build(deps): bump github.com/smallstep/certificates from 0.29.0 to 0.30.0

[dependabot]

Bumps github.com/smallstep/certificates from 0.29.0 to 0.30.0.

Release notes

Sourced from github.com/smallstep/certificates's releases.

Release v0.30.0

No release notes provided.

Step CA v0.30.0-rc7 (26-03-18)

Official Release Artifacts

Linux

• 📦 step-ca_linux_0.30.0-rc7_amd64.tar.gz
• 📦 step-ca_0.30.0.rc7-1_amd64.deb
• 📦 step-ca-0.30.0.rc7-1.x86_64.rpm
• 📦 step-ca_0.30.0.rc7-1_arm64.deb
• 📦 step-ca-0.30.0.rc7-1.aarch64.rpm

OSX Darwin

• 📦 step-ca_darwin_0.30.0-rc7_amd64.tar.gz
• 📦 step-ca_darwin_0.30.0-rc7_arm64.tar.gz

Windows

• 📦 step-ca_windows_0.30.0-rc7_amd64.zip

For more builds across platforms and architectures, see the Assets section below. And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --bundle step-ca_darwin_0.30.0-rc7_amd64.tar.gz.sigstore.json \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.30.0-rc7_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

• d34619c55e5cd46ce08d8bdb8c846df2c4d8aca0 Update CHANGELOG for 0.30.0 (#2603)
• cfcbe4c2f93ec7e7f0347b4d0190353946189be7 Merge pull request #2602 from smallstep/mariano/scep-type-check
• e6da031d5125cfd99fe9a26f74bb41e4dacca4ef Add scep integration tests
• d4103d6626a6b1e95223610b7fc46757aaa255b8 Merge pull request #2511 from savely-krasovsky/master
• 07e4424836212198eaabed92517a98e0ec993175 Add revocation reason code to CRL | replace deprecated pkix.RevokeCertificate

... (truncated)

Changelog

Sourced from github.com/smallstep/certificates's changelog.

[0.30.0] - 2026-03-18

Added

• smallstep/certificates#2526
• smallstep/certificates#2570
• smallstep/certificates#2533

Changed

• Upgrade HSM-enabled Docker images from Debian Bookworm (12) to Debian Trixie smallstep/certificates#2493
• Use JSON array format for Dockerfile's CMD instruction. This prevents shell interpolation of environment variables like CONFIGPATH and PWDPATH, ensuring consistent command execution. Commands can still be overridden via smallstep/certificates#2493

Fixed

• Fix CRL IssuingDistributionPoint marshaling to correctly unset OnlyContainsUserCerts and OnlyContainsCACertssmallstep/certificates#2511
• Fix CRL DER download content-disposition filename extension from .der to .crlsmallstep/certificates#2537
• smallstep/certificates#2379
• smallstep/certificates#1893
• smallstep/certificates#2513
• smallstep/certificates#2569
• smallstep/certificates#2517
• smallstep/certificates#2515

Commits

• d34619c Update CHANGELOG for 0.30.0 (#2603)
• cfcbe4c Merge pull request #2602 from smallstep/mariano/scep-type-check
• e6da031 Add scep integration tests
• d4103d6 Merge pull request #2511 from savely-krasovsky/master
• 07e4424 Add revocation reason code to CRL | replace deprecated pkix.RevokeCertificate
• 3ce5113 Bump nosql and crypto (#2600)
• 927ecc7 Add actions and security-events permissions to release CI job (#2593)
• c14008e Fix the test for CRL disposition (#2599)
• 10cd5c2 Merge pull request #2537 from filimonic/crl-fix-crl-file-extension
• 6f1a228 Merge pull request #2594 from smallstep/dependabot/go_modules/github.com/goog...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[mholt]

Oops, meant to NOT approve this. Closing

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.