Skip to content

Update module github.com/theupdateframework/go-tuf to v2#385

Open
renovate-rancher[bot] wants to merge 1 commit into
mainfrom
renovate/github.com-theupdateframework-go-tuf-2.x
Open

Update module github.com/theupdateframework/go-tuf to v2#385
renovate-rancher[bot] wants to merge 1 commit into
mainfrom
renovate/github.com-theupdateframework-go-tuf-2.x

Conversation

@renovate-rancher

@renovate-rancher renovate-rancher Bot commented May 24, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/theupdateframework/go-tuf v0.7.0v2.4.2 age confidence

Release Notes

theupdateframework/go-tuf (github.com/theupdateframework/go-tuf)

v2.4.2

Compare Source

What's Changed

New Contributors

Full Changelog: theupdateframework/go-tuf@v2.4.1...v2.4.2

v2.4.1

Compare Source

What's Changed

Full Changelog: theupdateframework/go-tuf@v2.4.0...v2.4.1

v2.4.0

Compare Source

What's Changed

Full Changelog: theupdateframework/go-tuf@v2.3.1...v2.4.0

v2.3.1

Compare Source

What's Changed

Full Changelog: theupdateframework/go-tuf@v2.3.0...v2.3.1

v2.3.0

Compare Source

What's Changed

Full Changelog: theupdateframework/go-tuf@v2.2.0...v2.3.0

v2.2.0

Compare Source

What's Changed

Full Changelog: theupdateframework/go-tuf@v2.1.1...v2.2.0

v2.1.1

Compare Source

What's Changed

Fixed a regression that can fail clients using the DefaultFetcher{} directly without using the constructor.

  • Set a default HTTP client for DefaultFetcher in DownloadFile method if none is set by @​malancas in #​686

Full Changelog: theupdateframework/go-tuf@v2.1.0...v2.1.1

v2.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: theupdateframework/go-tuf@v2.0.2...v2.1.0

v2.0.2

Compare Source

What's Changed

Full Changelog: theupdateframework/go-tuf@v2.0.1...v2.0.2

v2.0.1

Compare Source

What's Changed

Security
Other

Full Changelog: theupdateframework/go-tuf@v2.0.0...v2.0.1

v2.0.0

Compare Source

Breaking changes

  • This is the first release of go-tuf v2 and it's a complete re-write indicated by the new major version.
  • We also decided to leave go-tuf as a library only.

What's Changed

New Contributors

Full Changelog: theupdateframework/go-tuf@v0.7.0...v2.0.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@renovate-rancher
renovate-rancher Bot requested a review from a team as a code owner May 24, 2026 07:36
@renovate-rancher
renovate-rancher Bot requested a review from pohanhuang May 24, 2026 07:36
@renovate-rancher

renovate-rancher Bot commented May 24, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: mod upgrade --mod-name=github.com/theupdateframework/go-tuf -t=2
could not load package: err: exit status 1: stderr: go: inconsistent vendoring in /tmp/renovate/repos/github/neuvector/scanner:
	github.com/sigstore/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
	github.com/theupdateframework/go-tuf/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
	github.com/secure-systems-lab/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
	github.com/secure-systems-lab/[email protected]: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
	github.com/sigstore/[email protected]: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod
	github.com/theupdateframework/go-tuf/[email protected]: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod

	To ignore the vendor directory, use -mod=readonly or -mod=mod.
	To sync the vendor directory, run:
		go mod vendor


@renovate-rancher
renovate-rancher Bot force-pushed the renovate/github.com-theupdateframework-go-tuf-2.x branch from a2c9d41 to 154faa4 Compare May 27, 2026 06:01
@renovate-rancher
renovate-rancher Bot force-pushed the renovate/github.com-theupdateframework-go-tuf-2.x branch from 154faa4 to 7fa5e89 Compare May 28, 2026 05:58
@holyspectral holyspectral added the help wanted Extra attention is needed label May 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies help wanted Extra attention is needed

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant