-
Notifications
You must be signed in to change notification settings - Fork 547
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump the gomod group with 5 updates #3574
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependabot
bot
added
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
labels
Mar 4, 2024
@dependabot rebase |
Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.27.1` | `0.27.2` | | [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) | `0.22.0` | `0.22.2` | | [github.com/go-openapi/swag](https://github.com/go-openapi/swag) | `0.22.9` | `0.22.10` | | [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.4.3` | `1.4.4` | | [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.8.4` | `1.9.0` | Updates `github.com/go-openapi/runtime` from 0.27.1 to 0.27.2 - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.27.1...v0.27.2) Updates `github.com/go-openapi/strfmt` from 0.22.0 to 0.22.2 - [Commits](go-openapi/strfmt@v0.22.0...v0.22.2) Updates `github.com/go-openapi/swag` from 0.22.9 to 0.22.10 - [Commits](go-openapi/swag@v0.22.9...v0.22.10) Updates `github.com/sigstore/fulcio` from 1.4.3 to 1.4.4 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.4.3...v1.4.4) Updates `github.com/stretchr/testify` from 1.8.4 to 1.9.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/strfmt dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/swag dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/go_modules/gomod-3ef8153e0d
branch
from
March 4, 2024 19:23
0e64825
to
1625685
Compare
cpanato
approved these changes
Mar 4, 2024
tommyd450
pushed a commit
to tommyd450/cosign
that referenced
this pull request
Jun 7, 2024
Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.27.1` | `0.27.2` | | [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) | `0.22.0` | `0.22.2` | | [github.com/go-openapi/swag](https://github.com/go-openapi/swag) | `0.22.9` | `0.22.10` | | [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.4.3` | `1.4.4` | | [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.8.4` | `1.9.0` | Updates `github.com/go-openapi/runtime` from 0.27.1 to 0.27.2 - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.27.1...v0.27.2) Updates `github.com/go-openapi/strfmt` from 0.22.0 to 0.22.2 - [Commits](go-openapi/strfmt@v0.22.0...v0.22.2) Updates `github.com/go-openapi/swag` from 0.22.9 to 0.22.10 - [Commits](go-openapi/swag@v0.22.9...v0.22.10) Updates `github.com/sigstore/fulcio` from 1.4.3 to 1.4.4 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.4.3...v1.4.4) Updates `github.com/stretchr/testify` from 1.8.4 to 1.9.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/strfmt dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/swag dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
lance
added a commit
to securesign/cosign
that referenced
this pull request
Sep 5, 2024
* fix 'go vet -tags e2e ./...' (#3550) * fix 'go vet -tags e2e ./...' Signed-off-by: Dmitry S <[email protected]> * fix typo in 'concatenating' Signed-off-by: Dmitry S <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> * chore(deps): bump github.com/xanzy/go-gitlab from 0.97.0 to 0.98.0 (#3556) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.97.0 to 0.98.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.97.0...v0.98.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 (#3557) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.165.0 to 0.167.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.165.0...v0.167.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * remove unused rootPool var (#3559) Signed-off-by: Dmitry S <[email protected]> * Bump sigstore/sigstore to v1.8.2 (#3561) * Correct help text of triangulate cmd (#3551) Signed-off-by: michaelvl <[email protected]> * chore(deps): bump imranismail/setup-kustomize from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198 (#3554) * chore(deps): bump imranismail/setup-kustomize Bumps [imranismail/setup-kustomize](https://github.com/imranismail/setup-kustomize) from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198. - [Release notes](https://github.com/imranismail/setup-kustomize/releases) - [Commits](https://github.com/imranismail/setup-kustomize/compare/a76db1c6419124d51470b1e388c4b29476f495f1...f6959cf94216d4be0182d7c78b39f14d0c8bb198) --- updated-dependencies: - dependency-name: imranismail/setup-kustomize dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Update kind-e2e-insecure-registry.yaml Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Carlos Tadeu Panato Junior <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <[email protected]> * chore(deps): bump the actions group with 3 updates (#3564) Bumps the actions group with 3 updates: [google-github-actions/auth](https://github.com/google-github-actions/auth), [mikefarah/yq](https://github.com/mikefarah/yq) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `google-github-actions/auth` from 2.1.1 to 2.1.2 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/a6e2e39c0a0331da29f7fd2c2a20a427e8d3ad1f...55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c) Updates `mikefarah/yq` from 4.41.1 to 4.42.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](https://github.com/mikefarah/yq/compare/047694546cad8f9eaac1627bbc8bcc502fdd88bf...9adde1ac14bb283b8955d2b0d567bcaf3c69e639) Updates `codecov/codecov-action` from 4.0.1 to 4.1.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/e0b68c6749509c5f83f984dd99a76a1c1a231044...54bcd8715eee62d40e33596ef5e8f0f48dbbccab) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update builder image, cosign image, golangci-lint (#3565) * update cosign and builder image Signed-off-by: cpanato <[email protected]> * update golangci-lint to v1.56 Signed-off-by: cpanato <[email protected]> * update go.mod in fakeoidc Signed-off-by: cpanato <[email protected]> * fix lints Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: cpanato <[email protected]> * chore(deps): bump the actions group with 1 update (#3576) Bumps the actions group with 1 update: [actions/cache](https://github.com/actions/cache). Updates `actions/cache` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/13aacd865c20de90d75de3b17ebe84f7a17d57d2...ab5e6d0c87105b4c9c2047343972218f562e4319) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#3575) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.61.0 to 0.62.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.61.0...v0.62.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the gomod group with 5 updates (#3574) Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.27.1` | `0.27.2` | | [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) | `0.22.0` | `0.22.2` | | [github.com/go-openapi/swag](https://github.com/go-openapi/swag) | `0.22.9` | `0.22.10` | | [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.4.3` | `1.4.4` | | [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.8.4` | `1.9.0` | Updates `github.com/go-openapi/runtime` from 0.27.1 to 0.27.2 - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](https://github.com/go-openapi/runtime/compare/v0.27.1...v0.27.2) Updates `github.com/go-openapi/strfmt` from 0.22.0 to 0.22.2 - [Commits](https://github.com/go-openapi/strfmt/compare/v0.22.0...v0.22.2) Updates `github.com/go-openapi/swag` from 0.22.9 to 0.22.10 - [Commits](https://github.com/go-openapi/swag/compare/v0.22.9...v0.22.10) Updates `github.com/sigstore/fulcio` from 1.4.3 to 1.4.4 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/fulcio/compare/v1.4.3...v1.4.4) Updates `github.com/stretchr/testify` from 1.8.4 to 1.9.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/strfmt dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/swag dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * free up disk space during e2e test runs (#3579) Signed-off-by: Bob Callaway <[email protected]> * Honor creation timestamp for signatures again (#3549) * Honor creation timestamp for signatures again Signed-off-by: ttrabelsi <[email protected]> * setting creation timestamp behind a feature flag to preserve current behavior Signed-off-by: Tobias Trabelsi <[email protected]> * review feedback Signed-off-by: Tobias Trabelsi <[email protected]> * additional review feedback Signed-off-by: Tobias Trabelsi <[email protected]> --------- Signed-off-by: ttrabelsi <[email protected]> Signed-off-by: Tobias Trabelsi <[email protected]> * chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 (#3582) Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v3.0.2...v3.0.3) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 (#3581) Bumps gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3. --- updated-dependencies: - dependency-name: gopkg.in/go-jose/go-jose.v2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * bump release to use go 1.21.8 (#3583) * Clean up READMEs (#3587) Remove deprecated markdown files with only links to docs.sigstore.dev, clean up outdated data in README, remove FEATURES which is outdated Signed-off-by: Hayden B <[email protected]> * chore(deps): bump the actions group with 1 update (#3588) * chore(deps): bump github.com/xanzy/go-gitlab from 0.98.0 to 0.100.0 (#3590) * chore(deps): bump the gomod group with 4 updates (#3589) * Update README for contributions (#3596) Encourage development on sigstore-go, which is the focus currently. Signed-off-by: Hayden B <[email protected]> * chore(deps): bump github.com/go-openapi/runtime from 0.27.2 to 0.28.0 (#3595) Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.27.2 to 0.28.0. - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](https://github.com/go-openapi/runtime/compare/v0.27.2...v0.28.0) --- updated-dependencies: - dependency-name: github.com/go-openapi/runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#3591) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/oauth2/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/api from 0.167.0 to 0.169.0 (#3594) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.167.0 to 0.169.