Skip to content

Commit

Permalink
Update module github.com/sigstore/cosign to v1.13.0 (#863)
Browse files Browse the repository at this point in the history
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/sigstore/cosign](https://togithub.com/sigstore/cosign) |
require | minor | `v1.12.1` -> `v1.13.0` |

---

### Release Notes

<details>
<summary>sigstore/cosign</summary>

###
[`v1.13.0`](https://togithub.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v1130)

[Compare
Source](https://togithub.com/sigstore/cosign/compare/v1.12.1...v1.13.0)

> # Highlights
>
> - For users who have deployed a private instance of Fulcio release
v0.6.x and issue certificates with the Username identity, you will need
to upgrade to use this version."

#### Enhancements

- Add support for Fulcio username identity in SAN
([https://github.com/sigstore/cosign/pull/2291](https://togithub.com/sigstore/cosign/pull/2291))
- Data race in FetchSignaturesForReference
([https://github.com/sigstore/cosign/pull/2283](https://togithub.com/sigstore/cosign/pull/2283))
- Check error on chain verification failure
([https://github.com/sigstore/cosign/pull/2284](https://togithub.com/sigstore/cosign/pull/2284))
- feat: improve the verification message
([https://github.com/sigstore/cosign/pull/2268](https://togithub.com/sigstore/cosign/pull/2268))
- feat: use stdin as an input for predicate
([https://github.com/sigstore/cosign/pull/2269](https://togithub.com/sigstore/cosign/pull/2269))

#### Bug Fixes

- fix: make tlog entry lookups for online verification shard-aware
([https://github.com/sigstore/cosign/pull/2297](https://togithub.com/sigstore/cosign/pull/2297))
- Fix: Create a static copy of signatures as part of verification.
([https://github.com/sigstore/cosign/pull/2287](https://togithub.com/sigstore/cosign/pull/2287))
- Fix: Remove an extra registry request from verification path.
([https://github.com/sigstore/cosign/pull/2285](https://togithub.com/sigstore/cosign/pull/2285))
- fix pivtool generate key touch policy
([https://github.com/sigstore/cosign/pull/2282](https://togithub.com/sigstore/cosign/pull/2282))

#### Others

- use scaffolding 0.4.8 for tests.
([https://github.com/sigstore/cosign/pull/2280](https://togithub.com/sigstore/cosign/pull/2280))

#### Contributors

-   Asra Ali ([@&#8203;asraa](https://togithub.com/asraa))
- Batuhan Apaydın
([@&#8203;developer-guy](https://togithub.com/developer-guy))
- Carlos Tadeu Panato Junior
([@&#8203;cpanato](https://togithub.com/cpanato))
- Hayden Blauzvern
([@&#8203;haydentherapper](https://togithub.com/haydentherapper))
-   Matt Moore ([@&#8203;mattmoor](https://togithub.com/mattmoor))
-   Ross Tannenbaum ([@&#8203;RTann](https://togithub.com/RTann))
-   Ville Aikas ([@&#8203;vaikas](https://togithub.com/vaikas))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click
this checkbox.

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/defenseunicorns/zarf).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4yMjIuMyIsInVwZGF0ZWRJblZlciI6IjMyLjIyMi4zIn0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
renovate[bot] authored Oct 7, 2022
1 parent 347fa0d commit 2dec3c4
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 22 deletions.
44 changes: 22 additions & 22 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ require (
github.com/otiai10/copy v1.7.0
github.com/pkg/errors v0.9.1
github.com/pterm/pterm v0.12.49
github.com/sigstore/cosign v1.12.1
github.com/sigstore/cosign v1.13.0
github.com/spf13/cobra v1.5.0
github.com/spf13/viper v1.13.0
github.com/stretchr/testify v1.8.0
Expand Down Expand Up @@ -87,21 +87,21 @@ require (
github.com/antihax/optional v1.0.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
github.com/atotto/clipboard v0.1.4 // indirect
github.com/aws/aws-sdk-go v1.44.96 // indirect
github.com/aws/aws-sdk-go-v2 v1.16.14 // indirect
github.com/aws/aws-sdk-go-v2/config v1.17.5 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.12.18 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.15 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.21 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.15 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.22 // indirect
github.com/aws/aws-sdk-go v1.44.102 // indirect
github.com/aws/aws-sdk-go-v2 v1.16.16 // indirect
github.com/aws/aws-sdk-go-v2/config v1.17.7 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.12.20 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.17 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.24 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.15 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.11.21 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.16.17 // indirect
github.com/aws/smithy-go v1.13.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.11.23 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.5 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.16.19 // indirect
github.com/aws/smithy-go v1.13.3 // indirect
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220517224237-e6f29200ae04 // indirect
github.com/benbjohnson/clock v1.1.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
Expand Down Expand Up @@ -213,7 +213,7 @@ require (
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.2 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
Expand Down Expand Up @@ -300,9 +300,9 @@ require (
github.com/sergi/go-diff v1.2.0 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/shopspring/decimal v1.2.0 // indirect
github.com/sigstore/fulcio v0.5.3 // indirect
github.com/sigstore/fulcio v0.6.0 // indirect
github.com/sigstore/rekor v0.12.1-0.20220915152154-4bb6f441c1b2 // indirect
github.com/sigstore/sigstore v1.4.1 // indirect
github.com/sigstore/sigstore v1.4.2 // indirect
github.com/sirupsen/logrus v1.9.0 // indirect
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
github.com/soheilhy/cmux v0.1.5 // indirect
Expand All @@ -319,7 +319,7 @@ require (
github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect
github.com/thales-e-security/pool v0.0.2 // indirect
github.com/therootcompany/xz v1.0.1 // indirect
github.com/theupdateframework/go-tuf v0.5.0 // indirect
github.com/theupdateframework/go-tuf v0.5.1-0.20220920170306-f237d7ca5b42 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/tjfoc/gmsm v1.3.2 // indirect
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
Expand Down Expand Up @@ -375,17 +375,17 @@ require (
golang.org/x/exp v0.0.0-20220823124025-807a23277127 // indirect
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect
golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 // indirect
golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
golang.org/x/sys v0.0.0-20220907062415-87db552b00fd // indirect
golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 // indirect
golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 // indirect
golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect
golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
golang.org/x/tools v0.1.12 // indirect
golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
google.golang.org/api v0.96.0 // indirect
google.golang.org/api v0.98.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20220805133916-01dd62135a58 // indirect
google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006 // indirect
google.golang.org/grpc v1.49.0 // indirect
google.golang.org/protobuf v1.28.1 // indirect
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
Expand Down
Loading

0 comments on commit 2dec3c4

Please sign in to comment.