Bump github.com/theupdateframework/go-tuf from 0.3.1 to 0.5.0

[dependabot]

Bumps github.com/theupdateframework/go-tuf from 0.3.1 to 0.5.0.

Release notes

Sourced from github.com/theupdateframework/go-tuf's releases.

v0.5.0

Changelog

Features

• 61872a3ac6e6a475771c23bf1592a00c1773b3e7: feat: Support ecdsa and RSA keys (#270 with backwards compatibility) (#357) (@​asraa)

v0.4.0

Changelog

Features

• af3c7d6a7dff051e9ef4b965a1258df09249a13f: feat: Add new status command (#342) (@​doanac)
• 4febe4c81aa17b39a87c1bab1c6592b347ff4a56: feat(keys): JSON unmarshal hardening. (#275) (@​Zenithar)

Bug fixes

• 9020b3c884ca1456eaaa0656c3b2c25774a8d204: fix: Remove typo in Alternate signing flow (#344) (@​elfotografo007)
• 9334b3fef99a16358f59895a47563f3061733c87: fix: Redirect passphrase output to Standard error (#343) (@​elfotografo007)
• 2e6c62191fb27ac26b10dd7312d239ffd6c1e498: fix: require length and hashes for target metadata (#345) (@​asraa)
• 37601e1635fdcf696f3f7bd6ad4ffbfd3f4488be: fix: filesystemStore fails to prepend target file hashes on Windows (#274) (@​torin-carey)
• 2b415d0f0043dc434c63fb89321d3fa8638df78f: fix: update leveldb dependency (#350) (@​mfmarche)
• 1b070ee8b8b11c15e1d54a69786e110a1d409715: fix: add leveldb recover ability (#352) (@​mfmarche)
• 64ded1864de9e448e174d7270c66364d368eefe5: fix(verify): Fix a vulnerability in the verification of threshold signatures (due to handling of keys with multiple IDs) (#369) (@​cedricvanrompay-datadog)

Others

• 529fccafdd0d27ca9741802ab8d5fb84f6c3476d: chore(deps): bump arnested/go-version-action from 1.1.3 to 1.1.4 (#334) (@​dependabot[bot])
• f5f12b16b4267ab3b6c957db6e868a5a4345cc71: docs: Misc. docs fixes (#337) (@​znewman01)
• 0f17236394883185030fd84d85c9bbb0af9cabe8: docs: Add release process info for maintainers (#336) (@​znewman01)
• 40b67d26c82534912ab45fd734d5be26a852c64a: chore(deps): bump actions/setup-python from 4.0.0 to 4.1.0 (#340) (@​dependabot[bot])
• 9d0031b6e8ba3115cdea083aad6f1398180659bf: chore(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#339) (@​dependabot[bot])
• 768b63a553669a0f238c20fe532fc15a836b85ba: chore(deps): bump actions/setup-python from 4.1.0 to 4.2.0 (#351) (@​dependabot[bot])
• 8124e8ab6c862f978e48d83c2947b491f41a527d: chore!: Remove deprecated client Init() function (#353) (@​znewman01)
• 8b2d2abc064c267d218138b2cbb0c7fe301507e1: ci: Fix typo in Pull Request template (#355) (@​znewman01)
• f3a48f74a347ab1a01fca80c370be423620ff499: refactor!: rename "InitLocal" to "Init" (#354) (@​znewman01)
• ebbc6b8d12d861335a3fc6e7fd8c69a53acaa1e6: chore(deps): bump arnested/go-version-action from 1.1.4 to 1.1.5 (#359) (@​dependabot[bot])
• 9b6c5030165254dce97ff510f01026b8d8336242: chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#361) (@​dependabot[bot])
• d7ff71b6b12ef371ab654c45c15bae8fe2d79d84: test: Update Python interop tests to python-tuf v1.0.0 (#228) (@​znewman01)
• ac7b5d7bce18cca5a84a28b021bd6372f450b35b: chore(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#366) (@​dependabot[bot])
• 06ed59941769f55b7d54158a0be85a16a7475fa7: build: Use Go 1.17 for golangci linting and update golangci/golangci-lint-action (#364) (@​ethan-lowman-dd)

v0.3.2

Changelog

Bug fixes

• b6695e4ba6d0b98beb851054c0f187df8d54a639: fix(verify): backport "Fix a vulnerability in the verification of threshold si… (#375) (@​znewman01)

Commits

• 61872a3 feat: Support ecdsa and RSA keys (#270 with backwards compatibility) (#357)
• 06ed599 build: Use Go 1.17 for golangci linting and update golangci/golangci-lint-act...
• 64ded18 fix(verify): Fix a vulnerability in the verification of threshold signatures...
• ac7b5d7 chore(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#366)
• d7ff71b test: Update Python interop tests to python-tuf v1.0.0 (#228)
• 9b6c503 chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#361)
• ebbc6b8 chore(deps): bump arnested/go-version-action from 1.1.4 to 1.1.5 (#359)
• f3a48f7 refactor!: rename "InitLocal" to "Init" (#354)
• 8b2d2ab ci: Fix typo in Pull Request template (#355)
• 8124e8a chore!: Remove deprecated client Init() function (#353)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[asraa]

Will review and fix linter

[asraa]

Requires a sigstore/sigstore bump

[asraa]

I needed to bump sigstore/sigstore to main to pull in sigstore/sigstore@15fc6d2

Note that that was a breaking change, it would be good if sigstore/sigstore issued a release for it!

[cpanato]

I needed to bump sigstore/sigstore to main to pull in sigstore/sigstore@15fc6d2

Note that that was a breaking change, it would be good if sigstore/sigstore issued a release for it!

Will do