flux-build
flux-build copied to clipboard
Published
20 hours ago •
DoodleScheduling
DoodleScheduling
chore(deps): update module github.com/sigstore/sigstore to v1.9.4
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| github.com/sigstore/sigstore | v1.8.11 -> v1.9.4 |
Release Notes
sigstore/sigstore (github.com/sigstore/sigstore)
v1.9.4
What's Changed
- Add a Name field to the TargetFile struct in https://github.com/sigstore/sigstore/pull/2068
- Update to use Tink v2.3.0 API in https://github.com/sigstore/sigstore/pull/2069
Full Changelog: https://github.com/sigstore/sigstore/compare/v1.9.3...v1.9.4
v1.9.3
What's Changed
- add proto hash algorithm to registry by @loosebazooka in https://github.com/sigstore/sigstore/pull/2048
New Contributors
- @loosebazooka made their first contribution in https://github.com/sigstore/sigstore/pull/2048
Full Changelog: https://github.com/sigstore/sigstore/compare/v1.9.2...v1.9.3
v1.9.2
What's Changed
- Add tink package by @cmurphy in https://github.com/sigstore/sigstore/pull/2024
- pkg/signature: add P384/P521 compatibility algo to algorithm registry by @ret2libc in https://github.com/sigstore/sigstore/pull/2037
New Contributors
- @cmurphy made their first contribution in https://github.com/sigstore/sigstore/pull/2024
Full Changelog: https://github.com/sigstore/sigstore/compare/v1.9.1...v1.9.2
v1.9.1
What's Changed
- Implement default signing algorithms based on the key type by @ret2libc in https://github.com/sigstore/sigstore/pull/2014
Full Changelog: https://github.com/sigstore/sigstore/compare/v1.9.0...v1.9.1
v1.9.0
What's Changed
- Update KMS policy for new plugin interface by @haydentherapper in https://github.com/sigstore/sigstore/pull/1987
- Update TUF root to latest v12 root by @haydentherapper in https://github.com/sigstore/sigstore/pull/1988
- build(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 by @dependabot in https://github.com/sigstore/sigstore/pull/1994
- upgrade go-jose to v4 by @cpanato in https://github.com/sigstore/sigstore/pull/2000
- pkg/signature: expose Algorithm Details information by @ret2libc in https://github.com/sigstore/sigstore/pull/2001
Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.15...v1.9.0
v1.8.15
What's Changed
- pkg/signature: fix RSA PSS 3072 key size in algorithm registry in https://github.com/sigstore/sigstore/pull/1981
- check concrete type for non-nil to stop fuzzing crash in https://github.com/sigstore/sigstore/pull/1983
- fix: cliplugin: return ErrorProviderNotFound when calling Get with a path in https://github.com/sigstore/sigstore/pull/1982
Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.14...v1.8.15
v1.8.14
What's Changed
This is the same content as v1.8.13, with a CI/CD fix.
- add initial plugin support for KMSs in https://github.com/sigstore/sigstore/pull/1901
- cliplugin: add mocks and serialization testing in https://github.com/sigstore/sigstore/pull/1918
- kms plugin: add SignMessage in https://github.com/sigstore/sigstore/pull/1919
- cliplugin: add VerifySignature in https://github.com/sigstore/sigstore/pull/1944
- cliplugin: add windows ci testing in https://github.com/sigstore/sigstore/pull/1951
- Create Algorithm Registry API in https://github.com/sigstore/sigstore/pull/1601
- cliplugin: add SupportedAlgorithms(), PublicKey(), and CryptoSigner(). in https://github.com/sigstore/sigstore/pull/1946
- cliplugin: use caller contexts in https://github.com/sigstore/sigstore/pull/1947
- cliplugin: semver, add tests for hash func encoding in https://github.com/sigstore/sigstore/pull/1948
- cliplugin: lint fixes in https://github.com/sigstore/sigstore/pull/1958
- cliplugin: convert module to package only in https://github.com/sigstore/sigstore/pull/1956
v1.8.13
What's Changed
- add initial plugin support for KMSs in https://github.com/sigstore/sigstore/pull/1901
- cliplugin: add mocks and serialization testing in https://github.com/sigstore/sigstore/pull/1918
- kms plugin: add SignMessage in https://github.com/sigstore/sigstore/pull/1919
- cliplugin: add VerifySignature in https://github.com/sigstore/sigstore/pull/1944
- cliplugin: add windows ci testing in https://github.com/sigstore/sigstore/pull/1951
- Create Algorithm Registry API in https://github.com/sigstore/sigstore/pull/1601
- cliplugin: add SupportedAlgorithms(), PublicKey(), and CryptoSigner(). in https://github.com/sigstore/sigstore/pull/1946
- cliplugin: use caller contexts in https://github.com/sigstore/sigstore/pull/1947
- cliplugin: semver, add tests for hash func encoding in https://github.com/sigstore/sigstore/pull/1948
- cliplugin: lint fixes in https://github.com/sigstore/sigstore/pull/1958
- cliplugin: convert module to package only in https://github.com/sigstore/sigstore/pull/1956
Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.13
v1.8.12
What's Changed
- build(deps): Bump google.golang.org/api from 0.210.0 to 0.212.0 in /pkg/signature/kms/gcp by @dependabot in https://github.com/sigstore/sigstore/pull/1912
- build(deps): Bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in /pkg/signature/kms/gcp by @dependabot in https://github.com/sigstore/sigstore/pull/1911
- build(deps): Bump actions/setup-go from 5.1.0 to 5.2.0 in the all group by @dependabot in https://github.com/sigstore/sigstore/pull/1909
- build(deps): Bump google.golang.org/api from 0.212.0 to 0.214.0 in /pkg/signature/kms/gcp by @dependabot in https://github.com/sigstore/sigstore/pull/1917
- build(deps): Bump hashicorp/vault from 1.18.2 to 1.18.3 in /test/e2e in the all group by @dependabot in https://github.com/sigstore/sigstore/pull/1915
- build(deps): Bump the gomod group across 2 directories with 5 updates by @dependabot in https://github.com/sigstore/sigstore/pull/1916
- build(deps): Bump cloud.google.com/go/kms from 1.20.3 to 1.20.4 in /pkg/signature/kms/gcp in the gomod group across 1 directory by @dependabot in https://github.com/sigstore/sigstore/pull/1920
- build(deps): Bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 by @dependabot in https://github.com/sigstore/sigstore/pull/1924
- build(deps): Bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 by @dependabot in https://github.com/sigstore/sigstore/pull/1921
- build(deps): Bump golang.org/x/term from 0.27.0 to 0.28.0 by @dependabot in https://github.com/sigstore/sigstore/pull/1922
- build(deps): Bump golang.org/x/crypto from 0.31.0 to 0.32.0 by @dependabot in https://github.com/sigstore/sigstore/pull/1923
- build(deps): Bump golang.org/x/crypto from 0.28.0 to 0.31.0 in /test/fuzz by @dependabot in https://github.com/sigstore/sigstore/pull/1908
- build(deps): Bump github.com/secure-systems-lab/go-securesystemslib from 0.8.0 to 0.9.0 by @dependabot in https://github.com/sigstore/sigstore/pull/1910
- build(deps): Bump the tools group across 1 directory with 2 updates by @dependabot in https://github.com/sigstore/sigstore/pull/1913
- cleanup ci by @cpanato in https://github.com/sigstore/sigstore/pull/1927
Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.11...v1.8.12
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
ℹ Artifact update notice
File name: go.mod
In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):
- 23 additional dependencies were updated
- The
godirective was updated for compatibility reasons
Details:
| Package | Change |
|---|---|
go |
1.22.7 -> 1.24.1 |
github.com/google/go-containerregistry |
v0.20.2 -> v0.20.3 |
golang.org/x/sync |
v0.10.0 -> v0.11.0 |
cloud.google.com/go/compute/metadata |
v0.5.0 -> v0.6.0 |
github.com/containerd/stargz-snapshotter/estargz |
v0.15.1 -> v0.16.3 |
github.com/coreos/go-oidc/v3 |
v3.11.0 -> v3.12.0 |
github.com/docker/docker |
v27.2.1+incompatible -> v27.5.0+incompatible |
github.com/go-jose/go-jose/v4 |
v4.0.4 -> v4.0.5 |
github.com/google/go-cmp |
v0.6.0 -> v0.7.0 |
github.com/klauspost/compress |
v1.17.9 -> v1.17.11 |
github.com/secure-systems-lab/go-securesystemslib |
v0.8.0 -> v0.9.0 |
github.com/sigstore/protobuf-specs |
v0.3.2 -> v0.4.0 |
github.com/vbatts/tar-split |
v0.11.5 -> v0.11.6 |
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp |
v0.54.0 -> v0.58.0 |
go.opentelemetry.io/otel |
v1.30.0 -> v1.33.0 |
go.opentelemetry.io/otel/metric |
v1.30.0 -> v1.33.0 |
go.opentelemetry.io/otel/trace |
v1.30.0 -> v1.33.0 |
golang.org/x/crypto |
v0.31.0 -> v0.35.0 |
golang.org/x/mod |
v0.21.0 -> v0.22.0 |
golang.org/x/oauth2 |
v0.24.0 -> v0.27.0 |
golang.org/x/sys |
v0.28.0 -> v0.30.0 |
golang.org/x/term |
v0.27.0 -> v0.29.0 |
golang.org/x/text |
v0.21.0 -> v0.22.0 |
google.golang.org/protobuf |
v1.36.1 -> v1.36.5 |
⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: go.sum
Command failed: go get -d -t ./...
go: module github.com/sigstore/[email protected] requires go >= 1.23.0; switching to go1.23.9
go: downloading go1.23.9 (linux/amd64)
go: download go1.23.9: golang.org/[email protected]: verifying module: checksum database disabled by GOSUMDB=off