build(deps): bump github.com/google/trillian from 1.5.1 to 1.5.2

[dependabot]

Bumps github.com/google/trillian from 1.5.1 to 1.5.2.

Release notes

Sourced from github.com/google/trillian's releases.

v1.5.2

Repo magagement

• Fix Token-Permissions code scanning alert by @​roger2hk in google/trillian#2973
• Update and rename scorecards.yml to scorecard.yml by @​AlCutter in google/trillian#2986
• Enable all lint checks in trillian repo by @​mhutchinson in google/trillian#2979

Cleanups

• remove left over bazel BUILD file by @​malt3 in google/trillian#2906
• Remove use of rand.Seed by @​AlCutter in google/trillian#2918
• Remove deprecated use of math/rand.Read by @​mhutchinson in google/trillian#2958
• Fixed all lint errcheck in number of TLDs by @​mhutchinson in google/trillian#2978

Claimant model

• More precise wording in SumDB claimant model by @​mhutchinson in google/trillian#2928
• Prototype tooling for Claimant Models by @​mhutchinson in google/trillian#2974

Misc

• Prepare CHANGELOG.md for v1.5.2 release by @​phbnf google/trillian#2997

Dependency updates

• Bump google.golang.org/api from 0.104.0 to 0.105.0 by @​dependabot in google/trillian#2878
• Bump ossf/scorecard-action from 2.0.6 to 2.1.1 by @​dependabot in google/trillian#2879
• Bump github/codeql-action from 2.1.36 to 2.1.37 by @​dependabot in google/trillian#2880
• Bump actions/setup-go from 3.4.0 to 3.5.0 by @​dependabot in google/trillian#2881
• Bump ossf/scorecard-action from 2.1.1 to 2.1.2 by @​dependabot in google/trillian#2882
• Bump github.com/cockroachdb/cockroach-go/v2 from 2.2.19 to 2.2.20 by @​dependabot in google/trillian#2883
• Bump nick-fields/retry from 2.8.2 to 2.8.3 by @​dependabot in google/trillian#2884
• Bump golang.org/x/crypto from 0.4.0 to 0.5.0 by @​dependabot in google/trillian#2886
• Bump actions/upload-artifact from 3.1.1 to 3.1.2 by @​dependabot in google/trillian#2889
• Bump actions/checkout from 3.2.0 to 3.3.0 by @​dependabot in google/trillian#2890
• Bump google.golang.org/api from 0.105.0 to 0.106.0 by @​dependabot in google/trillian#2885
• Bump golang.org/x/tools from 0.4.0 to 0.5.0 by @​dependabot in google/trillian#2888
• Bump google.golang.org/api from 0.106.0 to 0.107.0 by @​dependabot in google/trillian#2891
• Bump github/codeql-action from 2.1.37 to 2.1.38 by @​dependabot in google/trillian#2893
• Bump google.golang.org/grpc from 1.51.0 to 1.52.0 by @​dependabot in google/trillian#2892
• Bump Go version from 1.17 to 1.19 by @​roger2hk in google/trillian#2894
• Bump go.etcd.io/etcd/v3 from 3.5.6 to 3.5.7 by @​dependabot in google/trillian#2898
• Bump google.golang.org/api from 0.107.0 to 0.108.0 by @​dependabot in google/trillian#2896
• Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 by @​dependabot in google/trillian#2901
• Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @​dependabot in google/trillian#2902
• Bump github/codeql-action from 2.1.38 to 2.1.39 by @​dependabot in google/trillian#2903
• Bump github/codeql-action from 2.1.39 to 2.2.1 by @​dependabot in google/trillian#2905
• Bump google.golang.org/grpc from 1.52.0 to 1.52.3 by @​dependabot in google/trillian#2904
• Bump github/codeql-action from 2.2.1 to 2.2.2 by @​dependabot in google/trillian#2908
• Bump google.golang.org/api from 0.108.0 to 0.109.0 by @​dependabot in google/trillian#2907
• Bump golang.org/x/tools from 0.5.0 to 0.6.0 by @​dependabot in google/trillian#2914
• Bump github/codeql-action from 2.2.2 to 2.2.4 by @​dependabot in google/trillian#2915
• Bump google.golang.org/api from 0.109.0 to 0.110.0 by @​dependabot in google/trillian#2913
• Bump golang.org/x/crypto from 0.5.0 to 0.6.0 by @​dependabot in google/trillian#2910
• bump golang.org/x/net from 0.6.0 to 0.7.0 by @​dependabot in google/trillian#2917

... (truncated)

Changelog

Sourced from github.com/google/trillian's changelog.

TRILLIAN Changelog

HEAD

v.1.5.2

• Recommended go version for development: 1.19
  • This is the version used by the cloudbuild presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.

Storage

CloudSpanner

• Removed use of the --cloudspanner_write_sessions flag. This was related to preparing some fraction of CloudSpanner sessionpool entries with Read/Write transactions, however this functionality is no longer supported by the client library.

Repo config

• Enable all lint checks in trillian repo by @​mhutchinson in google/trillian#2979

Dependency updates

• Bump contrib.go.opencensus.io/exporter/stackdriver from 0.13.12 to 0.13.14 by @​samuelattwood in google/trillian#2950
• Bump Go version from 1.17 to 1.19.
• Updated golangci-lint to v1.51.1 (developers should update to this version)
• Update transparency-dev/merkle to v0.0.2

Commits

• 8ba85b5 Bump golang.org/x/sys from 0.7.0 to 0.8.0 (#2989)
• 7ae2316 Prepare CHANGELOG.md for v1.5.2 release (#2997)
• 18bc7a0 Bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 (#2994)
• 034ee2f Bump github.com/apache/beam/sdks/v2 from 2.47.0-RC1 to 2.47.0-RC3 (#2992)
• 5d456cb Bump golang.org/x/sync from 0.1.0 to 0.2.0 (#2993)
• 8b4cc7f Bump github.com/prometheus/client_golang from 1.15.0 to 1.15.1 (#2988)
• d734cf2 Bump google.golang.org/api from 0.120.0 to 0.121.0 (#2995)
• 47f4aa9 Bump github/codeql-action from 2.3.2 to 2.3.3 (#2996)
• 1250093 Bump github.com/transparency-dev/merkle from 0.0.1 to 0.0.2 (#2990)
• da6b162 Update and rename scorecards.yml to scorecard.yml
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #1480 (c5d4b42) into main (4c65724) will increase coverage by 0.07%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1480      +/-   ##
==========================================
+ Coverage   64.29%   64.37%   +0.07%     
==========================================
  Files          80       80              
  Lines        7789     7789              
==========================================
+ Hits         5008     5014       +6     
+ Misses       2131     2127       -4     
+ Partials      650      648       -2     

Flag	Coverage Δ
e2etests	48.22% <ø> (ø)
unittests	44.69% <ø> (+0.08%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 2 files with indirect coverage changes