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.167.0...v0.169.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578) * add fulcio oauth flow client credentials Signed-off-by: Noah Kreiger <[email protected]> * fix docgen Signed-off-by: Noah Kreiger <[email protected]> * add options Signed-off-by: Noah Kreiger <[email protected]> --------- Signed-off-by: Noah Kreiger <[email protected]> * Update the script for working with blobs (#3610) The demo script for working with blobs was inaccurate in its current representation. I updated the commands such that they can be easily copied and pasted to get the shown output. Signed-off-by: arewm <[email protected]> * chore(deps): bump the actions group with 1 update (#3607) Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...9bb56186c3b09b4f86b1c65136769dd318469633) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cuelang.org/go from 0.7.1 to 0.8.0 (#3606) Bumps cuelang.org/go from 0.7.1 to 0.8.0. --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/api from 0.169.0 to 0.170.0 (#3605) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.169.0 to 0.170.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.169.0...v0.170.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the gomod group with 1 update (#3603) Bumps the gomod group with 1 update: [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry). Updates `github.com/google/go-containerregistry` from 0.19.0 to 0.19.1 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.19.0...v0.19.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/docker/docker (#3612) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 24.0.9+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.7...v24.0.9) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Put secrets on github organizations (#3567) * support for github org secrets Signed-off-by: Marlon Pina Tojal <[email protected]> --------- Signed-off-by: Marlon Pina Tojal <[email protected]> Co-authored-by: Marlon Pina Tojal <[email protected]> * Update CHANGELOG for v1.13.6 (#3618) * Update CHANGELOG for v1.13.5 Signed-off-by: Hayden B <[email protected]> * Bump release Signed-off-by: Hayden B <[email protected]> --------- Signed-off-by: Hayden B <[email protected]> * chore(deps): bump the actions group with 2 updates (#3623) Bumps the actions group with 2 updates: [actions/cache](https://github.com/actions/cache) and [mikefarah/yq](https://github.com/mikefarah/yq). Updates `actions/cache` from 4.0.1 to 4.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/ab5e6d0c87105b4c9c2047343972218f562e4319...0c45773b623bea8c8e75f6c82b208c3cf94ea4f9) Updates `mikefarah/yq` from 4.42.1 to 4.43.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](https://github.com/mikefarah/yq/compare/9adde1ac14bb283b8955d2b0d567bcaf3c69e639...c35ec752e38ea0c096d3c44e13cfc0797ac394d8) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/xanzy/go-gitlab from 0.100.0 to 0.101.0 (#3624) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.100.0 to 0.101.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.100.0...v0.101.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/api from 0.170.0 to 0.171.0 (#3626) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.170.0 to 0.171.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.170.0...v0.171.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump go.step.sm/crypto from 0.43.1 to 0.44.1 (#3625) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.43.1 to 0.44.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.43.1...v0.44.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Clean up and clarify e2e scripts (#3628) * Add comment to test/piv_test.go Since f6d84815 it's not clear what this file is for, as it's not run in CI. Add a link to the docs that reference it to make it clear this is still needed. Signed-off-by: Colleen Murphy <[email protected]> * Clean up unused test script e2e_test_secrets.sh is no longer called from CI as of f6332211. It's objective is largely redundant with tests already in e2e_test.go, so just remove it. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]> * Remove cross.yaml workflow (#3629) The artifacts uploaded by cross.yaml are not used anywhere. Moreover, the ability to build on all three platforms and use the resulting binary is already tested in e2e-with-binary.yml. This change removes the workflow for the sake of decluttering the workflows and reducing our use of GitHub storage. Signed-off-by: Colleen Murphy <[email protected]> * chore(deps): bump the gomod group with 6 updates (#3633) Bumps the gomod group with 6 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.2` | `1.8.3` | | [go.step.sm/crypto](https://github.com/smallstep/crypto) | `0.44.1` | `0.44.2` | Updates `github.com/sigstore/sigstore` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.2...v1.8.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.2...v1.8.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.2...v1.8.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.2...v1.8.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.2...v1.8.3) Updates `go.step.sm/crypto` from 0.44.1 to 0.44.2 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.44.1...v0.44.2) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/api from 0.171.0 to 0.172.0 (#3635) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.171.0 to 0.172.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.171.0...v0.172.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/open-policy-agent/opa from 0.62.1 to 0.63.0 (#3636) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.62.1 to 0.63.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.62.1...v0.63.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the actions group with 1 update (#3637) Bumps the actions group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/54bcd8715eee62d40e33596ef5e8f0f48dbbccab...c16abc29c95fcf9174b58eb7e1abf4c866893bc8) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add OVHcloud MPR registry tested with cosign (#3639) Signed-off-by: Aurelie Vache <[email protected]> * Fixing issue 3642 (#3643) Signed-off-by: Mukuls77 <[email protected]> * Fixing issue 3642 (#3644) * add oci bundle spec (#3622) * add oci bundle spec Signed-off-by: Brian DeHamer <[email protected]> * clarify annotation scheme Signed-off-by: Brian DeHamer <[email protected]> * add signer annotation Signed-off-by: Brian DeHamer <[email protected]> * update bundle media type Signed-off-by: Brian DeHamer <[email protected]> * remove reference to signer annotation Signed-off-by: Brian DeHamer <[email protected]> --------- Signed-off-by: Brian DeHamer <[email protected]> * chore(deps): bump the actions group with 2 updates (#3647) Bumps the actions group with 2 updates: [cpanato/vault-installer](https://github.com/cpanato/vault-installer) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `cpanato/vault-installer` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/cpanato/vault-installer/releases) - [Commits](https://github.com/cpanato/vault-installer/compare/478a771bf999907426686b67eb53a4ca5713f077...df0775e6f6ee38dee09eaf57ede66ac6a414b70e) Updates `codecov/codecov-action` from 4.1.1 to 4.2.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/c16abc29c95fcf9174b58eb7e1abf4c866893bc8...7afa10ed9b269c561c2336fd862446844e0cbf71) --- updated-dependencies: - dependency-name: cpanato/vault-installer dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the gomod group with 3 updates (#3648) Bumps the gomod group with 3 updates: cuelang.org/go, [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) and [github.com/sigstore/rekor](https://github.com/sigstore/rekor). Updates `cuelang.org/go` from 0.8.0 to 0.8.1 Updates `github.com/sigstore/fulcio` from 1.4.4 to 1.4.5 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/fulcio/compare/v1.4.4...v1.4.5) Updates `github.com/sigstore/rekor` from 1.3.5 to 1.3.6 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/rekor/compare/v1.3.5...v1.3.6) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/rekor dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 (#3650) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.18.0 to 0.19.0. - [Commits](https://github.com/golang/oauth2/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/term from 0.18.0 to 0.19.0 (#3651) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.18.0 to 0.19.0. - [Commits](https://github.com/golang/term/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/xanzy/go-gitlab from 0.101.0 to 0.102.0 (#3652) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.101.0 to 0.102.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.101.0...v0.102.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 (#3655) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.6.0 to 0.7.0. - [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 (#3653) Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.1.7 to 2.2.0. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](https://github.com/spiffe/go-spiffe/compare/v2.1.7...v2.2.0) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#3649) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.22.0. - [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Refactor e2e-tests.yml workflow (#3627) * Move attach e2e tests into Go test suite Run the e2e_test_attach.sh tests in Go, as a step toward making all the e2e tests consistent with one another. This also has the added benefit of no longer relying on ttl.sh since test images are hosted in the mock registry server. These tests were being run in CI under Linux and Mac, since they don't rely on a Kind instance or any Sigstore services. This change updates the GitHub workflow for the attach tests to simply run all e2e tests that are compatible with the macos runner. Signed-off-by: Colleen Murphy <[email protected]> * Reorganize cross-platform attach tests Move all the e2e tests for cosign attachments that can be run independently without other Sigstore services into the new e2e_attach_test.go file, to make the main e2e_test.go file a more mantainable size and to get the benefit of running these tests in the e2e-cross job which runs on macos and linux. Signed-off-by: Colleen Murphy <[email protected]> * Move TSA MTLS tests into Go test suite Run the e2e_tsa_mtls.sh tests in Go. With this, a separate step to run the script is unnecessary for the Github workflow, since it will be run as part of the e2e-cross job. Signed-off-by: Colleen Murphy <[email protected]> * Move TSA blob tests into Go test suite Run the e2e_signblob_tsa_mtls.sh tests in Go. The e2e-tsa-mtls job in the e2e-tests workflow is fully removed since these are now all covered in e2e-cross. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]> * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661) * Merge pull request from GHSA-95pr-fxf5-86gv An Image may come from an untrusted source and contain an unknown number of signatures in the .sig manifest. A common pattern in cosign is to use the number of signatures as the capacity for a new slice. But this means the size of the slice is based on an unvalidated external input and could result in cosign running out of memory. This change adds validation for certain implementations of the oci.Signatures Get() method to limit the number of image descriptors returned. This way, callers can rely on the returned slice of signatures being a reasonable size to process safely. The limit is set to 1000, which is a generous size based on the practical restrictions that container registries set for image manifest size and approximations of memory allocations for signature layers. Signed-off-by: Colleen Murphy <[email protected]> * Merge pull request from GHSA-88jx-383q-w4qc When downloading an attestation or SBOM from an external source, check its size before reading it into memory. This protects the host from potentially reading a maliciously large attachment into memory and exhausting the system. SBOMs can vary widely in size, and there could be legitimate SBOMs of up to 700MB. However, reading a 700MB SBOM into memory would easily bring down a small cloud VM. Moreover, most SBOMs are not going to be that large. This change sets a reasonable default of 128MiB, and allows overriding the default by setting the environment variable `COSIGN_MAX_ATTACHMENT_SIZE`. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]> * Add v2.2.4 changelog (#3662) Signed-off-by: Hayden Blauzvern <[email protected]> * bump scaffolding to latest release for testing (#3663) Signed-off-by: Bob Callaway <[email protected]> * fix latest tag not being created and add latest to the dev image as well and go updates (#3664) * fix latest tag not being created and add latest to the dev image as well Signed-off-by: cpanato <[email protected]> * update cosign to 2.2.4 Signed-off-by: cpanato <[email protected]> * update go for the builder image to use 1.21.9 Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: cpanato <[email protected]> * chore(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 (#3656) Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.7.7 to 0.8.1. - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.7.7...v0.8.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * switch to community repo of reusable-release (#3666) Signed-off-by: Bob Callaway <[email protected]> * chore(deps): bump the actions group with 3 updates (#3668) * chore(deps): bump go.step.sm/crypto in the gomod group (#3667) Bumps the gomod group with 1 update: [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `go.step.sm/crypto` from 0.44.2 to 0.44.3 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.44.2...v0.44.3) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add registry options to cosign save (#3645) Signed-off-by: JasonPowr <[email protected]> * chore(deps): bump the actions group with 2 updates (#3676) Bumps the actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/checkout` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/9bb56186c3b09b4f86b1c65136769dd318469633...1d96c772d19495a3b5c517cd2bc0cb401ea0529f) Updates `actions/upload-artifact` from 4.3.1 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/5d5d22a31266ced268874388b861e4b58bb5c2f3...65462800fd760344b1a7b4382951275a0abb4808) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump go.step.sm/crypto in the gomod group (#3672) Bumps the gomod group with 1 update: [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `go.step.sm/crypto` from 0.44.3 to 0.44.6 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.44.3...v0.44.6) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/api from 0.172.0 to 0.176.0 (#3673) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.172.0 to 0.176.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.172.0...v0.176.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/xanzy/go-gitlab from 0.102.0 to 0.103.0 (#3674) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.102.0 to 0.103.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.102.0...v0.103.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: close attestationFile (#3679) Signed-off-by: guangwu <[email protected]> * chore(deps): bump actions/checkout in the actions group (#3680) Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/1d96c772d19495a3b5c517cd2bc0cb401ea0529f...0ad4b8fadaa221de15dcec353f45205ec38ea70b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (#3681) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4.0.0 to 5.1.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/3cfe3a4abbb849e10058ce4af15d205b6da42804...9d1e0624a798bb64f6c3cea93db47765312263dc) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the gomod group with 3 updates (#3682) Bumps the gomod group with 3 updates: cuelang.org/go, [go.step.sm/crypto](https://github.com/smallstep/crypto) and [google.golang.org/api](https://github.com/googleapis/google-api-go-client). Updates `cuelang.org/go` from 0.8.1 to 0.8.2 Updates `go.step.sm/crypto` from 0.44.6 to 0.44.8 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.44.6...v0.44.8) Updates `google.golang.org/api` from 0.176.0 to 0.176.1 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.176.0...v0.176.1) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/open-policy-agent/opa from 0.63.0 to 0.64.1 (#3683) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.63.0 to 0.64.1. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.63.0...v0.64.1) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Refactor KMS E2E tests (#3684) * Move KMS tests from shell script to Go test suite Signed-off-by: Colleen Murphy <[email protected]> * Make KMS E2E tests hermetic Use the scaffolding setup action to set up a local sigstore cluster and run the KMS tests against the local rekor instance instead of the public, production instance. Signed-off-by: Colleen Murphy <[email protected]> * Move KMS E2E workflow into main e2e-tests file Condense the E2E tests into fewer workflow files. There are no unique conditions that require them to be in separate files. Condensing them makes them easier to discover, and makes the Actions tab in GitHub cleaner because there are fewer workflows to sort through. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]> * chore(deps): bump the actions group with 3 updates (#3686) Bumps the actions group with 3 updates: [actions/setup-go](https://github.com/actions/setup-go), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `actions/setup-go` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/0c52d547c9bc32b1aa3301fd7a9cb496313a4491...cdcb36043654635271a94b9a6d1392de5bb323a7) Updates `codecov/codecov-action` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/84508663e988701840491b86de86b666e8a86bed...5ecb98a3c6b747ed38dc09f787459979aebb39be) Updates `golangci/golangci-lint-action` from 5.1.0 to 5.3.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/9d1e0624a798bb64f6c3cea93db47765312263dc...38e1018663fa5173f3968ea0777460d3de38f256) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/api from 0.176.1 to 0.177.0 (#3687) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.176.1 to 0.177.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.176.1...v0.177.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/xanzy/go-gitlab from 0.103.0 to 0.104.0 (#3688) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.103.0 to 0.104.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.103.0...v0.104.