fix(deps): update module github.com/getsops/sops/v3 to v3.9.3

[budimanjojo-bot]

This PR contains the following updates:

Package	Type	Update	Change
github.com/getsops/sops/v3	require	patch	v3.9.2 -> v3.9.3

---

Release Notes

getsops/sops (github.com/getsops/sops/v3)

v3.9.3

Compare Source

Installation

To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.linux.amd64

### Move the binary in to your PATH
mv sops-v3.9.3.linux.amd64 /usr/local/bin/sops

### Make the binary executable
chmod +x /usr/local/bin/sops

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.checksums.sig

### Verify the checksums file
cosign verify-blob sops-v3.9.3.checksums.txt \
  --certificate sops-v3.9.3.checksums.pem \
  --signature sops-v3.9.3.checksums.sig \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:

### Verify the binary using the checksums file
sha256sum -c sops-v3.9.3.checksums.txt --ignore-missing

Verify artifact provenance

The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.9.3.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:

### Download the metadata file
curl -LO  https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.intoto.jsonl

### Verify the provenance of the artifact
slsa-verifier verify-artifact <artifact> \
  --provenance-path sops-v3.9.3.intoto.jsonl \
  --source-uri github.com/getsops/sops \
  --source-tag v3.9.3

Container Images

The sops binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies.

These container images are available for the following architectures: linux/amd64 and linux/arm64.

GitHub Container Registry

• ghcr.io/getsops/sops:v3.9.3
• ghcr.io/getsops/sops:v3.9.3-alpine

Quay.io

• quay.io/getsops/sops:v3.9.3
• quay.io/getsops/sops:v3.9.3-alpine

Verify container image signature

The container images are signed using Cosign with GitHub OIDC. To validate the signature of an image, run the following command:

cosign verify ghcr.io/getsops/sops:v3.9.3 \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  -o text

Verify container image provenance

The container images include SLSA provenance attestations. For more information around the verification of this, please refer to the slsa-verifier documentation.

Software Bill of Materials

The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an SPDX JSON file, formatted as <binary>.spdx.sbom.json.

What's Changed

• build(deps): Bump the go group with 10 updates by @​dependabot in https://github.com/getsops/sops/pull/1699
• build(deps): Bump the ci group with 2 updates by @​dependabot in https://github.com/getsops/sops/pull/1698
• build(deps): Bump golang.org/x/crypto from 0.30.0 to 0.31.0 by @​dependabot in https://github.com/getsops/sops/pull/1703
• build(deps): Bump the ci group with 4 updates by @​dependabot in https://github.com/getsops/sops/pull/1708
• build(deps): Bump the rust group in /functional-tests with 2 updates by @​dependabot in https://github.com/getsops/sops/pull/1707
• CI: add 'persist-credentials: false' to checkout actions by @​felixfontein in https://github.com/getsops/sops/pull/1704
• build(deps): Bump filippo.io/age from 1.2.0 to 1.2.1 by @​dependabot in https://github.com/getsops/sops/pull/1710
• Bump golang.org/x/net to 0.33.0 to address CVE-2024-45338 by @​felixfontein in https://github.com/getsops/sops/pull/1714
• build(deps): Bump the go group across 1 directory with 13 updates by @​dependabot in https://github.com/getsops/sops/pull/1715
• build(deps): Bump serde_json from 1.0.133 to 1.0.134 in /functional-tests in the rust group by @​dependabot in https://github.com/getsops/sops/pull/1716
• build(deps): Bump the ci group with 2 updates by @​dependabot in https://github.com/getsops/sops/pull/1717
• GnuPG: do not incorrectly trim fingerprint in presence of exclamation marks for specfic subkey selection by @​felixfontein in https://github.com/getsops/sops/pull/1720
• Tests: use container images from https://github.com/getsops/ci-container-images by @​felixfontein in https://github.com/getsops/sops/pull/1722
• updatekeys subcommand: fix input-type CLI flag being ignored by @​felixfontein in https://github.com/getsops/sops/pull/1721
• Update all Go dependencies by @​felixfontein in https://github.com/getsops/sops/pull/1723
• build(deps): Bump the rust group in /functional-tests with 2 updates by @​dependabot in https://github.com/getsops/sops/pull/1725
• Release 3.9.3 by @​felixfontein in https://github.com/getsops/sops/pull/1724

Full Changelog: getsops/sops@v3.9.2...v3.9.3

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[budimanjojo-bot]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -d -t ./...
go: -d flag is deprecated. -d=true is a no-op
go: downloading github.com/fatih/color v1.18.0
go: downloading github.com/gookit/validate v1.5.4
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
go: downloading github.com/siderolabs/image-factory v0.6.5
go: downloading github.com/siderolabs/net v0.4.0
go: downloading github.com/siderolabs/talos/pkg/machinery v1.10.0-alpha.0
go: downloading golang.org/x/mod v0.22.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading github.com/spf13/cobra v1.8.1
go: downloading github.com/getsops/sops/v3 v3.9.3
go: downloading sigs.k8s.io/yaml v1.4.0
go: downloading github.com/invopop/jsonschema v0.13.0
go: downloading github.com/evanphx/json-patch v5.9.0+incompatible
go: downloading github.com/hexops/gotextdiff v1.0.3
go: downloading github.com/a8m/envsubst v1.4.2
go: downloading github.com/Masterminds/sprig/v3 v3.3.0
go: downloading github.com/joho/godotenv v1.5.1
go: downloading github.com/mattn/go-colorable v0.1.13
go: downloading github.com/mattn/go-isatty v0.0.20
go: downloading golang.org/x/sys v0.28.0
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading github.com/gookit/filter v1.2.2
go: downloading github.com/gookit/goutil v0.6.18
go: downloading github.com/siderolabs/gen v0.7.0
go: downloading github.com/planetscale/vtprotobuf v0.6.1-0.20241121165744-79df5c4772f2
go: downloading google.golang.org/grpc v1.69.2
go: downloading google.golang.org/protobuf v1.36.1
go: downloading github.com/blang/semver/v4 v4.0.0
go: downloading github.com/dustin/go-humanize v1.0.1
go: downloading github.com/siderolabs/go-pointer v1.0.0
go: downloading github.com/containerd/go-cni v1.1.11
go: downloading github.com/siderolabs/crypto v0.5.0
go: downloading github.com/blang/semver v3.5.1+incompatible
go: downloading github.com/cosi-project/runtime v0.7.6
go: downloading github.com/google/cel-go v0.22.1
go: downloading github.com/opencontainers/runtime-spec v1.2.0
go: downloading github.com/siderolabs/go-blockdevice/v2 v2.0.8
go: downloading github.com/jsimonetti/rtnetlink/v2 v2.0.3-0.20241216183107-2d6e9f8ad3f2
go: downloading github.com/mdlayher/ethtool v0.2.0
go: downloading github.com/siderolabs/go-blockdevice v0.4.8
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/spf13/pflag v1.0.5
go: downloading github.com/cpuguy83/go-md2man/v2 v2.0.6
go: downloading github.com/ghodss/yaml v1.0.0
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/wk8/go-ordered-map/v2 v2.1.8
go: downloading github.com/siderolabs/protoenc v0.2.1
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8
go: downloading github.com/ryanuber/go-glob v1.0.0
go: downloading dario.cat/mergo v1.0.1
go: downloading github.com/Masterminds/goutils v1.1.1
go: downloading github.com/Masterminds/semver/v3 v3.3.0
go: downloading google.golang.org/genproto v0.0.0-20241223144023-3abc09e42ca8
go: downloading github.com/google/uuid v1.6.0
go: downloading github.com/huandu/xstrings v1.5.0
go: downloading github.com/mitchellh/copystructure v1.2.0
go: downloading github.com/shopspring/decimal v1.4.0
go: downloading github.com/spf13/cast v1.7.0
go: downloading golang.org/x/crypto v0.31.0
go: downloading golang.org/x/text v0.21.0
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8
go: downloading golang.org/x/net v0.33.0
go: downloading github.com/containernetworking/cni v1.2.3
go: downloading cel.dev/expr v0.19.1
go: downloading github.com/stoewer/go-strcase v1.3.0
go: downloading github.com/mdlayher/genetlink v1.3.2
go: downloading github.com/mdlayher/netlink v1.7.2
go: downloading github.com/russross/blackfriday/v2 v2.1.0
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/bahlo/generic-list-go v0.2.0
go: downloading github.com/buger/jsonparser v1.1.1
go: downloading github.com/mailru/easyjson v0.7.7
go: downloading github.com/sirupsen/logrus v1.9.3
go: downloading github.com/mitchellh/go-wordwrap v1.0.1
go: downloading github.com/urfave/cli v1.22.16
go: downloading golang.org/x/term v0.27.0
go: downloading github.com/mitchellh/reflectwalk v1.0.2
go: downloading github.com/google/go-cmp v0.6.0
go: downloading github.com/josharian/native v1.1.0
go: downloading github.com/mdlayher/socket v0.5.1
go: downloading github.com/goware/prefixer v0.0.0-20160118172347-395022866408
go: downloading github.com/aws/aws-sdk-go-v2 v1.32.7
go: downloading github.com/aws/aws-sdk-go-v2/config v1.28.7
go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.17.48
go: downloading github.com/aws/aws-sdk-go-v2/service/kms v1.37.8
go: downloading github.com/aws/aws-sdk-go-v2/service/sts v1.33.3
go: downloading gopkg.in/ini.v1 v1.67.0
go: downloading filippo.io/age v1.2.1
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0
go: downloading cloud.google.com/go/kms v1.20.3
go: downloading google.golang.org/api v0.214.0
go: downloading github.com/hashicorp/vault/api v1.15.0
