Bump the go-modules group with 2 updates by dependabot[bot] · Pull Request #489 · google/go-attestation

dependabot · 2026-03-19T14:33:06Z

Bumps the go-modules group with 2 updates: github.com/google/go-tpm-tools and golang.org/x/sys.

Updates github.com/google/go-tpm-tools from 0.4.7 to 0.4.8

Release notes

Sourced from github.com/google/go-tpm-tools's releases.

v0.4.8

Breaking Changes

#630: certain functions in cel package are removed, use https://github.com/google/go-eventlog/tree/main/cel instead.

#690: AttestationAgent.AttestationEvidence return type *teemodels.VMAttestation->attestationpb.VmAttestation teeserver "v1/evidence" endpoint returns marshaled type *teemodels.VMAttestation->attestationpb.VmAttestation

What's Changed

Use setup-go v6 in CI by @alexmwu in google/go-tpm-tools#621

Add gca-service-env flag by @alexmwu in google/go-tpm-tools#618

Add experiment-gated migration to VerifyConfidentialSpace by @jessieqliu in google/go-tpm-tools#586

Fix/skip tests would fail on real TPM by @jkl73 in google/go-tpm-tools#624

Replace eventlog logic to go-eventlog by @jkl73 in google/go-tpm-tools#591

[launcher] update base cos image to 125 by @jkl73 in google/go-tpm-tools#629

Add VerifyOpts flag to force a specific hash algo by @alexmwu in google/go-tpm-tools#631

[launcher] Migrate cel logic to go-eventlog/cel by @jkl73 in google/go-tpm-tools#630

Add RIM collection as part of CS image build by @alexmwu in google/go-tpm-tools#632

Bootstrap KCC directory by @meetrajvala in google/go-tpm-tools#636

[KeyManager] Refactor: Move KCC components to detailed Key Manager directory structure by @NilanjanDaw in google/go-tpm-tools#639

[keymanager] Add BoringSSL as git submodule for build dependency by @atulpatildbz in google/go-tpm-tools#644

[launcher] Fix CEL RTMR extending by @jkl73 in google/go-tpm-tools#635

[KeyManager] Implement common key structures and proto bindings by @NilanjanDaw in google/go-tpm-tools#640

[KeyManager] Implement memfd_secret based Vault for secure key storage by @NilanjanDaw in google/go-tpm-tools#642

Add structs for CVMattestation by @yanchengchen7 in google/go-tpm-tools#641

[KeyManager]: (build) boringssl auto-build using cmake crate by @atulpatildbz in google/go-tpm-tools#646

Add new CS variant vg image build by @jkl73 in google/go-tpm-tools#656

Add API to retrieve raw attestation evidence for both TPM and TDX. by @yanchengchen7 in google/go-tpm-tools#628

[KeyManager] Add HPKE and DHKEM crypto primitives by @NilanjanDaw in google/go-tpm-tools#643

[KeyManager] Implement FFI for KEM and binding key generation by @NilanjanDaw in google/go-tpm-tools#645

[KeyManager] Add key destruction FFI and background reaper by @NilanjanDaw in google/go-tpm-tools#647

[keymanager] Generate Rust FFI headers with cbindgen by @atulpatildbz in google/go-tpm-tools#655

[keymanager/wsd] Add Go orchestration layer (KOL) for WSD key generation by @atulpatildbz in google/go-tpm-tools#652

chore: Migrate gsutil usage to gcloud storage by @gurusai-voleti in google/go-tpm-tools#657

[launcher] add gpu driver installation b200 by @jkl73 in google/go-tpm-tools#663

[launcher] update base image by @jkl73 in google/go-tpm-tools#670

[KeyManager] Implement FFIs for decap-and-seal and HPKE open operations by @NilanjanDaw in google/go-tpm-tools#649

[launcher] add flag to disable GCA refresh by @jkl73 in google/go-tpm-tools#672

[keymanager]: implement GetCapabilities API by @atulpatildbz in google/go-tpm-tools#666

chore: Rerun cbindgen for decap and seal ffi by @atulpatildbz in google/go-tpm-tools#679

[KeyManager] FFI for Enumerate keys by @atulpatildbz in google/go-tpm-tools#665

vgentrypoint.sh: add sysctl settings by @rkolchmeyer in google/go-tpm-tools#680

[launcher][KeyManager] Integrate KeyManager into the Confidential Spa… by @NilanjanDaw in google/go-tpm-tools#678

Integrate go-nvtrust to collect GPU attestation by @yawangwang in google/go-tpm-tools#676

[KeyManager] Add KeyClaims proto and generation script. by @atulpatildbz in google/go-tpm-tools#671

[keymanager] GenerateKey API - incorporate signature change by @atulpatildbz in google/go-tpm-tools#677

[keymanager/wsd] Add /keys:decaps KOL API with DecapAndSeal + Open orchestration by @atulpatildbz in google/go-tpm-tools#650

Migrate getEvidence API to attestation proto library by @jessieqliu in google/go-tpm-tools#690

migrate models.NvidiaAttestation to attestation proto library by @yawangwang in google/go-tpm-tools#691

[launcher] Allow GCA client creation failure by @jkl73 in google/go-tpm-tools#689

[keymanager/wsd] Add /keys:destroy Go KOL handler with KEM + binding key destruction by @atulpatildbz in google/go-tpm-tools#651

... (truncated)

Commits

d275a1f Fix releaser (#712)
91d41b0 Fix ci issues (#711)
1b1054e upgrade dependencies (#697)
0110a8a Fix a test in server/verify_test.go (#696)
a07f836 Implement TEE server interface to get key endorsement (#700)
dceefb2 fix nil interface assertion (#708)
8f0c3d6 [KeyManager] Update API signatures for key generation and enumeration (#702)
49d04ab Measure GPU attestation evidence into RTMR with a new CEL event (#659)
1d3b979 Add nil checks to SetCert (#699)
c9fbf6f [keymanager/wsd] GET /v1/keys enumerate keys (#653)
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.41.0 to 0.42.0

Commits

eaaaaee windows/registry: correct KeyInfo.ModTime calculation
942780b cpu: darwin/arm64 feature detection
acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
3687fbd cpu: better defaults on darwin ARM64
48062e9 plan9: change Note to alias syscall.Note
4f23f80 windows: change Signal to alias syscall.Signal
7548802 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-modules group with 2 updates: [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) and [golang.org/x/sys](https://github.com/golang/sys). Updates `github.com/google/go-tpm-tools` from 0.4.7 to 0.4.8 - [Release notes](https://github.com/google/go-tpm-tools/releases) - [Commits](google/go-tpm-tools@v0.4.7...v0.4.8) Updates `golang.org/x/sys` from 0.41.0 to 0.42.0 - [Commits](golang/sys@v0.41.0...v0.42.0) --- updated-dependencies: - dependency-name: github.com/google/go-tpm-tools dependency-version: 0.4.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 19, 2026

brandonweeks force-pushed the dependabot/go_modules/go-modules-858c061718 branch 2 times, most recently from 3480317 to 545ae05 Compare March 23, 2026 17:03

brandonweeks enabled auto-merge (squash) March 23, 2026 17:04

brandonweeks force-pushed the dependabot/go_modules/go-modules-858c061718 branch from 545ae05 to 7aaa09a Compare March 23, 2026 17:12

liamjm approved these changes Apr 14, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group with 2 updates#489

Bump the go-modules group with 2 updates#489
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/go-modules-858c061718

dependabot Bot commented on behalf of github Mar 19, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Mar 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.4.8

Breaking Changes

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Mar 19, 2026 •

edited

Loading