Skip to content

chore(deps): bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0#724

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/github.com/in-toto/in-toto-golang-0.11.0
Open

chore(deps): bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0#724
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/github.com/in-toto/in-toto-golang-0.11.0

chore(deps): bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0

d73aacc
Select commit
Loading
Failed to load commit list.
Kusari Inspector / Kusari Inspector succeeded May 8, 2026 in 1m 14s

Security Analysis Passed

No security issues found

Details

Kusari Inspector

Kusari Analysis Results:

Proceed with these changes

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

Both the dependency and code security analyses independently recommend proceeding with no blocking issues identified. The PR updates github.com/in-toto/in-toto-golang from v0.9.0 to v0.11.0, which resolves known vulnerabilities including CVE-2025-47914, CVE-2025-58181, CVE-2025-47913 in golang.org/x/crypto and GHSA-pmwq-pjrm-6p5r in in-toto-golang. No new vulnerabilities are introduced by the updated versions. The two flagged 'isRisky' items are confirmed false positives: 'stdlib' is the trusted Go standard library and github.com/spf13/cobra v1.10.2 carries only a low activity score, not a security concern. All licenses remain permissive (Apache-2.0, BSD-3-Clause, MIT). The code analysis of the modified go.mod and go.sum files found zero issues across all severity levels, with no secrets or workflow concerns. This PR is strictly a security-improving dependency update with a net-positive risk profile.

Note

View full detailed analysis result for more information on the output and the checks that were run.


@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: d73aacc, performed at: 2026-05-08T23:23:07Z