd8fe chore: bump github.com/vektah/gqlparser/v2 from 2.5.25 to 2.5.26 (#546)
• c819235 build: Update pre-commit hooks (#544)
• 61f42ba chore: bump github.com/minio/minio-go/v7 from 7.0.90 to 7.0.91 (#545)
• Additional commits viewable in compare view

Updates github.com/in-toto/go-witness from 0.8.1 to 0.8.4

Commits

• 714eb45 fix: use sha384 for signing proof of possession challenge from fulcio (#490)
• 05c3487 chore: bump softprops/action-gh-release from 2.2.1 to 2.2.2 (#484)
• 147c000 chore: bump github.com/gabriel-vasile/mimetype from 1.4.8 to 1.4.9 (#483)
• cdbdc9f chore: bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group (#...
• 55f7c61 feat: add secretscan attestor to detect secrets in products (#463)
• 9e8ad50 feat: Implement system packages attestation for Debian and RPM backends (#421)
• e9d3eea chore: bump github/codeql-action from 3.28.14 to 3.28.15 (#479)
• e1c3b0f chore: bump golangci/golangci-lint-action from 6.5.0 to 7.0.0 (#451)
• f7617db chore: bump github.com/aws/aws-sdk-go-v2/config from 1.29.13 to 1.29.14 (#478)
• 511b0bc chore: bump k8s.io/client-go from 0.28.3 to 0.28.15 (#466)
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.9.1 to 1.9.4

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.9.4

What's Changed

• Add a Name field to the TargetFile struct in sigstore/sigstore#2068
• Update to use Tink v2.3.0 API in sigstore/sigstore#2069

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

What's Changed

• add proto hash algorithm to registry by @​loosebazooka in sigstore/sigstore#2048

New Contributors

• @​loosebazooka made their first contribution in sigstore/sigstore#2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

• Add tink package by @​cmurphy in sigstore/sigstore#2024
• pkg/signature: add P384/P521 compatibility algo to algorithm registry by @​ret2libc in sigstore/sigstore#2037

New Contributors

• @​cmurphy made their first contribution in sigstore/sigstore#2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

Commits

• 0c2ec3a Update to use Tink v2.3.0 API (#2069)
• 8f79f87 Add a Name field to the TargetFile struct (#2068)
• 0923918 Update signing algorithm policy (#2066)
• d49b18c build(deps): Bump cloud.google.com/go/kms (#2067)
• 844f42d build(deps): Bump golang.org/x/net in /pkg/signature/kms/hashivault (#2064)
• 2f15489 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2057)
• 6e3c093 build(deps): Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#2052)
• 20f1b38 build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.3.0 to 2.4.0 (#2053)
• ca90b6d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 (#2055)
• fcf4f5d build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#2059)
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.9.1 to 1.9.4

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.9.4

What's Changed

• Add a Name field to the TargetFile struct in sigstore/sigstore#2068
• Update to use Tink v2.3.0 API in sigstore/sigstore#2069

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

What's Changed

• add proto hash algorithm to registry by @​loosebazooka in sigstore/sigstore#2048

New Contributors

• @​loosebazooka made their first contribution in sigstore/sigstore#2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

• Add tink package by @​cmurphy in sigstore/sigstore#2024
• pkg/signature: add P384/P521 compatibility algo to algorithm registry by @​ret2libc in sigstore/sigstore#2037

New Contributors

• @​cmurphy made their first contribution in sigstore/sigstore#2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

Commits

• 0c2ec3a Update to use Tink v2.3.0 API (#2069)
• 8f79f87 Add a Name field to the TargetFile struct (#2068)
• 0923918 Update signing algorithm policy (#2066)
• d49b18c build(deps): Bump cloud.google.com/go/kms (#2067)
• 844f42d build(deps): Bump golang.org/x/net in /pkg/signature/kms/hashivault (#2064)
• 2f15489 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2057)
• 6e3c093 build(deps): Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#2052)
• 20f1b38 build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.3.0 to 2.4.0 (#2053)
• ca90b6d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 (#2055)
• fcf4f5d build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#2059)
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.9.1 to 1.9.4

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.9.4

What's Changed

• Add a Name field to the TargetFile struct in sigstore/sigstore#2068
• Update to use Tink v2.3.0 API in sigstore/sigstore#2069

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

What's Changed

• add proto hash algorithm to registry by @​loosebazooka in sigstore/sigstore#2048

New Contributors

• @​loosebazooka made their first contribution in sigstore/sigstore#2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

