chore(deps): update go dependencies to v1 (major)

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
github.com/golang/snappy	indirect	major	v0.0.4 -> v1.0.0
github.com/sigstore/sigstore-go	indirect	major	v0.7.1 -> v1.0.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

golang/snappy (github.com/golang/snappy)

v1.0.0

Compare Source

Latest stable version, as of March 2025.

sigstore/sigstore-go (github.com/sigstore/sigstore-go)

v1.0.0

Compare Source

We're very excited to release sigstore-go 1.0! View the blog post announcing this release for more details.

This release should contain the last set of breaking changes until version 2.0, including a few renames (such as SignedEntityVerifier -> Verifier and VerifyTimestampAuthority -> VerifySignedTimestamp). We are excited to begin a new phase of simple, stable APIs!

What's Changed

• Prevent duplicate timestamps from same TSA by @​codysoyland in https://github.com/sigstore/sigstore-go/pull/472
• Update theupdateframework/go-tuf to v2.1.0 and copy in unexported repo type from theupdateframework/go-tuf/examples/repository directory by @​malancas in https://github.com/sigstore/sigstore-go/pull/474
• Add verification errors to output of VerifyTimestampAuthority by @​codysoyland in https://github.com/sigstore/sigstore-go/pull/473
• Use repository.Type from go-tuf in tests by @​codysoyland in https://github.com/sigstore/sigstore-go/pull/475
• Rename and deprecate SignedEntityVerifier in favor of Verifier by @​codysoyland in https://github.com/sigstore/sigstore-go/pull/476
• Deprecate and rename VerifyTimestampAuthority/VerifyArtifactTransparencyLog by @​codysoyland in https://github.com/sigstore/sigstore-go/pull/477
• Update README for 1.0.0 release by @​codysoyland in https://github.com/sigstore/sigstore-go/pull/480

Full Changelog: sigstore/sigstore-go@v0.7.3...v1.0.0

v0.7.3

Compare Source

Note: v0.7.3 will likely be the last release before v1.0.

What's Changed

• Add context to Rekor interactions in signer by @​codysoyland in https://github.com/sigstore/sigstore-go/pull/461
• Use default Verifier for the public key contained in a certificate (closes #​74) by @​ret2libc in https://github.com/sigstore/sigstore-go/pull/424
• Select highest API version with multiple SigningConfig services by @​haydentherapper in https://github.com/sigstore/sigstore-go/pull/459
• Fix SigningConfig ValidFor when dates are missing by @​jku in https://github.com/sigstore/sigstore-go/pull/465
• correct error on unsupported TrustedRoot media type by @​dmitris in https://github.com/sigstore/sigstore-go/pull/466
• Signing example improvements by @​jku in https://github.com/sigstore/sigstore-go/pull/458
• Disable TUF timestamping when TUF cache disabled by @​codysoyland in https://github.com/sigstore/sigstore-go/pull/470

Full Changelog: sigstore/sigstore-go@v0.7.2...v0.7.3

v0.7.2

Compare Source

What's Changed

• don't return error if logIndex is 0 by @​bobcallaway in https://github.com/sigstore/sigstore-go/pull/452

Full Changelog: sigstore/sigstore-go@v0.7.1...v0.7.2

---

Configuration

📅 Schedule: Branch creation - "after 5am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

[sourcery-ai]

Reviewer's Guide

This pull request updates two indirect Go dependencies to their latest major versions by modifying the go.mod file. No application code changes are included; only dependency versions are updated.

Class Diagram: openpgp.v2.Entity in updated go-crypto

classDiagram
  class openpgp.v2.Entity {
    +DirectSignatures: []*packet.VerifiableSignature
    +Revocations: []*packet.VerifiableSignature
    +PrimaryIdentity(date time.Time, config *packet.Config) *Identity
    +EncryptionKey(date time.Time, config *packet.Config) *Key
    +CertificationKey(date time.Time, config *packet.Config) *Key
    +CertificationKeyById(date time.Time, id uint64, config *packet.Config) *Key
    +SigningKey(date time.Time, config *packet.Config) *Key
    +SigningKeyById(date time.Time, id uint64, config *packet.Config) *Key
    +RevokeKey(reason packet.ReasonForRevocation, reasonText string, config *packet.Config) error
  }
  note for openpgp.v2.Entity "Structure of openpgp.v2.Entity in ProtonMail/go-crypto v1.2.0 (v2 API).\nNotable changes from earlier versions (pre-v2 API):\n- Fields removed: SelfSignature, Signatures.\n- Method removed: RevokeSubkey().\n- Methods like PrimaryIdentity(), EncryptionKey() now take 'config *packet.Config'."

Loading

Class Diagram: openpgp.v2.Key in updated go-crypto

classDiagram
  class openpgp.v2.Key {
    +PrimarySelfSignature: *packet.Signature
    +Revocations: []*packet.VerifiableSignature
  }
  note for openpgp.v2.Key "Structure of openpgp.v2.Key in ProtonMail/go-crypto v1.2.0 (v2 API).\nNotable changes from earlier versions (pre-v2 API):\n- Field added: PrimarySelfSignature."

Loading

File-Level Changes

Change	Details	Files
Update github.com/ProtonMail/go-crypto to v1.2.0 (major version).	Bump version from v0.0.0-20230923063757-afb1ddc0824c to v1.2.0 in go.mod.	go.mod
Update github.com/golang/snappy to v1.0.0 (major version).	Bump version from v0.0.4 to v1.0.0 in go.mod.	go.mod

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.