Skip to content

Commit 9b7c555

Browse files
dependabot[bot]dependabot[bot]
authored
Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (#506)
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.4.3 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <p>v2.5.0 includes an implementation of the new bundle specification, attesting and verifying OCI image attestations uploaded as OCI artifacts. This feature is currently gated behind the <code>--new-bundle-format</code> flag when running <code>cosign attest</code>.</p> <h2>Features</h2> <ul> <li>Add support for new bundle specification for attesting/verifying OCI image attestations (<a href="https://redirect.github.com/sigstore/cosign/issues/3889">#3889</a>)</li> <li>Feat/non filename completions (<a href="https://redirect.github.com/sigstore/cosign/issues/4115">#4115</a>)</li> <li>Add TSA certificate related flags and fields for cosign attest (<a href="https://redirect.github.com/sigstore/cosign/issues/4079">#4079</a>)</li> </ul> <h2>Fixes</h2> <ul> <li>cmd/cosign/cli: fix typo in ignoreTLogMessage (<a href="https://redirect.github.com/sigstore/cosign/issues/4111">#4111</a>)</li> <li>Fix replace with compliant image mediatype (<a href="https://redirect.github.com/sigstore/cosign/issues/4077">#4077</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.5.0</h1> <p>v2.5.0 includes an implementation of the new bundle specification, attesting and verifying OCI image attestations uploaded as OCI artifacts. This feature is currently gated behind the <code>--new-bundle-format</code> flag when running <code>cosign attest</code>.</p> <h2>Features</h2> <ul> <li>Add support for new bundle specification for attesting/verifying OCI image attestations (<a href="https://redirect.github.com/sigstore/cosign/issues/3889">#3889</a>)</li> <li>Feat/non filename completions (<a href="https://redirect.github.com/sigstore/cosign/issues/4115">#4115</a>)</li> <li>Add TSA certificate related flags and fields for cosign attest (<a href="https://redirect.github.com/sigstore/cosign/issues/4079">#4079</a>)</li> </ul> <h2>Fixes</h2> <ul> <li>cmd/cosign/cli: fix typo in ignoreTLogMessage (<a href="https://redirect.github.com/sigstore/cosign/issues/4111">#4111</a>)</li> <li>Fix replace with compliant image mediatype (<a href="https://redirect.github.com/sigstore/cosign/issues/4077">#4077</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>Bob Callaway</li> <li>Carlos Tadeu Panato Junior</li> <li>Cody Soyland</li> <li>Dmitry Savintsev</li> <li>Hayden B</li> <li>Ramon Petgrave</li> <li>Riccardo Schirone</li> <li>Stef Graces</li> <li>Ville Skyttä</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign/commit/38bb98697005cdc5c092f031594c0e45d039f4a0"><code>38bb986</code></a> chore(deps): bump cuelang.org/go in the gomod group across 1 directory (<a href="https://redirect.github.com/sigstore/cosign/issues/4154">#4154</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/076da852923f0ca5619ff998e2546a4c2acabe51"><code>076da85</code></a> chore(deps): bump gitlab.com/gitlab-org/api/client-go (<a href="https://redirect.github.com/sigstore/cosign/issues/4149">#4149</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/e7099da7a62ad53d1201a6f0dd169ccb248125e8"><code>e7099da</code></a> chore(deps): bump github.com/buildkite/agent/v3 from 3.93.1 to 3.95.1 (<a href="https://redirect.github.com/sigstore/cosign/issues/4139">#4139</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/c351ca819ac6eb3daeb7fc98dff9a16791fcac0b"><code>c351ca8</code></a> chore(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/4147">#4147</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/76d23ba9de3ce8e98c062925aa9ea1d2fe64e766"><code>76d23ba</code></a> Update sigstore-go to pick up bug fixes (<a href="https://redirect.github.com/sigstore/cosign/issues/4150">#4150</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/c6c96ea4c99fa441e77a39b79d3024f931ddf9f6"><code>c6c96ea</code></a> chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 (<a href="https://redirect.github.com/sigstore/cosign/issues/4148">#4148</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/6e7a9f9568acbb361fba7ba0364ab782ecfa2376"><code>6e7a9f9</code></a> Update golangci-lint to v2, update golangci-lint-action (<a href="https://redirect.github.com/sigstore/cosign/issues/4143">#4143</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/37bae90768f66c930b5630d0f570778141878737"><code>37bae90</code></a> Feat/non filename completions (<a href="https://redirect.github.com/sigstore/cosign/issues/4115">#4115</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/4c329965c5987c922b0fcd3f67a131f2e88eb337"><code>4c32996</code></a> chore(deps): bump the gomod group with 5 updates (<a href="https://redirect.github.com/sigstore/cosign/issues/4129">#4129</a>)</li> <li><a href="https://github.com/sigstore/cosign/commit/11b12fa69e282e225446ddf9282aa81b63e6ab46"><code>11b12fa</code></a> chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (<a href="https://redirect.github.com/sigstore/cosign/issues/4125">#4125</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/cosign/compare/v2.4.3...v2.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.4.3&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent a26651c commit 9b7c555