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#3691) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.19.0 to 0.20.0. - [Commits](https://github.com/golang/oauth2/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/api from 0.177.0 to 0.180.0 (#3698) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.177.0 to 0.180.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.177.0...v0.180.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the actions group with 3 updates (#3694) Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [mikefarah/yq](https://github.com/mikefarah/yq) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `actions/checkout` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/0ad4b8fadaa221de15dcec353f45205ec38ea70b...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b) Updates `mikefarah/yq` from 4.43.1 to 4.44.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](https://github.com/mikefarah/yq/compare/c35ec752e38ea0c096d3c44e13cfc0797ac394d8...557dcb87b8efe786f89a12c09e9046b4753ab72e) Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693) * Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface Signed-off-by: Cody Soyland <[email protected]> * Add test for PayloadProvider interface Signed-off-by: Cody Soyland <[email protected]> --------- Signed-off-by: Cody Soyland <[email protected]> * chore(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#3695) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5.3.0 to 6.0.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/38e1018663fa5173f3968ea0777460d3de38f256...a4f60bb28d35aeee14e6880718e0c85ff1882e64) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigs.k8s.io/release-utils in the gomod group (#3696) Bumps the gomod group with 1 update: [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils). Updates `sigs.k8s.io/release-utils` from 0.8.1 to 0.8.2 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.8.1...v0.8.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/xanzy/go-gitlab from 0.104.0 to 0.105.0 (#3697) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.104.0 to 0.105.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.104.0...v0.105.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Refactor insecure registry E2E tests (#3701) * Fix e2e test copypaste error Signed-off-by: Colleen Murphy <[email protected]> * Clean up kind-e2e-insecure-registry workflow - These tests don't use KinD, don't set it up - Don't install yq, ko, or kustomize - The scripts build cosign, no need to build it in its own step - Don't use global environment variables when they're only needed for individual steps Signed-off-by: Colleen Murphy <[email protected]> * Move insecure OCI 1.0 registry tests to Go suite Signed-off-by: Colleen Murphy <[email protected]> * Move insecure OCI 1.1 registry tests to Go suite Signed-off-by: Colleen Murphy <[email protected]> * Make registry tests hermetic Signed-off-by: Colleen Murphy <[email protected]> * Move insecure registry workflow to e2e tests Condense the kind-e2e-insecure-registry workflow into the rest of the E2E tests workflow. The workflow name was misleading because these tests don't relate to KinD except as an implementation detail of the scaffolding action. Combining it makes it more discoverable and reduces clutter inthe GitHub Actions UI. Signed-off-by: Colleen Murphy <[email protected]> --------- Signed-off-by: Colleen Murphy <[email protected]> * Remove KMS E2E test script (#3702) Should have been removed as part of fa17fab. Signed-off-by: Colleen Murphy <[email protected]> * Remove sign_blob_test.sh test (#3707) The bug that this test was meant to address[1] applies to a feature that was removed from cosign[2]. The updates made to the script to allow for the breaking changes actually make the test invalid, because while it was once verifying the original artifact signature, the final verification step is now actually verifying against the uploaded rekor entry, so the original signature is inconsequential. [1] https://github.com/sigstore/cosign/pull/1673 [2] https://github.com/sigstore/cosign/pull/2425 Signed-off-by: Colleen Murphy <[email protected]> * Add README.md for tests (#3708) Signed-off-by: Colleen Murphy <[email protected]> * chore(deps): bump the actions group with 3 updates (#3706) Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [google-github-actions/auth](https://github.com/google-github-actions/auth) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `actions/checkout` from 4.1.5 to 4.1.6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/44c2b7a8a4ea60a981eaca3cf939b5f4305c123b...a5ac7e51b41094c92402da3b24376905380afc29) Updates `google-github-actions/auth` from 2.1.2 to 2.1.3 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c...71fee32a0bb7e97b4d33d548e7d957010649d8fa) Updates `codecov/codecov-action` from 4.3.1 to 4.4.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/5ecb98a3c6b747ed38dc09f787459979aebb39be...125fc84a9a348dbcf27191600683ec096ec9021c) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/api from 0.180.0 to 0.181.0 (#3703) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.180.0 to 0.181.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.180.0...v0.181.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump go.step.sm/crypto from 0.44.8 to 0.45.0 (#3704) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.44.8 to 0.45.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.44.8...v0.45.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump go.step.sm/crypto in the gomod group (#3710) Bumps the gomod group with 1 update: [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `go.step.sm/crypto` from 0.45.0 to 0.45.1 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.45.0...v0.45.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.65.0 (#3714) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.64.1 to 0.65.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.64.1...v0.65.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the gomod group with 5 updates (#3713) Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstor…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the gomod group with 5 updates:
0.27.1
0.27.2
0.22.0
0.22.2
0.22.9
0.22.10
1.4.3
1.4.4
1.8.4
1.9.0
Updates
github.com/go-openapi/runtime
from 0.27.1 to 0.27.2Commits
dcc94aa
fix(ci): remove dependency-type from dependabot groups8560f81
test: added tests in all packages35b5892
chore(lint): relintede6a1173
ci: remove paths-ignore27f2197
Bump the go-openapi-dependencies group with 1 update856fbe2
Bump the development-dependencies group with 1 update91a8d68
chore(ci): prevents duplicate workflow runs9fea0cf
Bump the golang-org-dependencies group with 1 update37a15ce
Revert "Bump the other-dependencies group with 2 updates"55f2d3d
Bump the other-dependencies group with 2 updatesUpdates
github.com/go-openapi/strfmt
from 0.22.0 to 0.22.2Commits
be4ecdf
updated dependenciese949e33
fix(ci): remove dependency-type from dependabot groups5238521
Bump github.com/stretchr/testify from 1.8.4 to 1.9.06729407
chore(linting): fixed unnessary use of fmt.Errorf59dbfa2
Bump the other-dependencies group with 1 updatef7d57e2
Bump the development-dependencies group with 1 update83a372a
ci: remove paths-ignorecd1244b
Bump the development-dependencies group with 1 updatecf8eef5
chore(ci): prevents duplicate workflow runs8631c72
Bump the other-dependencies group with 1 update (#116)Updates
github.com/go-openapi/swag
from 0.22.9 to 0.22.10Commits
5e655d8
fix(ci): remove dependency-type from dependabot groups54f3f80
chore(lint): relinted4896833
Bump github.com/stretchr/testify from 1.8.4 to 1.9.06b32215
Bump the development-dependencies group with 1 updatedb91acc
ci: remove paths-ignoresfec0b4e
Bump the development-dependencies group with 1 update14fcae4
chore(ci): prevents duplicate workflow runsd33767c
Bump the development-dependencies group with 1 updatec877230
ci(dependencies): automate dependencies updatesUpdates
github.com/sigstore/fulcio
from 1.4.3 to 1.4.4Release notes
Sourced from github.com/sigstore/fulcio's releases.
Changelog
Sourced from github.com/sigstore/fulcio's changelog.
Commits
5c9ae3c
Add CHANGELOG for v1.4.4 (#1585)c0c61bb
Change parseExtension function to be public (#1584)8a94ed1
Bump google-github-actions/auth from 2.1.1 to 2.1.2f3e7889
Bump github.com/googleapis/api-linter in /hack/tools95b431d
Bump codecov/codecov-action from 4.0.1 to 4.0.2fc19eda
Bump google.golang.org/grpc from 1.61.1 to 1.62.018ba7de
Bump go.uber.org/zap from 1.26.0 to 1.27.0f7b4597
Bump github.com/prometheus/common from 0.47.0 to 0.48.075b5bbb
Bump google.golang.org/api from 0.165.0 to 0.167.0e2d990f
Added GitLab OIDC documentation to the /docs/oidc.md file that was missing. (...Updates
github.com/stretchr/testify
from 1.8.4 to 1.9.0Release notes
Sourced from github.com/stretchr/testify's releases.
... (truncated)
Commits
bb548d0
Merge pull request #1552 from stretchr/dependabot/go_modules/github.com/stret...814075f
build(deps): bump github.com/stretchr/objx from 0.5.1 to 0.5.2e045612
Merge pull request #1339 from bogdandrutu/uintptr5b6926d
Merge pull request #1385 from hslatman/not-implements9f97d67
Merge pull request #1550 from stretchr/release-notesbcb0d3f
Include the auto-release notes in releasesfb770f8
Merge pull request #1247 from ccoVeille/typos85d8bb6
fix typos in comments, tests and github templatese2741fa
Merge pull request #1548 from arjunmahishi/msgAndArgs6e59f20
http_assertions: assert that the msgAndArgs actually works in testsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions