Bump the go-deps group across 1 directory with 3 updates

[dependabot]

Bumps the go-deps group with 2 updates in the / directory: github.com/getsops/sops/v3 and github.com/onsi/gomega.

Updates github.com/getsops/sops/v3 from 3.9.4 to 3.10.0

Release notes

Sourced from github.com/getsops/sops/v3's releases.

v3.10.0

Installation

To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.10.0/sops-v3.10.0.linux.amd64
Move the binary in to your PATH
mv sops-v3.10.0.linux.amd64 /usr/local/bin/sops
Make the binary executable
chmod +x /usr/local/bin/sops

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.10.0/sops-v3.10.0.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.10.0/sops-v3.10.0.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.10.0/sops-v3.10.0.checksums.sig
Verify the checksums file
cosign verify-blob sops-v3.10.0.checksums.txt 
--certificate sops-v3.10.0.checksums.pem 
--signature sops-v3.10.0.checksums.sig 
--certificate-identity-regexp=https://github.com/getsops 
--certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:

# Verify the binary using the checksums file
sha256sum -c sops-v3.10.0.checksums.txt --ignore-missing

Verify artifact provenance

The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.10.0.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:

</tr></table> 

... (truncated)

Changelog

Sourced from github.com/getsops/sops/v3's changelog.

3.10.0

Security fixes:

• Cherry-pick a fix for a timing vulnerability in the Shamir Secret Sharing code. The code was vendored from HashiCorp's Vault project, and the issue was fixed there two years ago; see GHSA-vq4h-9ghm-qmrr for details (#1813).

Features:

• Add --input-type option for sops filestatus subcommand (#1601).
• Allow to set the editor sops should use with the SOPS_EDITOR environment variable. If not set, sops falls back to EDITOR as before (#1611).
• Allow users to disable the latest version check with the environment variable SOPS_DISABLE_VERSION_CHECK. Setting it to 1, t, T, TRUE, true, or True explicitly disables the check (#1684).
• Allow users to explicitly enable the latest version check with the --check-for-updates option (#1816).
• Add duplicate section support for INI store (#1452).
• Add check to prevent duplicate keys in YAML files (#1203).
• Add --same-process option for the sops exec-env to use the execve syscall instead of starting the command in a child process (#880).
• Add --idempotent option for the sops set subcommand that will only write the file if a change happened (#1754).
• Encrypt and decrypt time.Time objects that can appear in YAML files when using dates and timestamps (#1759).
• Allow to encrypt and decrypt from stdin without having to provide platform-specific device names. This only works when using the sops encrypt and sops decrypt subcommands (#1690).
• Allow to set the SOPS config location with the environment variable SOPS_CONFIG (#1701).
• Support the --config option in the sops publish subcommand (#1779).
• Omit empty master key metadata from encrypted files (#1571).
• Add SSH support for Age (#1692).
• Support Age identities with passphrases (#1400).
• Add Age plugin support (#1641).
• Allow to set the SOPS_AGE_KEY_CMD environment variable to an executable that returns Age keys (#1811).
• Add support for oauth2.TokenSource injection from key service clients in GCP KMS (#1794).
• Support GOOGLE_OAUTH_ACCESS_TOKEN for GCP KMS (#1578).

Improvements:

• Dependency updates (#1743, #1745, #1751, #1763, #1769, #1773, #1784, #1797, #1802, #1806,

... (truncated)

Commits

• 4ed7060 Merge pull request #1823 from sabre1041/goreleaser-windows-arch
• 4515b3f Added support for multiarch windows release binaries
• 200bb6d Merge pull request #1815 from felixfontein/release-3.10.0
• f7205d9 Add changelog for 3.10.0.
• 4f78a59 Bump version to 3.10.0.
• dc888d5 Merge pull request #1820 from felixfontein/warn-sops-yml
• 6d6e72c Apply suggestion by Hidde.
• cbce6b4 Warn about .sops.yml files found while searching for .sops.yaml.
• 8c91a3b Merge pull request #1578 from marensofier/add_access_token
• ecf3194 Support GOOGLE_OAUTH_ACCESS_TOKEN for GCP
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.36.2 to 1.36.3

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.36.3

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

Commits

• 2251143 v1.36.3
• adb8b49 bump all the things
• 7613216 chore: replace interface{} with any
• 9fe5259 Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822)
• a0e85b9 remove spurious "toolchain" from go.mod (#819)
• 604a8b1 Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823)
• 36fbc84 Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772)
• ced70d7 Bump github-pages from 231 to 232 in /docs (#778)
• c8b4a07 Bump rexml from 3.2.6 to 3.3.9 in /docs (#788)
• 06431b9 Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812)
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.35.0 to 0.38.0

Commits

• e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
• ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
• 1f1fa29 publicsuffix: regenerate table
• 1215081 http2: improve error when server sends HTTP/1
• 312450e html: ensure <search> tag closes <p> and update tests
• 09731f9 http2: improve handling of lost PING in Server
• 55989e2 http2/h2c: use ResponseController for hijacking connections
• 2914f46 websocket: re-recommend gorilla/websocket
• 99b3ae0 go.mod: update golang.org/x dependencies
• 85d1d54 go.mod: update golang.org/x dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions