Bump github.com/google/certificate-transparency-go from 1.3.1 to 1.3.2

[dependabot]

Bumps github.com/google/certificate-transparency-go from 1.3.1 to 1.3.2.

Release notes

Sourced from github.com/google/certificate-transparency-go's releases.

v1.3.2

What's changed?

• CTFE - thanks to @​robstradling and @​rolandshoemaker
  • New feature: Rate Limiting Of Non-Fresh Submissions
  • Optimizations:
    • Better extra data storage saving
    • Better cache max-age for get-entries
  • Fixes: Disalllow mismatching signature algorithm identifiers
• Migrillian: removed support for etcd
• preloader / ct_hammer / jsconlient: a bunch of new features and fixes.
• go: bump to go 1.23 and bump to golangci-lint to 1.61.0

Misc

• [migrillian] remove etcd support in #1699
• Bump golangci-lint from 1.55.1 to 1.61.0 (developers should update to this version).
• Update ctclient tool to support SCT extensions field by @​liweitianux in google/certificate-transparency-go#1645
• Bump go to 1.23
• [ct_hammer] support HTTPS and Bearer token for Authentication.
• [preloader] support Bearer token Authentication for non temporal logs.
• [preloader] support end indexes
• [CTFE] Short cache max-age when get-entries returns fewer entries than requested by @​robstradling in google/certificate-transparency-go#1707
• [CTFE] Disalllow mismatching signature algorithm identifiers in #702.
• [jsonclient] surface HTTP Do and Read errors #1695 by @​FiloSottile

CTFE Storage Saving: Extra Data Issuance Chain Deduplication

• Suppress unnecessary duplicate key errors in the IssuanceChainStorage PostgreSQL implementation by @​robstradling in google/certificate-transparency-go#1678
• Only store IssuanceChain if not cached by @​robstradling in google/certificate-transparency-go#1679

CTFE Rate Limiting Of Non-Fresh Submissions

To protect a log from being flooded with requests for "old" certificates, optional rate limiting for "non-fresh submissions" can be configured by providing the following flags:

• non_fresh_submission_age
• non_fresh_submission_burst
• non_fresh_submission_limit

This can help to ensure that the log maintains its ability to (1) accept "fresh" submissions and (2) distribute all log entries to monitors.

• [CTFE] Configurable mechanism to rate-limit non-fresh submissions by @​robstradling in google/certificate-transparency-go#1698

Dependency updates

• Bump the docker-deps group across 5 directories with 3 updates (#1705)
• Bump google.golang.org/grpc from 1.72.1 to 1.72.2 in the all-deps group (#1704)
• Bump github.com/go-jose/go-jose/v4 in the go_modules group (#1700)
• Bump the all-deps group with 7 updates (#1701)

... (truncated)

Changelog

Sourced from github.com/google/certificate-transparency-go's changelog.

v1.3.2

Misc

• [migrillian] remove etcd support in #1699
• Bump golangci-lint from 1.55.1 to 1.61.0 (developers should update to this version).
• Update ctclient tool to support SCT extensions field by @​liweitianux in google/certificate-transparency-go#1645
• Bump go to 1.23
• [ct_hammer] support HTTPS and Bearer token for Authentication.
• [preloader] support Bearer token Authentication for non temporal logs.
• [preloader] support end indexes
• [CTFE] Short cache max-age when get-entries returns fewer entries than requested by @​robstradling in google/certificate-transparency-go#1707
• [CTFE] Disalllow mismatching signature algorithm identifiers in #702.
• [jsonclient] surface HTTP Do and Read errors #1695 by @​FiloSottile

CTFE Storage Saving: Extra Data Issuance Chain Deduplication

• Suppress unnecessary duplicate key errors in the IssuanceChainStorage PostgreSQL implementation by @​robstradling in google/certificate-transparency-go#1678
• Only store IssuanceChain if not cached by @​robstradling in google/certificate-transparency-go#1679

CTFE Rate Limiting Of Non-Fresh Submissions

To protect a log from being flooded with requests for "old" certificates, optional rate limiting for "non-fresh submissions" can be configured by providing the following flags:

• non_fresh_submission_age
• non_fresh_submission_burst
• non_fresh_submission_limit

This can help to ensure that the log maintains its ability to (1) accept "fresh" submissions and (2) distribute all log entries to monitors.

• [CTFE] Configurable mechanism to rate-limit non-fresh submissions by @​robstradling in google/certificate-transparency-go#1698

Dependency updates

• Bump the docker-deps group across 5 directories with 3 updates (#1705)
• Bump google.golang.org/grpc from 1.72.1 to 1.72.2 in the all-deps group (#1704)
• Bump github.com/go-jose/go-jose/v4 in the go_modules group (#1700)
• Bump the all-deps group with 7 updates (#1701)
• Bump the all-deps group with 7 updates (#1693)
• Bump the docker-deps group across 4 directories with 1 update (#1694)
• Bump github/codeql-action from 3.28.13 to 3.28.16 in the all-deps group (#1692)
• Bump the all-deps group across 1 directory with 7 updates (#1688)
• Bump distroless/base-debian12 (#1686)
• Bump golangci/golangci-lint-action from 6.5.1 to 7.0.0 in the all-deps group (#1685)
• Bump the all-deps group with 4 updates (#1681)
• Bump the all-deps group with 6 updates (#1683)
• Bump the docker-deps group across 4 directories with 2 updates (#1682)
• Bump github.com/golang-jwt/jwt/v4 in the go_modules group (#1680)
• Bump golangci/golangci-lint-action in the all-deps group (#1676)
• Bump the all-deps group with 2 updates (#1677)

... (truncated)

Commits

• d1b16ca Update CHANGELOG in prep for v1.3.2 (#1709)
• 55a640c [CTFE] Short cache max-age when get-entries returns fewer entries than reques...
• 7d28036 Bump the docker-deps group across 5 directories with 3 updates (#1705)
• 90fa4e8 Bump google.golang.org/grpc from 1.72.1 to 1.72.2 in the all-deps group (#1704)
• 56b77cf x509: disallow mismatching signature algorithm identifiers (#702)
• 3d623d1 Bump github.com/go-jose/go-jose/v4 in the go_modules group (#1700)
• dbf4a2b Bump the all-deps group with 7 updates (#1701)
• 96d6d6e Bump the all-deps group with 7 updates (#1693)
• 236d180 [CTFE] Configurable mechanism to rate-limit non-fresh submissions (#1698)
• b03cea1 [Migrillian] Remove unused etcd support (#1699)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)