Skip to content

Commit

Permalink
fix(deps): update go (slsa-framework#2338)
Browse files Browse the repository at this point in the history 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/sigstore/cosign/v2](https://togithub.com/sigstore/cosign)
| require | minor | `v2.0.2` -> `v2.1.0` |
| [github.com/sigstore/sigstore](https://togithub.com/sigstore/sigstore)
| require | minor | `v1.6.4` -> `v1.7.1` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>sigstore/cosign</summary>

###
[`v2.1.0`](https://togithub.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v210)

[Compare
Source](https://togithub.com/sigstore/cosign/compare/v2.0.2...v2.1.0)

**Breaking Change: The predicate is now a required flag in the attest
commands, set via the --type flag.**

#### Enhancements

- Verify sigs and attestations in parallel
([#&#8203;3066](https://togithub.com/sigstore/cosign/issues/3066))
- Deep inspect attestations when filtering download
([#&#8203;3031](https://togithub.com/sigstore/cosign/issues/3031))
- refactor bundle validation code, add support for DSSE rekor type
([#&#8203;3016](https://togithub.com/sigstore/cosign/issues/3016))
- Allow overriding remote options
([#&#8203;3049](https://togithub.com/sigstore/cosign/issues/3049))
- feat: adds no cert found on sig exit code
([#&#8203;3038](https://togithub.com/sigstore/cosign/issues/3038))
- Make predicate a required flag in attest commands
([#&#8203;3033](https://togithub.com/sigstore/cosign/issues/3033))
- Added support for attaching Time stamp authority Response in attach
command
([#&#8203;3001](https://togithub.com/sigstore/cosign/issues/3001))
- Add `sign --sign-container-identity` CLI
([#&#8203;2984](https://togithub.com/sigstore/cosign/issues/2984))
- Feature: Allow cosign to sign digests before they are uploaded.
([#&#8203;2959](https://togithub.com/sigstore/cosign/issues/2959))
- accepts `attachment-tag-prefix` for `cosign copy`
([#&#8203;3014](https://togithub.com/sigstore/cosign/issues/3014))
- Feature: adds '--allow-insecure-registry' for cosign load
([#&#8203;3000](https://togithub.com/sigstore/cosign/issues/3000))
- download attestation: support --platform flag
([#&#8203;2980](https://togithub.com/sigstore/cosign/issues/2980))
- Cleanup: Add `Digest` to the `SignedEntity` interface.
([#&#8203;2960](https://togithub.com/sigstore/cosign/issues/2960))
- verify command: support keyless verification using only a provided
certificate chain with non-fulcio roots
([#&#8203;2845](https://togithub.com/sigstore/cosign/issues/2845))
- verify: use workers to limit the paralellism when verifying images
with --max-workers flag
([#&#8203;3069](https://togithub.com/sigstore/cosign/issues/3069))

#### Bug Fixes

- Fix pkg/cosign/errors
([#&#8203;3050](https://togithub.com/sigstore/cosign/issues/3050))
- fix: update doc to refer to github-actions oidc provider
([#&#8203;3040](https://togithub.com/sigstore/cosign/issues/3040))
- fix: prefer GitHub OIDC provider if enabled
([#&#8203;3044](https://togithub.com/sigstore/cosign/issues/3044))
- Fix --sig-only in cosign copy
([#&#8203;3074](https://togithub.com/sigstore/cosign/issues/3074))

#### Documentation

- Fix links to sigstore/docs in markdown files
([#&#8203;3064](https://togithub.com/sigstore/cosign/issues/3064))
- Update release readme
([#&#8203;2942](https://togithub.com/sigstore/cosign/issues/2942))

**Thank you to our contributors!**

-   Bob Callaway
-   Carlos Tadeu Panato Junior
-   Chok Yip Lau
-   Chris Burns
-   Dmitry Savintsev
-   Enyinna Ochulor
-   Hayden B
-   Hector Fernandez
-   Jakub Hrozek
-   Jason Hall
-   Jon Johnson
-   Luiz Carvalho
-   Matt Moore
-   Mritunjay Kumar Sharma
-   Mukuls77
-   Ramkumar Chinchani
-   Sascha Grunert
-   Yolanda Robla Mota
-   priyawadhwa

</details>

<details>
<summary>sigstore/sigstore</summary>

###
[`v1.7.1`](https://togithub.com/sigstore/sigstore/releases/tag/v1.7.1)

[Compare
Source](https://togithub.com/sigstore/sigstore/compare/v1.7.0...v1.7.1)

#### What's Changed

- Allow the user to optionally pass a Key Vault key version, update the
SDK by [@&#8203;malancas](https://togithub.com/malancas) in
[sigstore/sigstore#1231
- update golangci-lint to v1.53.x by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/sigstore#1216

