-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Bump Cosign to latest v2.2.3 #3355
fix: Bump Cosign to latest v2.2.3 #3355
Conversation
Versions of Cosign before v2.2.0 are not compatible with the latest TUF root. Fixes slsa-framework#3350 Signed-off-by: Hayden Blauzvern <[email protected]>
@ianlewis @laurentsimon @kpk47 This should fix the linked issue. I'm not sure if it was an intentional decision to not update Cosign though, since I see this picks up a lot of other dependency updates. |
Ah, I see this bumps to Go 1.21. Don't know if this will be an issue for you. Feel free to ping me offline to chat more. |
Signed-off-by: Hayden Blauzvern <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Will wait till the pre-submit is fixed.
Can you also update the cosign-installer at
|
Signed-off-by: Bob Callaway <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Signed-off-by: Bob Callaway <[email protected]>
Thank you all for this fast turnaround! |
@laurentsimon is there an ETA on emergency / patch release tag to made to unblock downstream pipelines with this bumped version? #3392 |
We're working on a release as P0 and we'll cut it in the next 24hr |
has that release happened @laurentsimon |
We're going thru the release process and testing e2e that things are working. @kpk47 is on it |
Versions of Cosign before v2.2.0 are not compatible with the latest TUF root.
Fixes #3350
Summary
...
Testing Process
...
Checklist