• Add tink package by @​cmurphy in sigstore/sigstore#2024
• pkg/signature: add P384/P521 compatibility algo to algorithm registry by @​ret2libc in sigstore/sigstore#2037

New Contributors

• @​cmurphy made their first contribution in sigstore/sigstore#2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

Commits

• 0c2ec3a Update to use Tink v2.3.0 API (#2069)
• 8f79f87 Add a Name field to the TargetFile struct (#2068)
• 0923918 Update signing algorithm policy (#2066)
• d49b18c build(deps): Bump cloud.google.com/go/kms (#2067)
• 844f42d build(deps): Bump golang.org/x/net in /pkg/signature/kms/hashivault (#2064)
• 2f15489 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2057)
• 6e3c093 build(deps): Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#2052)
• 20f1b38 build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.3.0 to 2.4.0 (#2053)
• ca90b6d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 (#2055)
• fcf4f5d build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#2059)
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.9.1 to 1.9.4

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.9.4

What's Changed

• Add a Name field to the TargetFile struct in sigstore/sigstore#2068
• Update to use Tink v2.3.0 API in sigstore/sigstore#2069

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

What's Changed

• add proto hash algorithm to registry by @​loosebazooka in sigstore/sigstore#2048

New Contributors

• @​loosebazooka made their first contribution in sigstore/sigstore#2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

• Add tink package by @​cmurphy in sigstore/sigstore#2024
• pkg/signature: add P384/P521 compatibility algo to algorithm registry by @​ret2libc in sigstore/sigstore#2037

New Contributors

• @​cmurphy made their first contribution in sigstore/sigstore#2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

Commits

• 0c2ec3a Update to use Tink v2.3.0 API (#2069)
• 8f79f87 Add a Name field to the TargetFile struct (#2068)
• 0923918 Update signing algorithm policy (#2066)
• d49b18c build(deps): Bump cloud.google.com/go/kms (#2067)
• 844f42d build(deps): Bump golang.org/x/net in /pkg/signature/kms/hashivault (#2064)
• 2f15489 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2057)
• 6e3c093 build(deps): Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#2052)
• 20f1b38 build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.3.0 to 2.4.0 (#2053)
• ca90b6d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 (#2055)
• fcf4f5d build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#2059)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.37.0 to 0.38.0

Commits

• aae6e61 go.mod: update golang.org/x dependencies
• 9c1aa6a ssh/test: reset the random source before capturing a recording
• 8819902 ssh/test: enable Diffie-Hellman key exchange algorithms
• 3f311e4 acme: return error from pre-authorization when unsupported
• 1f7c62c ssh/test: skip unsupported tests on js/wasm
• a5f8048 acme/autocert: use standard functions to pick the cache directory
• 958cde8 Revert "chacha20: add loong64 SIMD implementation"
• 51f005c Revert "salsa20: add loong64 SIMD implementation"
• 7c35866 Revert "argon2: add loong64 SIMD implementation"
• 0091fc8 Revert "blake2s: add loong64 SIMD implementation"
• Additional commits viewable in compare view

Updates golang.org/x/exp from 0.0.0-20250210185358-939b2ce775ac to 0.0.0-20250218142911-aa4b98e5adaa

Commits

• See full diff in compare view

Updates google.golang.org/grpc from 1.71.1 to 1.72.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.72.0

Dependencies

• Minimum supported Go version is now 1.23 (#8108)

API Changes

• resolver: add experimental AddressMapV2 with generics to ultimately replace AddressMap. Deprecate AddressMap for deletion (#8187)
• resolver: convert EndpointMap in place to use generics (#8189)

New Features

• xds: add grpc.xds_client.server_failure counter metric on xDS client to record connectivity errors (#8203)
• balancer/rls: allow maxAge to exceed 5 minutes if staleAge is set in the LB policy configuration (#8137)
• ringhash: implement gRFC A76 improvements. (#8159)
• pickfirst: The new pick first LB policy is made the default. The new LB policy implements the Happy Eyeballs algorithm. To disable the new policy set the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST to false (case insensitive).

