- Feb 11, 2025
-
-
Ville Skyttä authored
* Simplify completion flag file/dirname marking Signed-off-by:
Ville Skyttä <ville.skytta@iki.fi> * Improve flag filename completions Be more consistent across with extensions accepted/filtered, add some. Also, mark and comment out cases where there are no known typical filename extensions for flags taking filename arguments, to make it obvious that they have not been inadvertently omitted. Marking a flag as filename without specifying extensions is a no-op, and actually considered a bug per commentary in cobra sources: https://github.com/spf13/cobra/blob/41b26ec8bb59dfba580f722201bf371c4f5703dd/completions.go#L387-L390 Closes https://github.com/sigstore/community/issues/538 Signed-off-by:
Ville Skyttä <ville.skytta@iki.fi> --------- Signed-off-by:
Ville Skyttä <ville.skytta@iki.fi>
-
- Feb 10, 2025
-
-
dependabot[bot] authored
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.32.0 to 0.33.0. - [Commits](https://github.com/golang/crypto/compare/v0.32.0...v0.33.0 ) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.28.0 to 0.29.0. - [Commits](https://github.com/golang/term/compare/v0.28.0...v0.29.0 ) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) from 0.121.0 to 0.122.0. - [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags) - [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.121.0...v0.122.0 ) --- updated-dependencies: - dependency-name: gitlab.com/gitlab-org/api/client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/sync/compare/v0.10.0...v0.11.0 ) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.219.0 to 0.220.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.219.0...v0.220.0 ) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.25.0 to 0.26.0. - [Commits](https://github.com/golang/oauth2/compare/v0.25.0...v0.26.0 ) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps the actions group with 2 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `sigstore/cosign-installer` from 3.7.0 to 3.8.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da...c56c2d3e59e4281cc41dea2217323ba5694b171e) Updates `golangci/golangci-lint-action` from 6.2.0 to 6.3.2 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/ec5d18412c0aeab7936cb16880d708ba2a64e1ae...051d91933864810ecd5e2ea2cfd98f6a5bca5347 ) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps the gomod group with 1 update: google.golang.org/protobuf. Updates `google.golang.org/protobuf` from 1.36.4 to 1.36.5 --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Feb 08, 2025
-
-
Carlos Tadeu Panato Junior authored
* use go1.23.6 to build cosign Signed-off-by:
cpanato <ctadeu@gmail.com> * use same golangci-lint version Signed-off-by:
cpanato <ctadeu@gmail.com> --------- Signed-off-by:
cpanato <ctadeu@gmail.com>
-
- Feb 07, 2025
-
-
Cody Soyland authored
* Add new func cosign.VerifyNewBundle which invokes sigstore-go verifier Signed-off-by:
Cody Soyland <codysoyland@github.com> * Refactor verify-blob to use cosign.VerifyNewBundle Signed-off-by:
Cody Soyland <codysoyland@github.com> * Refactor verify-blob-attestation to use cosign.VerifyNewBundle Signed-off-by:
Cody Soyland <codysoyland@github.com> * Add more tests Signed-off-by:
Cody Soyland <codysoyland@github.com> * Remove old verifyNewBundle Signed-off-by:
Cody Soyland <codysoyland@github.com> * Add support for verifying by payload digest and custom trusted root Signed-off-by:
Cody Soyland <codysoyland@github.com> * Add support for custom trusted root path in verify-blob-attestation Signed-off-by:
Cody Soyland <codysoyland@github.com> * Fix logic: require none of these fields to be set Signed-off-by:
Cody Soyland <codysoyland@github.com> * Remove RekorURL from list of checked flags This var has a default value so shouldn't be checked Signed-off-by:
Cody Soyland <codysoyland@github.com> * Fix a couple of tests These tests are incorrect: they set the signature field which is not allowed when doing bundle verification. Previously they were passing due to logic errors. Signed-off-by:
Cody Soyland <codysoyland@github.com> * Update pkg/cosign/verify.go Co-authored-by:
Colleen Murphy <cmurphy@users.noreply.github.com> Signed-off-by:
Cody Soyland <codysoyland@github.com> * Remove unneeded log Signed-off-by:
Cody Soyland <codysoyland@github.com> * Do not allow --trusted-root flag without --new-bundle-format Signed-off-by:
Cody Soyland <codysoyland@github.com> * Ignore context param Signed-off-by:
Cody Soyland <codysoyland@github.com> --------- Signed-off-by:
Cody Soyland <codysoyland@github.com> Co-authored-by:
Colleen Murphy <cmurphy@users.noreply.github.com>
-
Bob Callaway authored
Signed-off-by:
Bob Callaway <bcallaway@google.com>
-
- Feb 06, 2025
-
-
Bob Callaway authored
* fix parsing error in --only Signed-off-by:
Bob Callaway <bcallaway@google.com> * make docgen Signed-off-by:
Bob Callaway <bcallaway@google.com> * fix lint, make error message better Signed-off-by:
Bob Callaway <bcallaway@google.com> --------- Signed-off-by:
Bob Callaway <bcallaway@google.com>
-
- Feb 04, 2025
-
-
Hayden B authored
Signed-off-by:
Hayden B <hblauzvern@google.com>
-
Bob Callaway authored
Signed-off-by:
Bob Callaway <bcallaway@google.com>
-
dependabot[bot] authored
* chore(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 1.1.0 Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.68.0 to 1.1.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.68.0...v1.1.0 ) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by:
dependabot[bot] <support@github.com> * hardcode rego v0 support for now Signed-off-by:
Bob Callaway <bcallaway@google.com> --------- Signed-off-by:
dependabot[bot] <support@github.com> Signed-off-by:
Bob Callaway <bcallaway@google.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
Bob Callaway <bcallaway@google.com>
-
Bob Callaway authored
Signed-off-by:
Bob Callaway <bcallaway@google.com>
-
dependabot[bot] authored
* chore(deps): bump cuelang.org/go from 0.11.2 to 0.12.0 Bumps cuelang.org/go from 0.11.2 to 0.12.0. --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> * update expected error message Signed-off-by:
Bob Callaway <bcallaway@google.com> --------- Signed-off-by:
dependabot[bot] <support@github.com> Signed-off-by:
Bob Callaway <bcallaway@google.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
Bob Callaway <bcallaway@google.com>
-
Bob Callaway authored
Signed-off-by:
Bob Callaway <bcallaway@google.com>
-
dependabot[bot] authored
* chore(deps): bump github.com/xanzy/go-gitlab from 0.109.0 to 0.115.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.109.0 to 0.115.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.109.0...v0.115.0 ) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> * move to supported gitlab library Signed-off-by:
Bob Callaway <bcallaway@google.com> --------- Signed-off-by:
dependabot[bot] <support@github.com> Signed-off-by:
Bob Callaway <bcallaway@google.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
Bob Callaway <bcallaway@google.com>
-
dependabot[bot] authored
Bumps [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) from 0.6.3-0.20241213162223-378b249542ef to 0.7.0. - [Release notes](https://github.com/sigstore/sigstore-go/releases) - [Commits](https://github.com/sigstore/sigstore-go/commits/v0.7.0 ) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps the gomod group with 2 updates in the / directory: [github.com/sigstore/rekor](https://github.com/sigstore/rekor) and [github.com/spf13/pflag](https://github.com/spf13/pflag). Updates `github.com/sigstore/rekor` from 1.3.8 to 1.3.9 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/rekor/compare/v1.3.8...v1.3.9) Updates `github.com/spf13/pflag` from 1.0.5 to 1.0.6 - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](https://github.com/spf13/pflag/compare/v1.0.5...v1.0.6 ) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/spf13/pflag dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Feb 03, 2025
-
-
dependabot[bot] authored
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.218.0 to 0.219.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.218.0...v0.219.0 ) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.9.0 to 0.11.0. - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.9.0...v0.11.0 ) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps the actions group with 1 update: [google-github-actions/auth](https://github.com/google-github-actions/auth). Updates `google-github-actions/auth` from 2.1.7 to 2.1.8 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/6fc4af4b145ae7821d527454aa9bd537d1f2dc5f...71f986410dfbc7added4569d411d040a91dc6935 ) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](https://github.com/spiffe/go-spiffe/compare/v2.4.0...v2.5.0 ) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) from 0.3.3 to 0.4.0. - [Release notes](https://github.com/sigstore/protobuf-specs/releases) - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/protobuf-specs/compare/v0.3.3...v0.4.0 ) --- updated-dependencies: - dependency-name: github.com/sigstore/protobuf-specs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Jan 31, 2025
-
-
dependabot[bot] authored
-
dependabot[bot] authored
Bumps the gomod group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | cuelang.org/go | `0.11.1` | `0.11.2` | | [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) | `1.3.0` | `1.3.1` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.2` | `0.20.3` | | [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.6.5` | `1.6.6` | | [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) | `0.3.2` | `0.3.3` | | [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.3.7` | `1.3.8` | | [github.com/sigstore/timestamp-authority](https://github.com/sigstore/timestamp-authority) | `1.2.3` | `1.2.4` | Updates `cuelang.org/go` from 0.11.1 to 0.11.2 Updates `github.com/google/certificate-transparency-go` from 1.3.0 to 1.3.1 - [Release notes](https://github.com/google/certificate-transparency-go/releases) - [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/certificate-transparency-go/compare/v1.3.0...v1.3.1) Updates `github.com/google/go-containerregistry` from 0.20.2 to 0.20.3 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.20.2...v0.20.3) Updates `github.com/sigstore/fulcio` from 1.6.5 to 1.6.6 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/fulcio/compare/v1.6.5...v1.6.6) Updates `github.com/sigstore/protobuf-specs` from 0.3.2 to 0.3.3 - [Release notes](https://github.com/sigstore/protobuf-specs/releases) - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/protobuf-specs/compare/v0.3.2...v0.3.3) Updates `github.com/sigstore/rekor` from 1.3.7 to 1.3.8 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/rekor/compare/v1.3.7...v1.3.8) Updates `github.com/sigstore/sigstore` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.11...v1.8.12) Updates `github.com/sigstore/timestamp-authority` from 1.2.3 to 1.2.4 - [Release notes](https://github.com/sigstore/timestamp-authority/releases) - [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/timestamp-authority/compare/v1.2.3...v1.2.4) Updates `google.golang.org/api` from 0.214.0 to 0.217.