Skip to content

Commit eac8ce5

Browse files
chore(deps): bump github.com/sigstore/sigstore-go from 1.1.4 to 1.2.0 (#267)
Bumps [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) from 1.1.4 to 1.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/sigstore-go/releases">github.com/sigstore/sigstore-go's releases</a>.</em></p> <blockquote> <h2>v1.2.0</h2> <h2>What's Changed</h2> <ul> <li>Add preferred method for verifying log entry proofs by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/557">sigstore/sigstore-go#557</a></li> <li>docs(verify): annotate identity matchers and regexp semantics by <a href="https://github.com/1seal"><code>@​1seal</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/558">sigstore/sigstore-go#558</a></li> <li>Bump actions/setup-go from 6.1.0 to 6.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/563">sigstore/sigstore-go#563</a></li> <li>Bump the minor-patch group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/565">sigstore/sigstore-go#565</a></li> <li>ensure we have verification material before attempting to extract public key by <a href="https://github.com/bobcallaway"><code>@​bobcallaway</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/566">sigstore/sigstore-go#566</a></li> <li>fix(tlog): fail closed for rekor v2 parsing by <a href="https://github.com/1seal"><code>@​1seal</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/562">sigstore/sigstore-go#562</a></li> <li>Bump sigstore-conformance to latest by <a href="https://github.com/cmurphy"><code>@​cmurphy</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/559">sigstore/sigstore-go#559</a></li> <li>Bump actions/checkout from 6.0.1 to 6.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/573">sigstore/sigstore-go#573</a></li> <li>Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 in /examples/oci-image-verification by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/576">sigstore/sigstore-go#576</a></li> <li>Bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 in /examples/oci-image-verification by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/571">sigstore/sigstore-go#571</a></li> <li>Bump production and staging TUF roots by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/580">sigstore/sigstore-go#580</a></li> <li>Support DSSE signing conformance test by <a href="https://github.com/aaronlew02"><code>@​aaronlew02</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/582">sigstore/sigstore-go#582</a></li> <li>Fix nil pointer dereference in LiveTrustedRoot refresh by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/584">sigstore/sigstore-go#584</a></li> <li>Bump sigstore/sigstore-conformance from 0.0.25 to 0.0.26 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/585">sigstore/sigstore-go#585</a></li> <li>chore: remove large test dependencies by replacing ctfe usage by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/587">sigstore/sigstore-go#587</a></li> <li>Bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/575">sigstore/sigstore-go#575</a></li> <li>Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/569">sigstore/sigstore-go#569</a></li> <li>Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/578">sigstore/sigstore-go#578</a></li> <li>Set minimum threshold for WithIntegratedTimestamps by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/590">sigstore/sigstore-go#590</a></li> <li>Bump all recent deps by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/586">sigstore/sigstore-go#586</a></li> <li>Bump the minor-patch group across 1 directory with 2 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/591">sigstore/sigstore-go#591</a></li> <li>Bump github.com/docker/cli from 29.0.3+incompatible to 29.2.0+incompatible in /examples/oci-image-verification by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/595">sigstore/sigstore-go#595</a></li> <li>deps: update go-openapi/strfmt to v0.26.1 by <a href="https://github.com/tonistiigi"><code>@​tonistiigi</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/603">sigstore/sigstore-go#603</a></li> <li>verify message digest matches artifact hash by <a href="https://github.com/piceri"><code>@​piceri</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/600">sigstore/sigstore-go#600</a></li> <li>Run go fix across codebase by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/610">sigstore/sigstore-go#610</a></li> <li>Harden verification, HTTP clients, and TUF by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/609">sigstore/sigstore-go#609</a></li> <li>Verify log entry digest matches artifact/envelope by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/611">sigstore/sigstore-go#611</a></li> <li>Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/608">sigstore/sigstore-go#608</a></li> <li>Bump actions/setup-go from 6.2.0 to 6.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/606">sigstore/sigstore-go#606</a></li> <li>Bump github.com/sigstore/timestamp-authority/v2 from 2.0.4 to 2.0.6 in /examples/oci-image-verification by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/614">sigstore/sigstore-go#614</a></li> <li>Bump google.golang.org/grpc from 1.78.0 to 1.79.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/601">sigstore/sigstore-go#601</a></li> <li>Bump github.com/sigstore/timestamp-authority/v2 from 2.0.4 to 2.0.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/613">sigstore/sigstore-go#613</a></li> <li>Bump go-tuf, rekor-tiles versions by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/616">sigstore/sigstore-go#616</a></li> <li>Bump sigstore/sigstore-conformance from 0.0.26 to 0.0.27 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/621">sigstore/sigstore-go#621</a></li> <li>Bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 in /examples/oci-image-verification by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/623">sigstore/sigstore-go#623</a></li> <li>Bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/624">sigstore/sigstore-go#624</a></li> <li>bundle: cap raw TlogEntries length before per-entry parse by <a href="https://github.com/tonghuaroot"><code>@​tonghuaroot</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/630">sigstore/sigstore-go#630</a></li> <li>Prevent multi-log threshold bypasses via single compromised log by <a href="https://github.com/Hayden-IO"><code>@​Hayden-IO</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/633">sigstore/sigstore-go#633</a></li> <li>Verify Rekor v2 inclusion using reconstructed leaf hash by <a href="https://github.com/codysoyland"><code>@​codysoyland</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/635">sigstore/sigstore-go#635</a></li> <li>Encode Rekor v2 DSSE envelopes as hashedrekord by <a href="https://github.com/codysoyland"><code>@​codysoyland</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/627">sigstore/sigstore-go#627</a></li> <li>Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/631">sigstore/sigstore-go#631</a></li> <li>Bump the minor-patch group across 2 directories with 10 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/637">sigstore/sigstore-go#637</a></li> <li>Fix conformance test failures for managed-key verification by <a href="https://github.com/codysoyland"><code>@​codysoyland</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/638">sigstore/sigstore-go#638</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/1seal"><code>@​1seal</code></a> made their first contribution in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/558">sigstore/sigstore-go#558</a></li> <li><a href="https://github.com/aaronlew02"><code>@​aaronlew02</code></a> made their first contribution in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/582">sigstore/sigstore-go#582</a></li> <li><a href="https://github.com/tonistiigi"><code>@​tonistiigi</code></a> made their first contribution in <a href="https://redirect.github.com/sigstore/sigstore-go/pull/603">sigstore/sigstore-go#603</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/sigstore-go/commit/8ca80c47ef03d26ebf174db7c296700b075b2c16"><code>8ca80c4</code></a> Fix conformance test failures for managed-key verification (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/561">#561</a>) (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/638">#638</a>)</li> <li><a href="https://github.com/sigstore/sigstore-go/commit/40d743a4757019f71a5cca6e66bfa0e2fd86d048"><code>40d743a</code></a> Bump the minor-patch group across 2 directories with 10 updates (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/637">#637</a>)</li> <li><a href="https://github.com/sigstore/sigstore-go/commit/7960906321475348f5c32286f4857e067541f58d"><code>7960906</code></a> Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/631">#631</a>)</li> <li><a href="https://github.com/sigstore/sigstore-go/commit/ef6e924863714720e67d82a7908038b7f092c89e"><code>ef6e924</code></a> Encode Rekor v2 DSSE envelopes as hashedrekord (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/627">#627</a>)</li> <li><a href="https://github.com/sigstore/sigstore-go/commit/56c2528195bf85aadcdd52b40c469e2d02b5a084"><code>56c2528</code></a> Verify Rekor v2 inclusion using reconstructed leaf hash (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/635">#635</a>)</li> <li><a href="https://github.com/sigstore/sigstore-go/commit/dbb07e62623edd5b175fb9dd5a41dcb85a159207"><code>dbb07e6</code></a> Prevent multi-log threshold bypasses via single compromised log (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/633">#633</a>)</li> <li><a href="https://github.com/sigstore/sigstore-go/commit/7e8ee0fa3154ccfaf0183e6d5d7b218faca59bae"><code>7e8ee0f</code></a> bundle: cap raw TlogEntries length before per-entry parse (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/630">#630</a>)</li> <li><a href="https://github.com/sigstore/sigstore-go/commit/58c7950fa12b4d7e59daf376d2e51a89400a70c5"><code>58c7950</code></a> Bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/624">#624</a>)</li> <li><a href="https://github.com/sigstore/sigstore-go/commit/1ad51ea97321c344d52e8e100f3a68d5039b0647"><code>1ad51ea</code></a> Bump github.com/in-toto/in-toto-golang (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/623">#623</a>)</li> <li><a href="https://github.com/sigstore/sigstore-go/commit/566ec6c9210f4c54bf0c89d0acf3c8b031d23a04"><code>566ec6c</code></a> Bump sigstore/sigstore-conformance from 0.0.26 to 0.0.27 (<a href="https://redirect.github.com/sigstore/sigstore-go/issues/621">#621</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/sigstore-go/compare/v1.1.4...v1.2.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 6e041cd commit eac8ce5

