Bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4#437
Closed
dependabot[bot] wants to merge 577 commits into
Closed
Bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4#437dependabot[bot] wants to merge 577 commits into
dependabot[bot] wants to merge 577 commits into
Conversation
- Use the same code path for TestKpack/TestK8s/TestK8sAndKpack - Use kpack sorters to avoid needing separate k8sObjects/kpackObjects fields
- This allows the contents of --local-source to be deterministic based on contents - Allows the uploader test resilient to digest changes
Add support to read descriptor from stdin with a "-"
Refactor test helpers
Zero out mod time
Only delete temporary tar after it has been written to registry
- add kp config canonical-repository - add kp config canonical-service-account
Use e as shorthard for env flag in image commands
add kp config commands
- Show configured source (image spec) - Show latest successful and failed build git revision if git source fix #188
Migrate kpack client to build api v1alpha2
- Use new kpack api packages
Migrate to new v1alpha2 image cache config
- enables testing of main package functions - slims main package - allows reuse of main package functions in docs main package which generates docs
Rename canonical to default
- rework diffing logic for new import flow
write all imported resources to the same image
Add image-resource alias to image command
- Always read and write from the new and old sets of keys when writing - When reading they keys, use the new keys first - Only set relevent keys when writing the config map (new behavior)
Use v1alpha1
…ctions/actions/setup-go-5 Bump actions/setup-go from 4 to 5
…es/google.golang.org/grpc-1.57.1 Bump google.golang.org/grpc from 1.57.0 to 1.57.1
…es/github.com/docker/docker-24.0.7incompatible Bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible
Change the output of import commands to return arrays
README: Fix download link
README: Correct homebrew instructions
Bump github.com/spf13/cobra from 1.7.0 to 1.8.1
Signed-off-by: Robert Gogolok <robert.gogolok@stackit.cloud>
Signed-off-by: Robert Gogolok <robert.gogolok@stackit.cloud>
Signed-off-by: Robert Gogolok <gogolok@gmail.com>
Provide required permissions and remove obsolete 'token' field. Signed-off-by: Robert Gogolok <robert.gogolok@stackit.cloud>
- Add 'kp clusterlifecycle create' - Create cluster-scoped lifecycle - Add 'kp clusterlifecycle delete' - Delete cluster lifecycle - Add 'kp clusterlifecycle list' - List all cluster lifecycles - Add 'kp clusterlifecycle patch' - Patch existing lifecycle - Add 'kp clusterlifecycle save' - Create or patch lifecycle - Add 'kp clusterlifecycle status' - Display lifecycle status - Add deprecation warning to 'kp lifecycle patch' command - Directs users to use 'kp clusterlifecycle' commands instead
- Fix bug in UpdateLifecycle method to use Spec.ImageSource.Image instead of Spec.Image
- Fix typo in patch command documentation ('the the' -> 'the')
- Add comment to compatibility layer explaining ErrV1alpha2Required behavior
…mmand feat: add ClusterLifecycle command and deprecate lifecycle command
…ildpack support (#434) * feat: Migrate kp import to v1 API with ClusterLifecycle and ClusterBuildpack support This PR migrates the kp import command to use the new v1 API (kp.kpack.io/v1) with support for ClusterLifecycle and ClusterBuildpack CRDs. API Version Migration: - Update dependency descriptor to support kp.kpack.io/v1 API version - Add automatic conversion from v1alpha1 and v1alpha3 descriptors to v1 - Replace ConfigMap-based lifecycle management with ClusterLifecycle CRDs ClusterLifecycle Support: - Import creates ClusterLifecycle resources instead of updating the lifecycle ConfigMap - Support for multiple named lifecycles in a single descriptor - Add defaultClusterLifecycle field for aliasing (creates a 'default-lifecycle' alias) - Lifecycle images are pre-loaded (relocated) to the default repository ClusterBuildpack Support: - Add new clusterBuildpacks section to dependency descriptor - Support for standalone buildpack images (not part of a store) - Add defaultClusterBuildpack field for aliasing (creates a 'default' alias) - Buildpack images are pre-loaded (relocated) to the default repository - Buildpack image validation (checks for io.buildpacks.buildpackage.metadata label) ClusterBuilder Improvements: - Skip store reference in ClusterBuilder when clusterStore field is empty - Allows builders that only use ClusterBuildpacks without a ClusterStore Code Organization: - Move descriptor types and conversion logic to pkg/import/descriptor/ - Separate files for each API version (v1alpha1.go, v1alpha3.go, v1.go) - Add LastAppliedConfiguration annotation to ClusterLifecycle and ClusterBuildpack Backward Compatibility: - v1alpha1 and v1alpha3 descriptors are automatically converted to v1 format - Existing descriptors continue to work without modification - The lifecycle field in v1alpha3 is converted to a ClusterLifecycle named 'default-lifecycle' * Fix: comment update to reflect new pkg name --------- Co-authored-by: Neil Hickey <neil-hickey@users.noreply.github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. - [Commits](golang/crypto@v0.43.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.9.5 to 1.10.4. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.5...v1.10.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
tomkennedy513
force-pushed
the
dependabot/go_modules/github.com/sigstore/sigstore-1.10.4
branch
from
7a00353 to
324fb95
Compare
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps github.com/sigstore/sigstore from 1.9.5 to 1.10.4.
Release notes
Sourced from github.com/sigstore/sigstore's releases.
... (truncated)
Commits
8ec410aEscape target name - GHSA-fcv2-xgw5-pqxf (#2265)deef0eebuild(deps): Bump golang.org/x/crypto in /test/cliplugin/localkms (#2256)641406cbuild(deps): Bump the gomod group across 2 directories with 4 updates (#2255)1bfd00ebuild(deps): Bump the tools group across 1 directory with 2 updates (#2254)714ac99build(deps): Bump hashicorp/vault in /test/e2e in the all group (#2253)626b82bbuild(deps): Bump localstack/localstack in /test/e2e in the all group (#2241)72f0ed7build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)b257168build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)84f57b8build(deps): Bump github.com/sigstore/sigstore (#2221)bdc1a86build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.