**Full Changelog**:
sigstore/sigstore@v1.7.0...v1.7.1

###
[`v1.7.0`](https://togithub.com/sigstore/sigstore/releases/tag/v1.7.0)

[Compare
Source](https://togithub.com/sigstore/sigstore/compare/v1.6.5...v1.7.0)

#### What's Changed

- Update Azure Key Vault client by
[@&#8203;malancas](https://togithub.com/malancas) in
[sigstore/sigstore#1170
- kms: split KMS providers into separate Go modules by
[@&#8203;imjasonh](https://togithub.com/imjasonh) in
[sigstore/sigstore#1115
- have submodules specify real s/s releases by
[@&#8203;imjasonh](https://togithub.com/imjasonh) in
[sigstore/sigstore#1178
- Update go.mod and dependabot config by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/sigstore#1184
- Add `Cosign.ClaimedIdentity` API by
[@&#8203;saschagrunert](https://togithub.com/saschagrunert) in
[sigstore/sigstore#1166
- build(deps): bump github.com/aws/aws-sdk-go from 1.44.274 to 1.44.275
in /pkg/signature/kms/aws by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[sigstore/sigstore#1199
- Azure KMS: Infer hash function from key by
[@&#8203;codysoyland](https://togithub.com/codysoyland) in
[sigstore/sigstore#1149
- update golang.org/x/crypto to v0.10.0 and golang.org/x/oauth2 v0.9.0
by [@&#8203;cpanato](https://togithub.com/cpanato) in
[sigstore/sigstore#1225

#### New Contributors

- [@&#8203;saschagrunert](https://togithub.com/saschagrunert) made their
first contribution in
[sigstore/sigstore#1166

**Full Changelog**:
sigstore/sigstore@v1.6.4...v1.7.0

###
[`v1.6.5`](https://togithub.com/sigstore/sigstore/releases/tag/v1.6.5)

[Compare
Source](https://togithub.com/sigstore/sigstore/compare/v1.6.4...v1.6.5)

#### What's Changed

- Update Azure Key Vault client by
[@&#8203;malancas](https://togithub.com/malancas) in
[sigstore/sigstore#1170
- kms: split KMS providers into separate Go modules by
[@&#8203;imjasonh](https://togithub.com/imjasonh) in
[sigstore/sigstore#1115
- have submodules specify real s/s releases by
[@&#8203;imjasonh](https://togithub.com/imjasonh) in
[sigstore/sigstore#1178

**Full Changelog**:
sigstore/sigstore@v1.6.4...v1.6.5

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMzEuMCIsInVwZGF0ZWRJblZlciI6IjM1LjEzMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Noah Elzner <elzner@google.com>
  • Loading branch information
@renovate-bot @enteraga6
renovate-bot authored and enteraga6 committed Jul 18, 2023
1 parent 6ad4d3b commit 380a898
Show file tree
Hide file tree
Showing 2 changed files with 221 additions and 212 deletions.
115 changes: 59 additions & 56 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,17 +11,17 @@ require (
github.com/in-toto/in-toto-golang v0.9.0
github.com/pelletier/go-toml v1.9.5
github.com/secure-systems-lab/go-securesystemslib v0.6.0
github.com/sigstore/cosign/v2 v2.0.2
github.com/sigstore/rekor v1.2.1
github.com/sigstore/sigstore v1.6.4
github.com/sigstore/cosign/v2 v2.1.0
github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23
github.com/sigstore/sigstore v1.7.1
github.com/spf13/cobra v1.7.0
golang.org/x/oauth2 v0.9.0
gopkg.in/square/go-jose.v2 v2.6.0
gopkg.in/yaml.v3 v3.0.1
)

