Commit eac8ce5
authored
chore(deps): bump github.com/sigstore/sigstore-go from 1.1.4 to 1.2.0 (#267)
Bumps
[github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go)
from 1.1.4 to 1.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/sigstore-go/releases">github.com/sigstore/sigstore-go's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add preferred method for verifying log entry proofs by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/557">sigstore/sigstore-go#557</a></li>
<li>docs(verify): annotate identity matchers and regexp semantics by <a
href="https://github.com/1seal"><code>@1seal</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/558">sigstore/sigstore-go#558</a></li>
<li>Bump actions/setup-go from 6.1.0 to 6.2.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/563">sigstore/sigstore-go#563</a></li>
<li>Bump the minor-patch group across 1 directory with 7 updates by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/565">sigstore/sigstore-go#565</a></li>
<li>ensure we have verification material before attempting to extract
public key by <a
href="https://github.com/bobcallaway"><code>@bobcallaway</code></a> in
<a
href="https://redirect.github.com/sigstore/sigstore-go/pull/566">sigstore/sigstore-go#566</a></li>
<li>fix(tlog): fail closed for rekor v2 parsing by <a
href="https://github.com/1seal"><code>@1seal</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/562">sigstore/sigstore-go#562</a></li>
<li>Bump sigstore-conformance to latest by <a
href="https://github.com/cmurphy"><code>@cmurphy</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/559">sigstore/sigstore-go#559</a></li>
<li>Bump actions/checkout from 6.0.1 to 6.0.2 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/573">sigstore/sigstore-go#573</a></li>
<li>Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 in
/examples/oci-image-verification by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/576">sigstore/sigstore-go#576</a></li>
<li>Bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 in
/examples/oci-image-verification by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/571">sigstore/sigstore-go#571</a></li>
<li>Bump production and staging TUF roots by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/580">sigstore/sigstore-go#580</a></li>
<li>Support DSSE signing conformance test by <a
href="https://github.com/aaronlew02"><code>@aaronlew02</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/582">sigstore/sigstore-go#582</a></li>
<li>Fix nil pointer dereference in LiveTrustedRoot refresh by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/584">sigstore/sigstore-go#584</a></li>
<li>Bump sigstore/sigstore-conformance from 0.0.25 to 0.0.26 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/585">sigstore/sigstore-go#585</a></li>
<li>chore: remove large test dependencies by replacing ctfe usage by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/587">sigstore/sigstore-go#587</a></li>
<li>Bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/575">sigstore/sigstore-go#575</a></li>
<li>Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/569">sigstore/sigstore-go#569</a></li>
<li>Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.4.1 by
<a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/578">sigstore/sigstore-go#578</a></li>
<li>Set minimum threshold for WithIntegratedTimestamps by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/590">sigstore/sigstore-go#590</a></li>
<li>Bump all recent deps by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/586">sigstore/sigstore-go#586</a></li>
<li>Bump the minor-patch group across 1 directory with 2 updates by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/591">sigstore/sigstore-go#591</a></li>
<li>Bump github.com/docker/cli from 29.0.3+incompatible to
29.2.0+incompatible in /examples/oci-image-verification by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/595">sigstore/sigstore-go#595</a></li>
<li>deps: update go-openapi/strfmt to v0.26.1 by <a
href="https://github.com/tonistiigi"><code>@tonistiigi</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/603">sigstore/sigstore-go#603</a></li>
<li>verify message digest matches artifact hash by <a
href="https://github.com/piceri"><code>@piceri</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/600">sigstore/sigstore-go#600</a></li>
<li>Run go fix across codebase by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/610">sigstore/sigstore-go#610</a></li>
<li>Harden verification, HTTP clients, and TUF by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/609">sigstore/sigstore-go#609</a></li>
<li>Verify log entry digest matches artifact/envelope by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/611">sigstore/sigstore-go#611</a></li>
<li>Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/608">sigstore/sigstore-go#608</a></li>
<li>Bump actions/setup-go from 6.2.0 to 6.4.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/606">sigstore/sigstore-go#606</a></li>
<li>Bump github.com/sigstore/timestamp-authority/v2 from 2.0.4 to 2.0.6
in /examples/oci-image-verification by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/614">sigstore/sigstore-go#614</a></li>
<li>Bump google.golang.org/grpc from 1.78.0 to 1.79.3 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/601">sigstore/sigstore-go#601</a></li>
<li>Bump github.com/sigstore/timestamp-authority/v2 from 2.0.4 to 2.0.6
by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/613">sigstore/sigstore-go#613</a></li>
<li>Bump go-tuf, rekor-tiles versions by <a
href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/616">sigstore/sigstore-go#616</a></li>
<li>Bump sigstore/sigstore-conformance from 0.0.26 to 0.0.27 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/621">sigstore/sigstore-go#621</a></li>
<li>Bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 in
/examples/oci-image-verification by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/623">sigstore/sigstore-go#623</a></li>
<li>Bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/624">sigstore/sigstore-go#624</a></li>
<li>bundle: cap raw TlogEntries length before per-entry parse by <a
href="https://github.com/tonghuaroot"><code>@tonghuaroot</code></a> in
<a
href="https://redirect.github.com/sigstore/sigstore-go/pull/630">sigstore/sigstore-go#630</a></li>
<li>Prevent multi-log threshold bypasses via single compromised log by
<a href="https://github.com/Hayden-IO"><code>@Hayden-IO</code></a> in
<a
href="https://redirect.github.com/sigstore/sigstore-go/pull/633">sigstore/sigstore-go#633</a></li>
<li>Verify Rekor v2 inclusion using reconstructed leaf hash by <a
href="https://github.com/codysoyland"><code>@codysoyland</code></a> in
<a
href="https://redirect.github.com/sigstore/sigstore-go/pull/635">sigstore/sigstore-go#635</a></li>
<li>Encode Rekor v2 DSSE envelopes as hashedrekord by <a
href="https://github.com/codysoyland"><code>@codysoyland</code></a> in
<a
href="https://redirect.github.com/sigstore/sigstore-go/pull/627">sigstore/sigstore-go#627</a></li>
<li>Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/631">sigstore/sigstore-go#631</a></li>
<li>Bump the minor-patch group across 2 directories with 10 updates by
<a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/637">sigstore/sigstore-go#637</a></li>
<li>Fix conformance test failures for managed-key verification by <a
href="https://github.com/codysoyland"><code>@codysoyland</code></a> in
<a
href="https://redirect.github.com/sigstore/sigstore-go/pull/638">sigstore/sigstore-go#638</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/1seal"><code>@1seal</code></a> made
their first contribution in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/558">sigstore/sigstore-go#558</a></li>
<li><a
href="https://github.com/aaronlew02"><code>@aaronlew02</code></a> made
their first contribution in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/582">sigstore/sigstore-go#582</a></li>
<li><a
href="https://github.com/tonistiigi"><code>@tonistiigi</code></a> made
their first contribution in <a
href="https://redirect.github.com/sigstore/sigstore-go/pull/603">sigstore/sigstore-go#603</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/8ca80c47ef03d26ebf174db7c296700b075b2c16"><code>8ca80c4</code></a>
Fix conformance test failures for managed-key verification (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/561">#561</a>)
(<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/638">#638</a>)</li>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/40d743a4757019f71a5cca6e66bfa0e2fd86d048"><code>40d743a</code></a>
Bump the minor-patch group across 2 directories with 10 updates (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/637">#637</a>)</li>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/7960906321475348f5c32286f4857e067541f58d"><code>7960906</code></a>
Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/631">#631</a>)</li>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/ef6e924863714720e67d82a7908038b7f092c89e"><code>ef6e924</code></a>
Encode Rekor v2 DSSE envelopes as hashedrekord (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/627">#627</a>)</li>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/56c2528195bf85aadcdd52b40c469e2d02b5a084"><code>56c2528</code></a>
Verify Rekor v2 inclusion using reconstructed leaf hash (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/635">#635</a>)</li>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/dbb07e62623edd5b175fb9dd5a41dcb85a159207"><code>dbb07e6</code></a>
Prevent multi-log threshold bypasses via single compromised log (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/633">#633</a>)</li>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/7e8ee0fa3154ccfaf0183e6d5d7b218faca59bae"><code>7e8ee0f</code></a>
bundle: cap raw TlogEntries length before per-entry parse (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/630">#630</a>)</li>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/58c7950fa12b4d7e59daf376d2e51a89400a70c5"><code>58c7950</code></a>
Bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/624">#624</a>)</li>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/1ad51ea97321c344d52e8e100f3a68d5039b0647"><code>1ad51ea</code></a>
Bump github.com/in-toto/in-toto-golang (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/623">#623</a>)</li>
<li><a
href="https://github.com/sigstore/sigstore-go/commit/566ec6c9210f4c54bf0c89d0acf3c8b031d23a04"><code>566ec6c</code></a>
Bump sigstore/sigstore-conformance from 0.0.26 to 0.0.27 (<a
href="https://redirect.github.com/sigstore/sigstore-go/issues/621">#621</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sigstore/sigstore-go/compare/v1.1.4...v1.2.0">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 6e041cd commit eac8ce5
2 files changed
Lines changed: 52 additions & 58 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
166 | 166 | | |
167 | 167 | | |
168 | 168 | | |
169 | | - | |
| 169 | + | |
170 | 170 | | |
171 | 171 | | |
172 | | - | |
| 172 | + | |
173 | 173 | | |
174 | | - | |
| 174 | + | |
175 | 175 | | |
176 | | - | |
| 176 | + | |
177 | 177 | | |
178 | 178 | | |
179 | 179 | | |
| |||
187 | 187 | | |
188 | 188 | | |
189 | 189 | | |
190 | | - | |
| 190 | + | |
191 | 191 | | |
192 | 192 | | |
193 | 193 | | |
| |||
212 | 212 | | |
213 | 213 | | |
214 | 214 | | |
215 | | - | |
| 215 | + | |
216 | 216 | | |
217 | 217 | | |
218 | 218 | | |
219 | 219 | | |
220 | 220 | | |
221 | 221 | | |
222 | 222 | | |
223 | | - | |
| 223 | + | |
224 | 224 | | |
225 | 225 | | |
226 | 226 | | |
| |||
294 | 294 | | |
295 | 295 | | |
296 | 296 | | |
297 | | - | |
| 297 | + | |
298 | 298 | | |
299 | | - | |
| 299 | + | |
300 | 300 | | |
301 | 301 | | |
302 | 302 | | |
| |||
313 | 313 | | |
314 | 314 | | |
315 | 315 | | |
316 | | - | |
| 316 | + | |
317 | 317 | | |
318 | 318 | | |
319 | 319 | | |
320 | 320 | | |
321 | 321 | | |
322 | 322 | | |
323 | 323 | | |
324 | | - | |
| 324 | + | |
325 | 325 | | |
326 | 326 | | |
327 | 327 | | |
| |||
340 | 340 | | |
341 | 341 | | |
342 | 342 | | |
343 | | - | |
| 343 | + | |
344 | 344 | | |
345 | 345 | | |
346 | 346 | | |
347 | | - | |
348 | | - | |
349 | | - | |
350 | | - | |
| 347 | + | |
| 348 | + | |
| 349 | + | |
| 350 | + | |
351 | 351 | | |
352 | 352 | | |
353 | 353 | | |
| |||
0 commit comments