Bug Fixes

• xds: fix support for circuit breakers and load reporting in LOGICAL_DNS clusters (#8169, #8170)
• xds/cds: improve RPC error messages when resources are not found (#8122)
• balancer/priority: fix race that could leak balancers and goroutines during shutdown (#8095)
• stats/opentelemetry: fix trace attributes message sequence numbers to start from 0 (#8237)
• balancer/pickfirstleaf: fix panic if deprecated Address.Metadata field is set to a non-comparable value by ignoring the field (#8227)

Behavior Changes

• transport: make servers send an HTTP/2 RST_STREAM frame to cancel a stream when the deadline expires (#8071)

Documentation

• stats: clarify the expected sequence of events on a stats handler (#7885)
  • Special Thanks: @​RyanBlaney

Commits

• a43eba6 Change version to 1.72.0 (#8218)
• 48f48c1 balancer/pickfirstleaf: Avoid reading Address.Metadata (#8227) (#8259)
• fd6f585 Cherry-pick #8159 and #8243 to v1.72.x (#8255)
• 79ca174 stats/opentelemetry: fix trace attributes message sequence numbers to start f...
• 57a2605 xdsclient: fix TestServerFailureMetrics_BeforeResponseRecv test to wait for w...
• 5edab9e xdsclient: add grpc.xds_client.server_failure counter mertric (#8203)
• 78ba661 regenerate protos (#8208)
• 6819ed7 delegatingresolver: Stop calls into delegates once the parent resolver is clo...
• a51009d resolver: convert EndpointMap to use generics (#8189)
• b0d1203 resolver: create AddressMapV2 with generics to replace AddressMap (#8187)
• Additional commits viewable in compare view

Updates k8s.io/api from 0.32.2 to 0.33.0

Commits

• 82c0029 Update dependencies to v0.33.0 tag
• 16cedc7 Merge pull request #131088 from atiratree/rename-terminating-replicas-fg
• dc88679 Merge pull request #131103 from ahrtr/etcd_sdk_20250328
• 4a456a2 bump etcd 3.5.21 sdk
• 96e38c9 rename DeploymentPodReplacementPolicy FG to DeploymentReplicaSetTerminatingRe...
• c21a017 Merge pull request #129970 from mortent/AddResourceV1beta2API
• d0673db Run make update
• 118546d Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
• f9401a3 Merge pull request #130797 from jm-franc/configurable-tolerance
• 9b3e544 Generated UPDATE_COMPATIBILITY_FIXTURE_DATA
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.32.4 to 0.33.0

Commits

• 955939f bump etcd 3.5.21 sdk
• e8a77bd Merge pull request #130910 from googs1025/fix/datarace
• 7e8c77e Merge pull request #130906 from serathius/streaming-validation
• 27fd396 flake: fix data race for func TestBackoff_Step
• 8bcc6f1 Update kube-openapi and integrate streaming tags validation
• 6ce776c Merge pull request #130857 from thockin/kk_small_vg_diffs
• f2c94d6 Comment on origin and JSON schema
• b63ba07 Use origin in validateFalse's own test
• beddba4 Use test.Helper in helper funcs
• eaf4038 Merge pull request #130354 from siyuanfoundation/forward-api
• Additional commits viewable in compare view

Updates k8s.io/client-go from 0.32.2 to 0.33.0

Commits

• 3aa3c77 Update dependencies to v0.33.0 tag
• ecbbb06 bump etcd 3.5.21 sdk
• 2086688 Merge pull request #129970 from mortent/AddResourceV1beta2API
• dba34c7 Run make update
• e359642 Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
• 3bf0a05 Merge pull request #130797 from jm-franc/configurable-tolerance
• 7a03a3b Generated files
• 1676beb Refresh autogenerated files following the configurable tolerance updates.
• 387edb8 Merge pull request #130967 from aojea/listers
• 21dc3b4 benchmark to show inefficient linear search lookup
• Additional commits viewable in compare view

Updates k8s.io/code-generator from 0.32.2 to 0.33.0

Commits

• 24ab817 Update dependencies to v0.33.0 tag
• ed11973 bump etcd 3.5.21 sdk
• cf96b45 Merge pull request #130906 from serathius/streaming-validation
• 5177d2e Update kube-openapi and integrate streaming tags validation
• c65ee9f Merge pull request #130857 from thockin/kk_small_vg_diffs
• 17f8907 Fix pkg names != dir in tests
• 17556f0 Fix import groupings
• 036eb3b Fix whitespace in validateFalse test fixture
• f922e9c Merge pull request #130827 from thockin/kk_refactor_FunctionGen
• f758526 Merge pull request #130795 from thockin/kk_emit_comments_before_validations
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
k8s.io/apimachinery	[>= 0.23.a, < 0.24]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[tekton-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[tekton-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign lcarva after the PR has been reviewed.
You can assign the PR to them by writing /assign @lcarva in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.