go: downloading cloud.google.com/go v0.117.0
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/ProtonMail/go-crypto v1.1.3
go: downloading github.com/getsops/gopgagent v0.0.0-20241224165529-7044f28e491e
go: downloading cloud.google.com/go/storage v1.49.0
go: downloading github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.44
go: downloading github.com/aws/aws-sdk-go-v2/service/s3 v1.71.1
go: downloading github.com/hashicorp/go-cleanhttp v0.5.2
go: downloading github.com/antlr4-go/antlr/v4 v4.13.1
go: downloading go.uber.org/zap v1.27.0
go: downloading golang.org/x/time v0.8.0
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0
go: downloading github.com/gertd/go-pluralize v0.2.1
go: downloading github.com/lib/pq v1.10.9
go: downloading golang.org/x/sync v0.10.0
go: downloading github.com/aws/smithy-go v1.22.1
go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22
go: downloading github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1
go: downloading github.com/aws/aws-sdk-go-v2/service/sso v1.24.8
go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.7
go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.7
go: downloading github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0
go: downloading github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2
go: downloading github.com/cenkalti/backoff/v4 v4.3.0
go: downloading github.com/go-jose/go-jose/v4 v4.0.4
go: downloading github.com/hashicorp/go-retryablehttp v0.7.7
go: downloading github.com/hashicorp/go-rootcerts v1.0.2
go: downloading github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8
go: downloading github.com/hashicorp/go-secure-stdlib/strutil v0.1.2
go: downloading github.com/hashicorp/hcl v1.0.1-vault-5
go: downloading github.com/mitchellh/mapstructure v1.5.0
go: downloading cloud.google.com/go/iam v1.3.0
go: downloading cloud.google.com/go/longrunning v0.6.3
go: downloading github.com/googleapis/gax-go/v2 v2.14.1
go: downloading golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
go: downloading go.uber.org/multierr v1.11.0
go: downloading github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7
go: downloading github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.26
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.7
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.7
go: downloading cloud.google.com/go/compute/metadata v0.6.0
go: downloading github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0
go: downloading go.opentelemetry.io/contrib/detectors/gcp v1.33.0
go: downloading go.opentelemetry.io/otel v1.33.0
go: downloading go.opentelemetry.io/otel/sdk/metric v1.33.0
go: downloading go.opentelemetry.io/otel/sdk v1.33.0
go: downloading golang.org/x/oauth2 v0.24.0
go: downloading google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a
go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26
go: downloading github.com/kylelemons/godebug v1.1.0
go: downloading github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
go: downloading github.com/hashicorp/go-sockaddr v1.0.7
go: downloading cloud.google.com/go/auth v0.13.0
go: downloading cloud.google.com/go/auth/oauth2adapt v0.2.6
go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0
go: downloading github.com/cloudflare/circl v1.5.0
go: downloading go.opentelemetry.io/otel/trace v1.33.0
go: downloading github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0
go: downloading cloud.google.com/go/monitoring v1.22.0
go: downloading github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0
go: downloading go.opentelemetry.io/otel/metric v1.33.0
go: downloading github.com/golang-jwt/jwt/v5 v5.2.1
go: downloading github.com/google/s2a-go v0.1.8
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.3.4
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading github.com/go-logr/logr v1.4.2
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/auto/sdk v1.1.0
go: downloading github.com/envoyproxy/go-control-plane v0.13.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/cncf/xds/go v0.0.0-20241223141626-cff3c89139a3
go: downloading github.com/envoyproxy/protoc-gen-validate v1.1.0
go: downloading github.com/census-instrumentation/opencensus-proto v0.4.1
go: downloading google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3
go: github.com/budimanjojo/talhelper/v3/pkg/decrypt imports
	github.com/getsops/sops/v3/decrypt imports
	github.com/getsops/sops/v3/config imports
	github.com/getsops/sops/v3/publish imports
	cloud.google.com/go/storage imports
	google.golang.org/grpc/stats/opentelemetry: ambiguous import: found package google.golang.org/grpc/stats/opentelemetry in multiple modules:
	google.golang.org/grpc v1.69.2 (/tmp/renovate/cache/others/go/pkg/mod/google.golang.org/grpc@v1.69.2/stats/opentelemetry)
	google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3 (/tmp/renovate/cache/others/go/pkg/mod/google.golang.org/grpc/stats/opentelemetry@v0.0.0-20241028142157-ada6787961b3)

[budimanjojo-bot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.