cosign icon indicating copy to clipboard operation
cosign copied to clipboard

bump mongo dep to avoid retracted version

Open imjasonh opened this issue 3 years ago • 1 comments

Summary

cosign depends on mongo via github.com/go-openapi/strfmt

mongo has retracted v0.10.0 due to a possible data corruption bug (that I don't believe affects cosign in any way at all), which means folks that go get ./... from the cosign repo, or any dependent of cosign, see this scary sounding warning:

go: warning: go.mongodb.org/[email protected]: retracted by module author: Contains a possible data corruption bug in RewrapManyDataKey when using libmongocrypt versions less than 1.5.2.
go: to switch to the latest unretracted version, run:
	go get go.mongodb.org/mongo-driver@latest

This bumps our dep on mongo-driver using:

go get -u github.com/go-openapi/strfmt@latest

...so the warning goes away.

see also https://github.com/ko-build/ko/issues/832

Release Note

NONE

Documentation

imjasonh avatar Sep 28 '22 20:09 imjasonh

Codecov Report

Merging #2295 (a40b983) into main (727e3e1) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2295   +/-   ##
=======================================
  Coverage   28.81%   28.81%           
=======================================
  Files         131      131           
  Lines        7941     7941           
=======================================
  Hits         2288     2288           
  Misses       5340     5340           
  Partials      313      313           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov-commenter avatar Sep 28 '22 20:09 codecov-commenter

@imjasonh We got some conflicts here.

hectorj2f avatar Oct 21 '22 08:10 hectorj2f

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.

github-actions[bot] avatar Nov 21 '22 02:11 github-actions[bot]

@imjasonh ping :)

cpanato avatar Nov 21 '22 09:11 cpanato

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.

github-actions[bot] avatar Dec 22 '22 01:12 github-actions[bot]

This PR was closed because it has been stalled for 10 days with no activity.

github-actions[bot] avatar Jan 01 '23 02:01 github-actions[bot]