File tree

2 files changed

+242
-57
lines changed

2 files changed

+242
-57
lines changed

go.mod

Lines changed: 36 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ require (
1313
github.com/hashicorp/terraform-plugin-go v0.26.0
1414
github.com/hashicorp/terraform-plugin-log v0.9.0
1515
github.com/hashicorp/terraform-plugin-testing v1.12.0
16-
github.com/sigstore/cosign/v2 v2.4.3
16+
github.com/sigstore/cosign/v2 v2.5.0
1717
golang.org/x/sync v0.13.0
1818
gopkg.in/yaml.v2 v2.4.0
1919
k8s.io/apimachinery v0.32.3
@@ -52,6 +52,8 @@ require (
5252
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
5353
github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect
5454
github.com/cyphar/filepath-securejoin v0.4.1 // indirect
55+
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
56+
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
5557
github.com/distribution/reference v0.6.0 // indirect
5658
github.com/docker/cli v27.5.1+incompatible // indirect
5759
github.com/docker/distribution v2.8.3+incompatible // indirect
@@ -63,6 +65,7 @@ require (
6365
github.com/emirpasic/gods v1.18.1 // indirect
6466
github.com/fatih/color v1.16.0 // indirect
6567
github.com/felixge/httpsnoop v1.0.4 // indirect
68+
github.com/fsnotify/fsnotify v1.8.0 // indirect
6669
github.com/go-chi/chi v4.1.2+incompatible // indirect
6770
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
6871
github.com/go-git/go-billy/v5 v5.6.2 // indirect
@@ -73,22 +76,24 @@ require (
7376
github.com/go-logr/logr v1.4.2 // indirect
7477
github.com/go-logr/stdr v1.2.2 // indirect
7578
github.com/go-openapi/analysis v0.23.0 // indirect
76-
github.com/go-openapi/errors v0.22.0 // indirect
79+
github.com/go-openapi/errors v0.22.1 // indirect
7780
github.com/go-openapi/jsonpointer v0.21.0 // indirect
7881
github.com/go-openapi/jsonreference v0.21.0 // indirect
7982
github.com/go-openapi/loads v0.22.0 // indirect
8083
github.com/go-openapi/runtime v0.28.0 // indirect
8184
github.com/go-openapi/spec v0.21.0 // indirect
8285
github.com/go-openapi/strfmt v0.23.0 // indirect
83-
github.com/go-openapi/swag v0.23.0 // indirect
86+
github.com/go-openapi/swag v0.23.1 // indirect
8487
github.com/go-openapi/validate v0.24.0 // indirect
88+
github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
8589
github.com/gogo/protobuf v1.3.2 // indirect
8690
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
8791
github.com/golang/protobuf v1.5.4 // indirect
92+
github.com/google/certificate-transparency-go v1.3.1 // indirect
8893
github.com/google/s2a-go v0.1.9 // indirect
8994
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
9095
github.com/google/uuid v1.6.0 // indirect
91-
github.com/googleapis/enterprise-certificate-proxy v0.3.5 // indirect
96+
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
9297
github.com/googleapis/gax-go/v2 v2.14.1 // indirect
9398
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
9499
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect
@@ -114,6 +119,8 @@ require (
114119
github.com/hashicorp/terraform-svchost v0.1.1 // indirect
115120
github.com/hashicorp/yamux v0.1.1 // indirect
116121
github.com/huandu/xstrings v1.5.0 // indirect
122+
github.com/in-toto/attestation v1.1.1 // indirect
123+
github.com/in-toto/in-toto-golang v0.9.0 // indirect
117124
github.com/inconshreveable/mousetrap v1.1.0 // indirect
118125
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
119126
github.com/jedisct1/go-minisign v0.0.0-20241212093149-d2f9f49435c7 // indirect
@@ -141,30 +148,42 @@ require (
141148
github.com/oklog/ulid v1.3.1 // indirect
142149
github.com/opencontainers/go-digest v1.0.0 // indirect
143150
github.com/opencontainers/image-spec v1.1.0 // indirect
151+
github.com/opentracing/opentracing-go v1.2.0 // indirect
144152
github.com/package-url/packageurl-go v0.1.3 // indirect
153+
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
145154
github.com/pjbgf/sha1cd v0.3.2 // indirect
146155
github.com/pkg/errors v0.9.1 // indirect
147156
github.com/posener/complete v1.2.3 // indirect
148-