2 files changed

Lines changed: 52 additions & 58 deletions

File tree

go.mod

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -166,14 +166,14 @@ require (
166166
github.com/go-jose/go-jose/v4 v4.1.4 // indirect
167167
github.com/go-logr/logr v1.4.3 // indirect
168168
github.com/go-logr/stdr v1.2.2 // indirect
169-
github.com/go-openapi/analysis v0.25.0 // indirect
169+
github.com/go-openapi/analysis v0.25.2 // indirect
170170
github.com/go-openapi/errors v0.22.7 // indirect
171171
github.com/go-openapi/jsonpointer v0.23.1 // indirect
172-
github.com/go-openapi/jsonreference v0.21.5 // indirect
172+
github.com/go-openapi/jsonreference v0.21.6 // indirect
173173
github.com/go-openapi/loads v0.23.3 // indirect
174-
github.com/go-openapi/runtime v0.32.2 // indirect
174+
github.com/go-openapi/runtime v0.32.3 // indirect
175175
github.com/go-openapi/runtime/server-middleware v0.30.0 // indirect
176-
github.com/go-openapi/spec v0.22.4 // indirect
176+
github.com/go-openapi/spec v0.22.5 // indirect
177177
github.com/go-openapi/strfmt v0.26.3 // indirect
178178
github.com/go-openapi/swag v0.26.0 // indirect
179179
github.com/go-openapi/swag/cmdutils v0.26.0 // indirect
@@ -187,7 +187,7 @@ require (
187187
github.com/go-openapi/swag/stringutils v0.26.0 // indirect
188188
github.com/go-openapi/swag/typeutils v0.26.1 // indirect
189189
github.com/go-openapi/swag/yamlutils v0.26.0 // indirect
190-
github.com/go-openapi/validate v0.25.2 // indirect
190+
github.com/go-openapi/validate v0.25.3 // indirect
191191
github.com/go-test/deep v1.1.1 // indirect
192192
github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
193193
github.com/gobwas/glob v0.2.3 // indirect
@@ -212,15 +212,15 @@ require (
212212
github.com/googleapis/gax-go/v2 v2.22.0 // indirect
213213
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
214214
github.com/gowebpki/jcs v1.0.1 // indirect
215-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect
215+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0 // indirect
216216
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
217217
github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
218218
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
219219
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
220220
github.com/hashicorp/go-version v1.9.0 // indirect
221221
github.com/hashicorp/vault-client-go v0.4.3 // indirect
222222
github.com/ianlancetaylor/demangle v0.0.0-20250417193237-f615e6bd150b // indirect
223-
github.com/in-toto/attestation v1.1.2 // indirect
223+
github.com/in-toto/attestation v1.2.0 // indirect
224224
github.com/in-toto/in-toto-golang v0.11.0 // indirect
225225
github.com/inconshreveable/mousetrap v1.1.0 // indirect
226226
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@@ -294,9 +294,9 @@ require (
294294
github.com/sigstore/fulcio v1.8.5 // indirect
295295
github.com/sigstore/protobuf-specs v0.5.1 // indirect
296296
github.com/sigstore/rekor v1.5.2 // indirect
297-
github.com/sigstore/rekor-tiles/v2 v2.2.1 // indirect
297+
github.com/sigstore/rekor-tiles/v2 v2.2.2-0.20260601073857-5d098a2b6443 // indirect
298298
github.com/sigstore/sigstore v1.10.8 // indirect
299-
github.com/sigstore/sigstore-go v1.1.4 // indirect
299+
github.com/sigstore/sigstore-go v1.2.0 // indirect
300300
github.com/sigstore/timestamp-authority/v2 v2.1.2 // indirect
301301
github.com/sirupsen/logrus v1.9.4 // indirect
302302
github.com/skeema/knownhosts v1.3.2 // indirect
@@ -313,15 +313,15 @@ require (
313313
github.com/texttheater/golang-levenshtein/levenshtein v0.0.0-20200805054039-cae8b0eaed6c // indirect
314314
github.com/thales-e-security/pool v0.0.2 // indirect
315315
github.com/theupdateframework/go-tuf v0.7.0 // indirect
316-
github.com/theupdateframework/go-tuf/v2 v2.4.1 // indirect
316+
github.com/theupdateframework/go-tuf/v2 v2.4.2-0.20260407074541-7e8f69f906ef // indirect
317317
github.com/tidwall/gjson v1.18.0 // indirect
318318
github.com/tidwall/match v1.1.1 // indirect
319319
github.com/tidwall/pretty v1.2.1 // indirect
320320
github.com/tidwall/sjson v1.2.5 // indirect
321321
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
322322
github.com/tjfoc/gmsm v1.4.1 // indirect
323323
github.com/tonglil/buflogr v1.1.1 // indirect
324-
github.com/transparency-dev/formats v0.0.0-20251103090025-99ec6f4410eb // indirect
324+
github.com/transparency-dev/formats v0.1.1 // indirect
325325
github.com/transparency-dev/merkle v0.0.2 // indirect
326326
github.com/ulikunitz/xz v0.5.15 // indirect
327327
github.com/valyala/bytebufferpool v1.0.0 // indirect
@@ -340,14 +340,14 @@ require (
340340
gitlab.com/gitlab-org/api/client-go v1.46.0 // indirect
341341
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
342342
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 // indirect
343-
go.opentelemetry.io/otel v1.43.0 // indirect
343+
go.opentelemetry.io/otel v1.44.0 // indirect
344344
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 // indirect
345345
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect
346346
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 // indirect
347-
go.opentelemetry.io/otel/metric v1.43.0 // indirect
348-
go.opentelemetry.io/otel/sdk v1.43.0 // indirect
349-
go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect
350-
go.opentelemetry.io/otel/trace v1.43.0 // indirect
347+
go.opentelemetry.io/otel/metric v1.44.0 // indirect
348+
go.opentelemetry.io/otel/sdk v1.44.0 // indirect
349+
go.opentelemetry.io/otel/sdk/metric v1.44.0 // indirect
350+
go.opentelemetry.io/otel/trace v1.44.0 // indirect
351351
go.opentelemetry.io/proto/otlp v1.10.0 // indirect
352352
go.podman.io/image/v5 v5.40.0 // indirect
353353
go.podman.io/storage v1.63.0 // indirect

0 commit comments

Comments
 (0)