chore(deps): bump github.com/google/go-containerregistry from 0.18.0 to 0.19.0 #3521
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
cpanato
approved these changes
Feb 13, 2024
cpanato
deleted the
dependabot/go_modules/github.com/google/go-containerregistry-0.19.0
branch
nkreiger
pushed a commit
to fianulabs/cosign
that referenced
this pull request
Mar 2, 2024
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]>
nkreiger
pushed a commit
to fianulabs/cosign
that referenced
this pull request
Mar 7, 2024
Signed-off-by: Hayden Blauzvern <[email protected]> add tests Signed-off-by: Noah Kreiger <[email protected]> add e2e test for pkcs11 token signing (sigstore#3495) * added e2e test for pkcs11 token signing Signed-off-by: Vivek Kumar Sahu <[email protected]> add license Signed-off-by: Vivek Kumar Sahu <[email protected]> small fix Signed-off-by: Vivek Kumar Sahu <[email protected]> update shebang portable with cross platform Signed-off-by: Vivek Kumar Sahu <[email protected]> enable exit on error and xtrace mode Signed-off-by: Vivek Kumar Sahu <[email protected]> cleanup container Signed-off-by: Vivek Kumar Sahu <[email protected]> pkcs11 test with upcoming changes Signed-off-by: Vivek Kumar Sahu <[email protected]> run pkcs11 e2e test in a separate workflow Signed-off-by: Vivek Kumar Sahu <[email protected]> add pkcs11 test in separate workflow Signed-off-by: Vivek Kumar Sahu <[email protected]> * set shell to bash Signed-off-by: Vivek Kumar Sahu <[email protected]> * set shell options Signed-off-by: Vivek Kumar Sahu <[email protected]> --------- Signed-off-by: Vivek Kumar Sahu <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump the actions group with 1 update (sigstore#3516) Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9614fae...e1523de) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 (sigstore#3517) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.5 to 4.0.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@4fe8c5f...e0b68c6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump go.step.sm/crypto from 0.42.1 to 0.43.0 (sigstore#3519) Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump the gomod group with 1 update (sigstore#3518) Signed-off-by: Noah Kreiger <[email protected]> Update codeql-analysis.yml (sigstore#3524) Signed-off-by: Hayden B <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> ErrNoSignaturesFound should be used when there is no signature attached to an image. (sigstore#3526) * ErrNoSignaturesFound should be used when there is no signature attached to an image. Signed-off-by: zhaoyonghe <[email protected]> * Change error message. Signed-off-by: zhaoyonghe <[email protected]> * Add error type tests. Signed-off-by: zhaoyonghe <[email protected]> --------- Signed-off-by: zhaoyonghe <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> Make E2E tests hermetic (sigstore#3499) * Set rekor URL for online and offline tests Some tests were setting the REKOR_URL environment variable to try to test offline verification. This variable is no longer read so it was not doing anything. This change removes the variable and instead sets RekorURL in the command to either the local rekor instance (so that the public instance is not used) or to a bad url with Offline set to true so that offline verification is truly tested. This change also removes the COSIGN_EXPERIMENTAL variable which is no longer used, and replaces os.Setenv with testing.Setenv which localizes the environment setting to the scope of the test and removes the need for a cleanup function. Signed-off-by: Colleen Murphy <[email protected]> * Fix cleanup in E2E script Calling trap multiple times replaces the last signal handler rather than appending to it. This change ensures that the most recent trap includes all previous traps so that all cleanups are executed. Signed-off-by: Colleen Murphy <[email protected]> * Move verify tests from shell script to Go suite Move the `cosign dockerfile verify` and `cosign manifest verify` tests out of the shell script and into the e2e Go test suite file with all the other tests. This makes them consistent to manage. The initialization of fulcio roots in other tests pollutes the trust root in the new tests, so a reset is added to the fulcioroots package for testing only. Signed-off-by: Colleen Murphy <[email protected]> * Use local services for verify tests Update TestDockerfileVerify and TestManifestVerify to sign ephemeral images within the tests so that the signatures can be created with and verified from the locally running Fulcio and Rekor instances instead of verifying images with the public Rekor instance, so that the tests no longer depend on external services. The images are signed using --identity-token to avoid changing the nature of the verification tests, which were originally written to be keyless. A mock OIDC server is provisioned to provide the token and enable verification. Signed-off-by: Colleen Murphy <[email protected]> * Set rekor env variable in Go test suite Move the setting of SIGSTORE_REKOR_PUBLIC_KEY from the e2e shell script to the Go test suite, so that only the tests that need it have it set and the shell script is doing less setup. Also remove unnecessary instances of os.RemoveAll for temporary directories that the Go testing framework will automatically clean up. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> Correct help text of verify-attestation policy argument (sigstore#3527) Signed-off-by: michaelvl <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> Don't ignore transparency log in tests if possible (sigstore#3528) Update the e2e tests to default to setting IgnoreTlog to false where possible. In some cases, where the IgnoreTlog functionality is being explicitly tested, continue to set it to true. Since the transparency log isn't being ignored, the signing commands need to upload it and need the rekor public key and URL in order to do so. Removes one redundant test. Signed-off-by: Colleen Murphy <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump the gomod group with 1 update (sigstore#3530) Bumps the gomod group with 1 update: cuelang.org/go. Updates `cuelang.org/go` from 0.7.0 to 0.7.1 --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 (sigstore#3531) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.18.0 to 0.19.0. - [Commits](golang/crypto@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (sigstore#3532) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.16.0 to 0.17.0. - [Commits](golang/oauth2@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump the actions group with 3 updates (sigstore#3535) Bumps the actions group with 3 updates: [google-github-actions/auth](https://github.com/google-github-actions/auth), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [mikefarah/yq](https://github.com/mikefarah/yq). Updates `google-github-actions/auth` from 2.1.0 to 2.1.1 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@5a50e58...a6e2e39) Updates `actions/upload-artifact` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@26f96df...5d5d22a) Updates `mikefarah/yq` from 4.40.5 to 4.40.7 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@dd64899...bb66c9c) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump github.com/google/go-containerregistry (sigstore#3521) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (sigstore#3536) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@3a91952...3cfe3a4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump github.com/xanzy/go-gitlab from 0.96.0 to 0.97.0 (sigstore#3522) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.96.0 to 0.97.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.96.0...v0.97.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump google.golang.org/api from 0.160.0 to 0.164.0 (sigstore#3538) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.160.0 to 0.164.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.160.0...v0.164.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> use go1.21.7 as go-version in actions/setup-go (sigstore#3540) * use go1.21 as go-version in actions/setup-go Signed-off-by: Dmitry S <[email protected]> * e2e-tests.yml - remove unused GO_VERSION env var Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): update github/codeql-action requirement to 65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 (sigstore#3537) * chore(deps): update github/codeql-action requirement to 65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action) to permit the latest version. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/commits/65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Update scorecard-action.yml Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> fix semgrep issues for dgryski.semgrep-go ruleset (sigstore#3541) * fix semgrep issues dgryski.semgrep-go ruleset Signed-off-by: Dmitry S <[email protected]> * golangci-lint: check error value of out.Write() Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump google.golang.org/api from 0.164.0 to 0.165.0 (sigstore#3545) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.164.0 to 0.165.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.164.0...v0.165.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump the actions group with 1 update (sigstore#3546) Bumps the actions group with 1 update: [mikefarah/yq](https://github.com/mikefarah/yq). Updates `mikefarah/yq` from 4.40.7 to 4.41.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@bb66c9c...0476945) --- updated-dependencies: - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump the gomod group with 2 updates (sigstore#3543) Bumps the gomod group with 2 updates: [github.com/sigstore/timestamp-authority](https://github.com/sigstore/timestamp-authority) and [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `github.com/sigstore/timestamp-authority` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/sigstore/timestamp-authority/releases) - [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md) - [Commits](sigstore/timestamp-authority@v1.2.1...v1.2.2) Updates `go.step.sm/crypto` from 0.43.0 to 0.43.1 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.43.0...v0.43.1) --- updated-dependencies: - dependency-name: github.com/sigstore/timestamp-authority dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> fix 'go vet -tags e2e ./...' (sigstore#3550) * fix 'go vet -tags e2e ./...' Signed-off-by: Dmitry S <[email protected]> * fix typo in 'concatenating' Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump github.com/xanzy/go-gitlab from 0.97.0 to 0.98.0 (sigstore#3556) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.97.0 to 0.98.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.97.0...v0.98.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 (sigstore#3557) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.165.0 to 0.167.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.165.0...v0.167.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> remove unused rootPool var (sigstore#3559) Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> Bump sigstore/sigstore to v1.8.2 (sigstore#3561) Signed-off-by: Noah Kreiger <[email protected]> Correct help text of triangulate cmd (sigstore#3551) Signed-off-by: michaelvl <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump imranismail/setup-kustomize from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198 (sigstore#3554) * chore(deps): bump imranismail/setup-kustomize Bumps [imranismail/setup-kustomize](https://github.com/imranismail/setup-kustomize) from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198. - [Release notes](https://github.com/imranismail/setup-kustomize/releases) - [Commits](imranismail/setup-kustomize@a76db1c...f6959cf) --- updated-dependencies: - dependency-name: imranismail/setup-kustomize dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Update kind-e2e-insecure-registry.yaml Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <[email protected]> Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump the actions group with 3 updates (sigstore#3564) Bumps the actions group with 3 updates: [google-github-actions/auth](https://github.com/google-github-actions/auth), [mikefarah/yq](https://github.com/mikefarah/yq) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `google-github-actions/auth` from 2.1.1 to 2.1.2 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@a6e2e39...55bd3a7) Updates `mikefarah/yq` from 4.41.1 to 4.42.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@0476945...9adde1a) Updates `codecov/codecov-action` from 4.0.1 to 4.1.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@e0b68c6...54bcd87) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Noah Kreiger <[email protected]> add flag for fulcio auth flow and client creds Signed-off-by: Noah Kreiger <[email protected]> chore(deps): bump the actions group with 1 update (sigstore#3516) Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9614fae...e1523de) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update codeql-analysis.yml (sigstore#3524) Signed-off-by: Hayden B <[email protected]> ErrNoSignaturesFound should be used when there is no signature attached to an image. (sigstore#3526) * ErrNoSignaturesFound should be used when there is no signature attached to an image. Signed-off-by: zhaoyonghe <[email protected]> * Change error message. Signed-off-by: zhaoyonghe <[email protected]> * Add error type tests. Signed-off-by: zhaoyonghe <[email protected]> --------- Signed-off-by: zhaoyonghe <[email protected]> Correct help text of verify-attestation policy argument (sigstore#3527) Signed-off-by: michaelvl <[email protected]> Don't ignore transparency log in tests if possible (sigstore#3528) Update the e2e tests to default to setting IgnoreTlog to false where possible. In some cases, where the IgnoreTlog functionality is being explicitly tested, continue to set it to true. Since the transparency log isn't being ignored, the signing commands need to upload it and need the rekor public key and URL in order to do so. Removes one redundant test. Signed-off-by: Colleen Murphy <[email protected]> chore(deps): bump the gomod group with 1 update (sigstore#3530) Bumps the gomod group with 1 update: cuelang.org/go. Updates `cuelang.org/go` from 0.7.0 to 0.7.1 --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore(deps): bump github.com/google/go-containerregistry (sigstore#3521) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (sigstore#3536) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@3a91952...3cfe3a4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> use go1.21.7 as go-version in actions/setup-go (sigstore#3540) * use go1.21 as go-version in actions/setup-go Signed-off-by: Dmitry S <[email protected]> * e2e-tests.yml - remove unused GO_VERSION env var Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> chore(deps): update github/codeql-action requirement to 65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 (sigstore#3537) * chore(deps): update github/codeql-action requirement to 65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action) to permit the latest version. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/commits/65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Update scorecard-action.yml Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <[email protected]> fix semgrep issues for dgryski.semgrep-go ruleset (sigstore#3541) * fix semgrep issues dgryski.semgrep-go ruleset Signed-off-by: Dmitry S <[email protected]> * golangci-lint: check error value of out.Write() Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> fix 'go vet -tags e2e ./...' (sigstore#3550) * fix 'go vet -tags e2e ./...' Signed-off-by: Dmitry S <[email protected]> * fix typo in 'concatenating' Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> chore(deps): bump github.com/xanzy/go-gitlab from 0.97.0 to 0.98.0 (sigstore#3556) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.97.0 to 0.98.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](xanzy/go-gitlab@v0.97.0...v0.98.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> remove unused rootPool var (sigstore#3559) Signed-off-by: Dmitry S <[email protected]> Bump sigstore/sigstore to v1.8.2 (sigstore#3561) Correct help text of triangulate cmd (sigstore#3551) Signed-off-by: michaelvl <[email protected]> chore(deps): bump imranismail/setup-kustomize from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198 (sigstore#3554) * chore(deps): bump imranismail/setup-kustomize Bumps [imranismail/setup-kustomize](https://github.com/imranismail/setup-kustomize) from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198. - [Release notes](https://github.com/imranismail/setup-kustomize/releases) - [Commits](imranismail/setup-kustomize@a76db1c...f6959cf) --- updated-dependencies: - dependency-name: imranismail/setup-kustomize dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Update kind-e2e-insecure-registry.yaml Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <[email protected]> chore(deps): bump the actions group with 3 updates (sigstore#3564) Bumps the actions group with 3 updates: [google-github-actions/auth](https://github.com/google-github-actions/auth), [mikefarah/yq](https://github.com/mikefarah/yq) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `google-github-actions/auth` from 2.1.1 to 2.1.2 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@a6e2e39...55bd3a7) Updates `mikefarah/yq` from 4.41.1 to 4.42.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@0476945...9adde1a) Updates `codecov/codecov-action` from 4.0.1 to 4.1.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@e0b68c6...54bcd87) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> re-add missing from rebase Signed-off-by: Noah Kreiger <[email protected]> add to doc Signed-off-by: Noah Kreiger <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps github.com/google/go-containerregistry from 0.18.0 to 0.19.0.
Release notes
Sourced from github.com/google/go-containerregistry's releases.
Commits
8dadbe7Work around docker v25 tarballs (#1872)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions