cosign
cosign copied to clipboard
sigstore
bump mongo dep to avoid retracted version
Summary
cosign depends on mongo via github.com/go-openapi/strfmt
mongo has retracted v0.10.0 due to a possible data corruption bug (that I don't believe affects cosign in any way at all), which means folks that go get ./... from the cosign repo, or any dependent of cosign, see this scary sounding warning:
go: warning: go.mongodb.org/[email protected]: retracted by module author: Contains a possible data corruption bug in RewrapManyDataKey when using libmongocrypt versions less than 1.5.2.
go: to switch to the latest unretracted version, run:
go get go.mongodb.org/mongo-driver@latest
This bumps our dep on mongo-driver using:
go get -u github.com/go-openapi/strfmt@latest
...so the warning goes away.
see also https://github.com/ko-build/ko/issues/832
Release Note
NONE
Documentation
Codecov Report
Merging #2295 (a40b983) into main (727e3e1) will not change coverage. The diff coverage is
n/a.
@@ Coverage Diff @@
## main #2295 +/- ##
=======================================
Coverage 28.81% 28.81%
=======================================
Files 131 131
Lines 7941 7941
=======================================
Hits 2288 2288
Misses 5340 5340
Partials 313 313
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.
This PR was closed because it has been stalled for 10 days with no activity.