require (
cloud.google.com/go/compute v1.19.0 // indirect
cloud.google.com/go/compute v1.19.3 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
filippo.io/edwards25519 v1.0.0 // indirect
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
Expand All @@ -35,7 +35,7 @@ require (
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
Expand All @@ -49,23 +49,23 @@ require (
github.com/alibabacloud-go/tea-xml v1.1.2 // indirect
github.com/aliyun/credentials-go v1.2.3 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go-v2 v1.18.0 // indirect
github.com/aws/aws-sdk-go-v2/config v1.18.23 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.13.22 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
github.com/aws/aws-sdk-go-v2 v1.18.1 // indirect
github.com/aws/aws-sdk-go-v2/config v1.18.26 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.13.25 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.12.11 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.11 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.19.1 // indirect
github.com/aws/smithy-go v1.13.5 // indirect
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795 // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/buildkite/agent/v3 v3.45.0 // indirect
github.com/buildkite/agent/v3 v3.49.0 // indirect
github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 // indirect
github.com/clbanning/mxj/v2 v2.5.6 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
Expand All @@ -76,11 +76,11 @@ require (
github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3 // indirect
github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/docker/cli v23.0.1+incompatible // indirect
github.com/docker/cli v23.0.5+incompatible // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/docker v23.0.4+incompatible // indirect
github.com/docker/docker v23.0.5+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/emicklei/go-restful/v3 v3.8.0 // indirect
github.com/emicklei/go-restful/v3 v3.9.0 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.2 // indirect
github.com/go-chi/chi v4.1.2+incompatible // indirect
Expand All @@ -89,8 +89,8 @@ require (
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.21.4 // indirect
github.com/go-openapi/errors v0.20.3 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.20.0 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.1 // indirect
github.com/go-openapi/loads v0.21.2 // indirect
github.com/go-openapi/runtime v0.26.0 // indirect
github.com/go-openapi/spec v0.20.9 // indirect
Expand All @@ -104,101 +104,104 @@ require (
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/certificate-transparency-go v1.1.4 // indirect
github.com/google/certificate-transparency-go v1.1.6 // indirect
github.com/google/gnostic v0.5.7-v3refs // indirect
github.com/google/go-containerregistry v0.14.1-0.20230409045903-ed5c185df419 // indirect
github.com/google/go-containerregistry v0.15.2 // indirect
github.com/google/go-github/v50 v50.2.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/s2a-go v0.1.3 // indirect
github.com/google/trillian v1.5.2 // indirect
github.com/google/pprof v0.0.0-20221103000818-d260c55eee4c // indirect
github.com/google/s2a-go v0.1.4 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.16.0 // indirect
github.com/klauspost/compress v1.16.5 // indirect
github.com/leodido/go-urn v1.2.4 // indirect
github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.16 // indirect
github.com/miekg/pkcs11 v1.1.1 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/pborman/uuid v1.2.1 // indirect
github.com/pelletier/go-toml/v2 v2.0.6 // indirect
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/sassoftware/relic v7.2.1+incompatible // indirect
github.com/segmentio/ksuid v1.0.4 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/sigstore/fulcio v1.2.0 // indirect
github.com/sigstore/protobuf-specs v0.1.0 // indirect
github.com/sigstore/timestamp-authority v1.0.0 // indirect
github.com/sirupsen/logrus v1.9.0 // indirect
github.com/sigstore/fulcio v1.3.1 // indirect
github.com/sigstore/timestamp-authority v1.1.1 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
github.com/spf13/afero v1.9.3 // indirect
github.com/spf13/cast v1.5.0 // indirect
github.com/spf13/afero v1.9.5 // indirect
github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.15.0 // indirect
github.com/spiffe/go-spiffe/v2 v2.1.4 // indirect
github.com/spf13/viper v1.16.0 // indirect
github.com/spiffe/go-spiffe/v2 v2.1.6 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
github.com/thales-e-security/pool v0.0.2 // indirect
github.com/theupdateframework/go-tuf v0.5.2 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/tjfoc/gmsm v1.3.2 // indirect
github.com/transparency-dev/merkle v0.0.2 // indirect
github.com/vbatts/tar-split v0.11.2 // indirect
github.com/xanzy/go-gitlab v0.83.0 // indirect
github.com/vbatts/tar-split v0.11.3 // indirect
github.com/xanzy/go-gitlab v0.86.0 // indirect
github.com/zeebo/errs v1.3.0 // indirect
go.mongodb.org/mongo-driver v1.11.3 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/otel v1.14.0 // indirect
go.opentelemetry.io/otel/trace v1.14.0 // indirect
go.step.sm/crypto v0.30.0 // indirect
go.opentelemetry.io/otel v1.16.0 // indirect
go.opentelemetry.io/otel/metric v1.16.0 // indirect
go.opentelemetry.io/otel/trace v1.16.0 // indirect
go.step.sm/crypto v0.32.1 // indirect
go.uber.org/atomic v1.10.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.24.0 // indirect
golang.org/x/crypto v0.10.0 // indirect
golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/mod v0.11.0 // indirect
golang.org/x/net v0.11.0 // indirect
golang.org/x/sync v0.2.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.9.0 // indirect
golang.org/x/term v0.9.0 // indirect
golang.org/x/text v0.10.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.8.0 // indirect
google.golang.org/api v0.121.0 // indirect
golang.org/x/tools v0.9.3 // indirect
google.golang.org/api v0.128.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
google.golang.org/grpc v1.55.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/grpc v1.56.0 // indirect
google.golang.org/protobuf v1.30.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gotest.tools/v3 v3.1.0 // indirect
k8s.io/api v0.26.1 // indirect
k8s.io/apimachinery v0.26.1 // indirect
k8s.io/client-go v0.25.4 // indirect
k8s.io/api v0.27.3 // indirect
k8s.io/apimachinery v0.27.3 // indirect
k8s.io/client-go v0.27.3 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/release-utils v0.7.4 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
Expand Down

0 comments on commit 380a898

Please sign in to comment.