github.com/prometheus/client_golang v1.20.5 // indirect
157+
github.com/prometheus/client_golang v1.21.1 // indirect
149158
github.com/prometheus/client_model v0.6.1 // indirect
150159
github.com/prometheus/common v0.62.0 // indirect
151160
github.com/prometheus/procfs v0.15.1 // indirect
152161
github.com/psanford/memfs v0.0.0-20241019191636-4ef911798f9b // indirect
153162
github.com/rivo/uniseg v0.4.7 // indirect
163+
github.com/sagikazarmark/locafero v0.7.0 // indirect
154164
github.com/sassoftware/relic v7.2.1+incompatible // indirect
155165
github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect
156166
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
167+
github.com/shibumi/go-pathspec v1.3.0 // indirect
157168
github.com/shopspring/decimal v1.4.0 // indirect
158-
github.com/sigstore/protobuf-specs v0.4.0 // indirect
169+
github.com/sigstore/protobuf-specs v0.4.1 // indirect
159170
github.com/sigstore/rekor v1.3.9 // indirect
160-
github.com/sigstore/sigstore v1.8.15 // indirect
171+
github.com/sigstore/sigstore v1.9.1 // indirect
172+
github.com/sigstore/sigstore-go v0.7.1 // indirect
173+
github.com/sigstore/timestamp-authority v1.2.5 // indirect
161174
github.com/sirupsen/logrus v1.9.3 // indirect
162175
github.com/skeema/knownhosts v1.3.1 // indirect
163-
github.com/spf13/cast v1.7.0 // indirect
176+
github.com/sourcegraph/conc v0.3.0 // indirect
177+
github.com/spf13/afero v1.12.0 // indirect
178+
github.com/spf13/cast v1.7.1 // indirect
164179
github.com/spf13/cobra v1.9.1 // indirect
165180
github.com/spf13/pflag v1.0.6 // indirect
181+
github.com/spf13/viper v1.20.1 // indirect
182+
github.com/subosito/gotenv v1.6.0 // indirect
166183
github.com/theupdateframework/go-tuf v0.7.0 // indirect
184+
github.com/theupdateframework/go-tuf/v2 v2.0.2 // indirect
167185
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
186+
github.com/transparency-dev/merkle v0.0.2 // indirect
168187
github.com/vbatts/tar-split v0.12.1 // indirect
169188
github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
170189
github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
@@ -182,29 +201,29 @@ require (
182201
go.opentelemetry.io/otel v1.35.0 // indirect
183202
go.opentelemetry.io/otel/metric v1.35.0 // indirect
184203
go.opentelemetry.io/otel/trace v1.35.0 // indirect
185-
go.step.sm/crypto v0.59.1 // indirect
204+
go.step.sm/crypto v0.60.0 // indirect
186205
go.uber.org/multierr v1.11.0 // indirect
187206
go.uber.org/zap v1.27.0 // indirect
188207
golang.org/x/crypto v0.37.0 // indirect
189208
golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac // indirect
190-
golang.org/x/mod v0.23.0 // indirect
209+
golang.org/x/mod v0.24.0 // indirect
191210
golang.org/x/net v0.39.0 // indirect
192-
golang.org/x/oauth2 v0.28.0 // indirect
211+
golang.org/x/oauth2 v0.29.0 // indirect
193212
golang.org/x/sys v0.32.0 // indirect
194213
golang.org/x/term v0.31.0 // indirect
195214
golang.org/x/text v0.24.0 // indirect
196215
golang.org/x/time v0.11.0 // indirect
197216
golang.org/x/tools v0.30.0 // indirect
198-
google.golang.org/api v0.225.0 // indirect
217+
google.golang.org/api v0.227.0 // indirect
199218
google.golang.org/appengine v1.6.8 // indirect
200-
google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2 // indirect
201-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
219+
google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
220+
google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
202221
google.golang.org/grpc v1.71.0 // indirect
203-
google.golang.org/protobuf v1.36.5 // indirect
222+
google.golang.org/protobuf v1.36.6 // indirect
204223
gopkg.in/ini.v1 v1.67.0 // indirect
205224
gopkg.in/warnings.v0 v0.1.2 // indirect
206225
gopkg.in/yaml.v3 v3.0.1 // indirect
207226
k8s.io/klog/v2 v2.130.1 // indirect
208-
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
209-
sigs.k8s.io/release-utils v0.11.0 // indirect
227+
k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
228+
sigs.k8s.io/release-utils v0.11.1 // indirect
210229
)

0 commit comments

Comments
 (0)