build(deps): Bump github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.8.0 in /authbridge/authlib by dependabot[bot] · Pull Request #490 · kagenti/kagenti-extensions

dependabot · 2026-06-08T23:16:27Z

Bumps github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.8.0.

Release notes

Sourced from github.com/spiffe/go-spiffe/v2's releases.

v2.8.0

Added

Experimental SPIFFE Broker API protobuf definitions in the new exp/proto/spiffe/broker package (#388)

v2.7.0

Added

Experimental support for WIT-SVIDs, including the new exp/svid/witsvid and exp/bundle/witbundle packages and Workload API client support for fetching and watching WIT-SVIDs and WIT bundles (#385, #391)

Changed

X509-SVID verification now rejects leaf certificates with a SPIFFE ID that has a root path (#375)

Other dependency updates.

Changelog

Sourced from github.com/spiffe/go-spiffe/v2's changelog.

[2.8.0] - 2026-06-16

Added

Experimental SPIFFE Broker API protobuf definitions in the new exp/proto/spiffe/broker package (#388)

[2.7.0] - 2026-06-03

Added

Experimental support for WIT-SVIDs, including the new exp/svid/witsvid and exp/bundle/witbundle packages and Workload API client support for fetching and watching WIT-SVIDs and WIT bundles (#385, #391)

Changed

X509-SVID verification now rejects leaf certificates with a SPIFFE ID that has a root path (#375)

Other dependency updates.

Commits

dbebcf8 v2.8.0 changelog (#394)
f685b2d Add Broker API (#388)
76b14bd v2.7.0 changelog (#392)
8580a01 Add missing witbundle APIs for parity with jwtbundle (#391)
280d52e fix(x509svid): reject leaf SPIFFE IDs with root path (#375)
c7f2701 Add WIT-SVID (#385)
af3667a Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#380)
c925be7 Bump christophebedard/dco-check from 0.5.0 to 0.5.1 (#390)
1d02ca5 Bump google.golang.org/protobuf from 1.36.8 to 1.36.11 (#371)
9e0f387 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#381)
Additional commits viewable in compare view

coderabbitai · 2026-06-08T23:17:53Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 6227ed66-5a49-42b3-b7c1-279176999ed2

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

📝 Walkthrough

Walkthrough

The authbridge/authlib Go module dependency github.com/spiffe/go-spiffe/v2 is bumped from v2.6.0 to v2.7.0 in the require directive. No other dependencies or the Go version directive are affected.

Changes

Dependency Update

Layer / File(s)	Summary
SPIFFE go-spiffe version bump `authbridge/authlib/go.mod`	The required dependency `github.com/spiffe/go-spiffe/v2` is updated from `v2.6.0` to `v2.7.0`.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A spiffe of version bumps, hop, hop, hooray!
From v2.6 to v2.7 we leap and play,
Dependencies dance in the go.mod song,
Fresh SPIFFE magic helps us along! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title states version 2.8.0, but the actual change updates the dependency to v2.7.0 as confirmed by the file summary and PR objectives.	Correct the title to reflect the actual version bump: 'build(deps): Bump github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.7.0 in /authbridge/authlib'

✅ Passed checks (4 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch dependabot/go_modules/authbridge/authlib/github.com/spiffe/go-spiffe/v2-2.7.0

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.6.0 to 2.8.0. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](spiffe/go-spiffe@v2.6.0...v2.8.0) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-version: 2.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-22T23:14:48Z

Superseded by #541.

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 8, 2026

rubambiza added this to Kagenti Issue Prioritization Jun 8, 2026

github-project-automation Bot moved this to New /:ToDo in Kagenti Issue Prioritization Jun 8, 2026

This was referenced Jun 15, 2026

Weekly Report 2026-06-15 kagenti/kagenti#1971

Closed

Weekly Report 2026-06-16 (test) kagenti/kagenti#1989

Closed

dependabot Bot changed the title ~~build(deps): Bump github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.7.0 in /authbridge/authlib~~ build(deps): Bump github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.8.0 in /authbridge/authlib Jun 18, 2026

dependabot Bot force-pushed the dependabot/go_modules/authbridge/authlib/github.com/spiffe/go-spiffe/v2-2.7.0 branch from b5f9abb to f5390d8 Compare June 18, 2026 15:49

dependabot Bot requested a review from a team as a code owner June 18, 2026 15:49

clawgenti mentioned this pull request Jun 22, 2026

Weekly Report 2026-06-22 kagenti/kagenti#2022

Open

dependabot Bot closed this Jun 22, 2026

dependabot Bot deleted the dependabot/go_modules/authbridge/authlib/github.com/spiffe/go-spiffe/v2-2.7.0 branch June 22, 2026 23:14

github-project-automation Bot moved this from New/ToDo to Done in Kagenti Issue Prioritization Jun 22, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.8.0 in /authbridge/authlib#490

build(deps): Bump github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.8.0 in /authbridge/authlib#490
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/authbridge/authlib/github.com/spiffe/go-spiffe/v2-2.7.0

dependabot Bot commented on behalf of github Jun 8, 2026 •

edited

Loading

Uh oh!

coderabbitai Bot commented Jun 8, 2026 •

edited

Loading

Review skipped

Walkthrough

Changes

Estimated code review effort

Poem

❌ Failed checks (1 warning)

Uh oh!

dependabot Bot commented on behalf of github Jun 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.8.0

Added

v2.7.0

Added

Changed

[2.8.0] - 2026-06-16

Added

[2.7.0] - 2026-06-03

Added

Changed

Uh oh!

coderabbitai Bot commented Jun 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Walkthrough

Changes

Estimated code review effort

Poem

❌ Failed checks (1 warning)

Uh oh!

dependabot Bot commented on behalf of github Jun 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Jun 8, 2026 •

edited

Loading

coderabbitai Bot commented Jun 8, 2026 •

edited

Loading