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.214.0...v0.217.0 ) Updates `google.golang.org/protobuf` from 1.36.1 to 1.36.3 --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/google/certificate-transparency-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/fulcio dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/protobuf-specs dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/rekor dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/timestamp-authority dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps the actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `5.2.0` | `5.3.0` | | [ko-build/setup-ko](https://github.com/ko-build/setup-ko) | `0.7` | `0.8` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.1` | `6.2.0` | | [mikefarah/yq](https://github.com/mikefarah/yq) | `4.44.6` | `4.45.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.1.1` | `5.3.1` | Updates `actions/setup-go` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/3041bf56c941b39c61721a86cd11f3bb1338122a...f111f3307d8850f501ac008e886eec1fd1932a34) Updates `ko-build/setup-ko` from 0.7 to 0.8 - [Release notes](https://github.com/ko-build/setup-ko/releases) - [Commits](https://github.com/ko-build/setup-ko/compare/3aebd0597dc1e9d1a26bcfdb7cbeb19c131d3037...d982fec422852203cfb2053a8ec6ad302280d04d) Updates `golangci/golangci-lint-action` from 6.1.1 to 6.2.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/971e284b6050e8a5849b72094c50ab08da042db8...ec5d18412c0aeab7936cb16880d708ba2a64e1ae) Updates `mikefarah/yq` from 4.44.6 to 4.45.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](https://github.com/mikefarah/yq/compare/4839dbbf80445070a31c7a9c1055da527db2d5ee...8bf425b4d1344db7cd469a8d10a390876e0c77fd) Updates `actions/upload-artifact` from 4.4.3 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08) Updates `codecov/codecov-action` from 5.1.1 to 5.3.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/7f8b4b4bde536c465e797be725718b88c5d95e0e...13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 ) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: ko-build/setup-ko dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Jan 30, 2025
-
-
Cody Soyland authored
Signed-off-by:
Cody Soyland <codysoyland@github.com>
-
- Jan 13, 2025
-
-
Cody Soyland authored
Signed-off-by:
Cody Soyland <codysoyland@github.com>
-
Hayden B authored
Signed-off-by:
Hayden Blauzvern <hblauzvern@google.com>
-
Nianyu Shen authored
Signed-off-by:
Nianyu Shen <xiaoyu9964@gmail.com>
-
- Jan 10, 2025
-
-
Carlos Tadeu Panato Junior authored
* bump golanci-lint Signed-off-by:
cpanato <ctadeu@gmail.com> * drop toolchain Signed-off-by:
cpanato <ctadeu@gmail.com> --------- Signed-off-by:
cpanato <ctadeu@gmail.com>
-
- Jan 09, 2025
-
-
Colleen Murphy authored
Add tests for invalid keys, custom metadata, and TSA verification. These tests do not test the signing flow for when Fulcio issues a detached SCT, which can be affected by the TUF client, because the ephemral CA Fulcio backend cannot issue detached SCTs. Signed-off-by:
Colleen Murphy <colleenmurphy@google.com>
-
- Jan 08, 2025
-
-
dependabot[bot] authored
Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.88.0 to 3.89.0. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](https://github.com/buildkite/agent/compare/v3.88.0...v3.89.0 ) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Jan 07, 2025
-
-
Slavek Kabrda authored
* Add support for verifying root checksum in cosign initialize Signed-off-by:
Slavek Kabrda <bkabrda@redhat.com> * Regenerate docs Signed-off-by:
Slavek Kabrda <bkabrda@redhat.com> * Update cmd/cosign/cli/options/deprecate.go Co-authored-by:
Hayden B <hblauzvern@google.com> Signed-off-by:
Slavek Kabrda <bkabrda@redhat.com> * Use sha256 by default with the option to switch to sha512 Signed-off-by:
Slavek Kabrda <bkabrda@redhat.com> --------- Signed-off-by:
Slavek Kabrda <bkabrda@redhat.com> Co-authored-by:
Hayden B <hblauzvern@google.com>
-
- Jan 06, 2025
-
-
dependabot[bot] authored
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.24.0 to 0.25.0. - [Commits](https://github.com/golang/oauth2/compare/v0.24.0...v0.25.0 ) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps the gomod group with 1 update: [github.com/moby/term](https://github.com/moby/term). Updates `github.com/moby/term` from 0.5.0 to 0.5.2 - [Commits](https://github.com/moby/term/compare/v0.5.0...v0.5.2 ) --- updated-dependencies: - dependency-name: github.com/moby/term dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-