Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(deps): update go (slsa-framework#2338)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/sigstore/cosign/v2](https://togithub.com/sigstore/cosign) | require | minor | `v2.0.2` -> `v2.1.0` | | [github.com/sigstore/sigstore](https://togithub.com/sigstore/sigstore) | require | minor | `v1.6.4` -> `v1.7.1` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>sigstore/cosign</summary> ### [`v2.1.0`](https://togithub.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v210) [Compare Source](https://togithub.com/sigstore/cosign/compare/v2.0.2...v2.1.0) **Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag.** #### Enhancements - Verify sigs and attestations in parallel ([#​3066](https://togithub.com/sigstore/cosign/issues/3066)) - Deep inspect attestations when filtering download ([#​3031](https://togithub.com/sigstore/cosign/issues/3031)) - refactor bundle validation code, add support for DSSE rekor type ([#​3016](https://togithub.com/sigstore/cosign/issues/3016)) - Allow overriding remote options ([#​3049](https://togithub.com/sigstore/cosign/issues/3049)) - feat: adds no cert found on sig exit code ([#​3038](https://togithub.com/sigstore/cosign/issues/3038)) - Make predicate a required flag in attest commands ([#​3033](https://togithub.com/sigstore/cosign/issues/3033)) - Added support for attaching Time stamp authority Response in attach command ([#​3001](https://togithub.com/sigstore/cosign/issues/3001)) - Add `sign --sign-container-identity` CLI ([#​2984](https://togithub.com/sigstore/cosign/issues/2984)) - Feature: Allow cosign to sign digests before they are uploaded. ([#​2959](https://togithub.com/sigstore/cosign/issues/2959)) - accepts `attachment-tag-prefix` for `cosign copy` ([#​3014](https://togithub.com/sigstore/cosign/issues/3014)) - Feature: adds '--allow-insecure-registry' for cosign load ([#​3000](https://togithub.com/sigstore/cosign/issues/3000)) - download attestation: support --platform flag ([#​2980](https://togithub.com/sigstore/cosign/issues/2980)) - Cleanup: Add `Digest` to the `SignedEntity` interface. ([#​2960](https://togithub.com/sigstore/cosign/issues/2960)) - verify command: support keyless verification using only a provided certificate chain with non-fulcio roots ([#​2845](https://togithub.com/sigstore/cosign/issues/2845)) - verify: use workers to limit the paralellism when verifying images with --max-workers flag ([#​3069](https://togithub.com/sigstore/cosign/issues/3069)) #### Bug Fixes - Fix pkg/cosign/errors ([#​3050](https://togithub.com/sigstore/cosign/issues/3050)) - fix: update doc to refer to github-actions oidc provider ([#​3040](https://togithub.com/sigstore/cosign/issues/3040)) - fix: prefer GitHub OIDC provider if enabled ([#​3044](https://togithub.com/sigstore/cosign/issues/3044)) - Fix --sig-only in cosign copy ([#​3074](https://togithub.com/sigstore/cosign/issues/3074)) #### Documentation - Fix links to sigstore/docs in markdown files ([#​3064](https://togithub.com/sigstore/cosign/issues/3064)) - Update release readme ([#​2942](https://togithub.com/sigstore/cosign/issues/2942)) **Thank you to our contributors!** - Bob Callaway - Carlos Tadeu Panato Junior - Chok Yip Lau - Chris Burns - Dmitry Savintsev - Enyinna Ochulor - Hayden B - Hector Fernandez - Jakub Hrozek - Jason Hall - Jon Johnson - Luiz Carvalho - Matt Moore - Mritunjay Kumar Sharma - Mukuls77 - Ramkumar Chinchani - Sascha Grunert - Yolanda Robla Mota - priyawadhwa </details> <details> <summary>sigstore/sigstore</summary> ### [`v1.7.1`](https://togithub.com/sigstore/sigstore/releases/tag/v1.7.1) [Compare Source](https://togithub.com/sigstore/sigstore/compare/v1.7.0...v1.7.1) #### What's Changed - Allow the user to optionally pass a Key Vault key version, update the SDK by [@​malancas](https://togithub.com/malancas) in [sigstore/sigstore#1231 - update golangci-lint to v1.53.x by [@​cpanato](https://togithub.com/cpanato) in [sigstore/sigstore#1216 **Full Changelog**: sigstore/sigstore@v1.7.0...v1.7.1 ### [`v1.7.0`](https://togithub.com/sigstore/sigstore/releases/tag/v1.7.0) [Compare Source](https://togithub.com/sigstore/sigstore/compare/v1.6.5...v1.7.0) #### What's Changed - Update Azure Key Vault client by [@​malancas](https://togithub.com/malancas) in [sigstore/sigstore#1170 - kms: split KMS providers into separate Go modules by [@​imjasonh](https://togithub.com/imjasonh) in [sigstore/sigstore#1115 - have submodules specify real s/s releases by [@​imjasonh](https://togithub.com/imjasonh) in [sigstore/sigstore#1178 - Update go.mod and dependabot config by [@​cpanato](https://togithub.com/cpanato) in [sigstore/sigstore#1184 - Add `Cosign.ClaimedIdentity` API by [@​saschagrunert](https://togithub.com/saschagrunert) in [sigstore/sigstore#1166 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.274 to 1.44.275 in /pkg/signature/kms/aws by [@​dependabot](https://togithub.com/dependabot) in [sigstore/sigstore#1199 - Azure KMS: Infer hash function from key by [@​codysoyland](https://togithub.com/codysoyland) in [sigstore/sigstore#1149 - update golang.org/x/crypto to v0.10.0 and golang.org/x/oauth2 v0.9.0 by [@​cpanato](https://togithub.com/cpanato) in [sigstore/sigstore#1225 #### New Contributors - [@​saschagrunert](https://togithub.com/saschagrunert) made their first contribution in [sigstore/sigstore#1166 **Full Changelog**: sigstore/sigstore@v1.6.4...v1.7.0 ### [`v1.6.5`](https://togithub.com/sigstore/sigstore/releases/tag/v1.6.5) [Compare Source](https://togithub.com/sigstore/sigstore/compare/v1.6.4...v1.6.5) #### What's Changed - Update Azure Key Vault client by [@​malancas](https://togithub.com/malancas) in [sigstore/sigstore#1170 - kms: split KMS providers into separate Go modules by [@​imjasonh](https://togithub.com/imjasonh) in [sigstore/sigstore#1115 - have submodules specify real s/s releases by [@​imjasonh](https://togithub.com/imjasonh) in [sigstore/sigstore#1178 **Full Changelog**: sigstore/sigstore@v1.6.4...v1.6.5 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-github-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMzEuMCIsInVwZGF0ZWRJblZlciI6IjM1LjEzMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Noah Elzner <elzner@google.com>
- Loading branch information