build(deps): Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by dependabot[bot] · Pull Request #2087 · getsops/sops

dependabot · 2026-02-25T19:35:23Z

Bumps github.com/cloudflare/circl from 1.6.1 to 1.6.3.

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

sign/mldsa: Check opts for nil value by @armfazh in cloudflare/circl#582

ecc/p384: Point addition must handle point doubling case. by @armfazh in cloudflare/circl#583

Release CIRCL v1.6.3 by @armfazh in cloudflare/circl#584

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

New SLH-DSA, improvements in ML-DSA for arm64.

Tested compilation on WASM.

What's Changed

Optimize pairing product computation by moving exponentiations to G1. by @dfaranha in cloudflare/circl#547

sign: Adding SLH-DSA signature by @armfazh in cloudflare/circl#512

Update code generators to CIRCL v1.6.1. by @armfazh in cloudflare/circl#548

ML-DSA: Add preliminary Wycheproof test vectors by @bwesterb in cloudflare/circl#552

go fmt by @bwesterb in cloudflare/circl#554

gz-compressing test vectors, use of HexBytes and ReadGzip functions. by @armfazh in cloudflare/circl#555

group: Removes use of elliptic Marshal and Unmarshal functions. by @armfazh in cloudflare/circl#556

Support encoding/decoding ML-DSA private keys (as long as they contain seeds) by @bwesterb in cloudflare/circl#559

Update to golangci-lint v2 by @bwesterb in cloudflare/circl#560

Preparation for ARM64 Implementation of poly operations for dilithium package. by @elementrics in cloudflare/circl#562

prepare power2Round for custom implementations in assembly by @elementrics in cloudflare/circl#564

ARM64 implementation for poly.PackLe16 by @elementrics in cloudflare/circl#563

add arm64 version of polyMulBy2toD by @elementrics in cloudflare/circl#565

add arm64 version of polySub by @elementrics in cloudflare/circl#566

group: add byteLen method for short groups and RandomScalar uses rand.Int by @armfazh in cloudflare/circl#568

add arm64 version of poly.Add/Sub by @elementrics in cloudflare/circl#572

group: Adding cryptobyte marshaling to scalars by @armfazh in cloudflare/circl#569

Bumping up to Go1.25 by @armfazh in cloudflare/circl#574

ci: Including WASM compilation. by @armfazh in cloudflare/circl#577

Revert to using package-declared HPKE errors for shortkem instead of standard library errors by @harshiniwho in cloudflare/circl#578

Release v1.6.2 by @armfazh in cloudflare/circl#579

New Contributors

@dfaranha made their first contribution in cloudflare/circl#547

@elementrics made their first contribution in cloudflare/circl#562

@harshiniwho made their first contribution in cloudflare/circl#578

Full Changelog: cloudflare/circl@v1.6.1...v1.6.2

Commits

24ae53c Release CIRCL v1.6.3
581020b Rename method to oddMultiplesProjective.
12209a4 Removing unused cmov for jacobian points.
fcba359 ecc/p384: use of complete projective formulas for scalar multiplication.
5e1bae8 ecc/p384: handle point doubling in point addition with Jacobian coordinates.
3416046 Check opts for nil value.
a763d47 Release CIRCL v1.6.2
3c70bf9 Bump x/crypto x/sys dependencies.
3f0f15b Revert to using package-declared HPKE errors for shortkem instead of standard...
23491bd Adding generic Power2Round method.
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.6.1 to 1.6.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.6.1...v1.6.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

This MR contains the following updates: | Package | Update | Change | |---|---|---| | [getsops/sops](https://github.com/getsops/sops) | patch | `v3.12.1` → `v3.12.2` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>getsops/sops (getsops/sops)</summary> ### [`v3.12.2`](https://github.com/getsops/sops/releases/tag/v3.12.2) [Compare Source](getsops/sops@v3.12.1...v3.12.2) #### Installation To install `sops`, download one of the pre-built binaries provided for your platform from the artifacts attached to this release. For instance, if you are using Linux on an AMD64 architecture: ```shell # Download the binary curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.linux.amd64 # Move the binary in to your PATH mv sops-v3.12.2.linux.amd64 /usr/local/bin/sops # Make the binary executable chmod +x /usr/local/bin/sops ``` ##### Verify checksums file signature The checksums file provided within the artifacts attached to this release is signed using [Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC. To validate the signature of this file, run the following commands: ```shell # Download the checksums file, certificate and signature curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.checksums.txt curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.checksums.pem curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.checksums.sig # Verify the checksums file cosign verify-blob sops-v3.12.2.checksums.txt \ --certificate sops-v3.12.2.checksums.pem \ --signature sops-v3.12.2.checksums.sig \ --certificate-identity-regexp=https://github.com/getsops \ --certificate-oidc-issuer=https://token.actions.githubusercontent.com ``` ##### Verify binary integrity To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature: ```shell # Verify the binary using the checksums file sha256sum -c sops-v3.12.2.checksums.txt --ignore-missing ``` ##### Verify artifact provenance The [SLSA provenance](https://slsa.dev/provenance/v0.2) of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an [in-toto](https://in-toto.io/) link metadata file named `sops-v3.12.2.intoto.jsonl`. To verify the provenance of an artifact, you can utilize the [`slsa-verifier`](https://github.com/slsa-framework/slsa-verifier#artifacts) tool: ```shell # Download the metadata file curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.intoto.jsonl # Verify the provenance of the artifact slsa-verifier verify-artifact <artifact> \ --provenance-path sops-v3.12.2.intoto.jsonl \ --source-uri github.com/getsops/sops \ --source-tag v3.12.2 ``` #### Container Images The `sops` binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies. These container images are available for the following architectures: `linux/amd64` and `linux/arm64`. ##### GitHub Container Registry - `ghcr.io/getsops/sops:v3.12.2` - `ghcr.io/getsops/sops:v3.12.2-alpine` ##### Quay.io - `quay.io/getsops/sops:v3.12.2` - `quay.io/getsops/sops:v3.12.2-alpine` ##### Verify container image signature The container images are signed using [Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC. To validate the signature of an image, run the following command: ```shell cosign verify ghcr.io/getsops/sops:v3.12.2 \ --certificate-identity-regexp=https://github.com/getsops \ --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ -o text ``` ##### Verify container image provenance The container images include [SLSA provenance](https://slsa.dev/provenance/v0.2) attestations. For more information around the verification of this, please refer to the [`slsa-verifier` documentation](https://github.com/slsa-framework/slsa-verifier#containers). #### Software Bill of Materials The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an [SPDX](https://spdx.dev/) JSON file, formatted as `<binary>.spdx.sbom.json`. #### What's Changed - CI: Rearrange steps; disable setup-go's caching by [@felixfontein](https://github.com/felixfontein) in [#2081](getsops/sops#2081) - build(deps): Bump the go group with 6 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#2085](getsops/sops#2085) - build(deps): Bump the ci group with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#2084](getsops/sops#2084) - build(deps): Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#2087](getsops/sops#2087) - build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#2089](getsops/sops#2089) - build(deps): Bump the ci group with 4 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#2091](getsops/sops#2091) - build(deps): Bump tempfile from 3.25.0 to 3.26.0 in /functional-tests in the rust group by [@dependabot](https://github.com/dependabot)\[bot] in [#2090](getsops/sops#2090) - build(deps): Bump github.com/docker/cli from 28.0.4+incompatible to 29.2.0+incompatible by [@dependabot](https://github.com/dependabot)\[bot] in [#2095](getsops/sops#2095) - build(deps): Bump the ci group with 4 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#2101](getsops/sops#2101) - Check for metadata key(s) before re-encrypting file by [@felixfontein](https://github.com/felixfontein) in [#2098](getsops/sops#2098) - fix: handle mac only encrypted flag in global by [@CzBiX](https://github.com/CzBiX) in [#2100](getsops/sops#2100) - sops edit: delete temporary file on termination by [@felixfontein](https://github.com/felixfontein) in [#2104](getsops/sops#2104) - build(deps): Bump the ci group with 4 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#2106](getsops/sops#2106) - build(deps): Bump tempfile from 3.26.0 to 3.27.0 in /functional-tests in the rust group by [@dependabot](https://github.com/dependabot)\[bot] in [#2105](getsops/sops#2105) - Revert "Merge pull request [#1697](getsops/sops#1697) from onjen/fix-1142" by [@felixfontein](https://github.com/felixfontein) in [#2099](getsops/sops#2099) - Release 3.12.2 by [@felixfontein](https://github.com/felixfontein) in [#2109](getsops/sops#2109) #### New Contributors - [@CzBiX](https://github.com/CzBiX) made their first contribution in [#2100](getsops/sops#2100) **Full Changelog**: <getsops/sops@v3.12.1...v3.12.2> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

dependabot Bot added the dependencies Pull requests that update a dependency file label Feb 25, 2026

felixfontein approved these changes Feb 25, 2026

View reviewed changes

felixfontein merged commit aca8fe9 into main Feb 25, 2026
20 checks passed

felixfontein deleted the dependabot/go_modules/github.com/cloudflare/circl-1.6.3 branch February 25, 2026 19:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3#2087

build(deps): Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3#2087
felixfontein merged 1 commit intomainfrom
dependabot/go_modules/github.com/cloudflare/circl-1.6.3

dependabot Bot commented on behalf of github Feb 25, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Feb 25, 2026

CIRCL v1.6.3

What's Changed

CIRCL v1.6.2

What's Changed

New Contributors

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant