@@ -3,37 +3,37 @@ module github.com/conforma/cli
33go 1.25.9
44
55require (
6- cuelang.org/go v0.16.0
6+ cuelang.org/go v0.16.1
77 github.com/CycloneDX/cyclonedx-go v0.10.0
88 github.com/MakeNowJust/heredoc v1.0.0
99 github.com/Maldris/go-billy-afero v0.0.0-20200815120323-e9d3de59c99a
1010 github.com/conforma/go-gather v1.0.2
1111 github.com/docker/docker v28.5.2+incompatible
12- github.com/enterprise-contract/enterprise-contract-controller/api v0.1.257
12+ github.com/enterprise-contract/enterprise-contract-controller/api v0.1.281
1313 github.com/evanphx/json-patch v5.9.11+incompatible
14- github.com/gkampitakis/go-snaps v0.5.19
15- github.com/go-git/go-git/v5 v5.17.1
14+ github.com/gkampitakis/go-snaps v0.5.22
15+ github.com/go-git/go-git/v5 v5.17.2
1616 github.com/go-logr/logr v1.4.3
17- github.com/go-openapi/strfmt v0.26.1
17+ github.com/go-openapi/strfmt v0.26.4
1818 github.com/google/go-cmp v0.7.0
19- github.com/google/go-containerregistry v0.21.5
19+ github.com/google/go-containerregistry v0.21.7
2020 github.com/google/safearchive v0.0.0-20241025131057-f7ce9d7b6f9c
2121 github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b
2222 github.com/in-toto/in-toto-golang v0.10.0
2323 github.com/jstemmer/go-junit-report/v2 v2.1.0
2424 github.com/konflux-ci/application-api v0.0.0-20240812090716-e7eb2ecfb409
2525 github.com/leanovate/gopter v0.2.11
26- github.com/mattn/go-isatty v0.0.20
26+ github.com/mattn/go-isatty v0.0.22
2727 github.com/mitchellh/go-wordwrap v1.0.1
2828 github.com/open-policy-agent/conftest v0.66.0
2929 github.com/open-policy-agent/opa v1.15.2
30- github.com/package-url/packageurl-go v0.1.3
30+ github.com/package-url/packageurl-go v0.1.6
3131 github.com/qri-io/jsonpointer v0.1.1
3232 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
33- github.com/secure-systems-lab/go-securesystemslib v0.10 .0
34- github.com/sigstore/cosign/v2 v2.4.1
33+ github.com/secure-systems-lab/go-securesystemslib v0.11 .0
34+ github.com/sigstore/cosign/v2 v2.4.3
3535 github.com/sigstore/rekor v1.5.0
36- github.com/sigstore/sigstore v1.10.5
36+ github.com/sigstore/sigstore v1.10.8
3737 github.com/sirupsen/logrus v1.9.4
3838 github.com/smarty/cproxy/v2 v2.1.1
3939 github.com/spdx/tools-golang v0.5.7
@@ -48,19 +48,19 @@ require (
4848 github.com/testcontainers/testcontainers-go/modules/registry v0.34.0
4949 golang.org/x/benchmarks v0.0.0-20241115175113-a2b48b605b42
5050 golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90
51- golang.org/x/net v0.53 .0
52- golang.org/x/sync v0.20 .0
53- k8s.io/apiextensions-apiserver v0.35.4
54- k8s.io/apimachinery v0.35.4
55- k8s.io/client-go v0.35.4
51+ golang.org/x/net v0.56 .0
52+ golang.org/x/sync v0.21 .0
53+ k8s.io/apiextensions-apiserver v0.35.6
54+ k8s.io/apimachinery v0.35.6
55+ k8s.io/client-go v0.35.6
5656 k8s.io/klog/v2 v2.130.1
5757 k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912
5858 oras.land/oras-go/v2 v2.6.0
5959 sigs.k8s.io/yaml v1.6.0
6060)
6161
6262// use forked version until we can get the fixes merged see https://github.com/conforma/go-containerregistry/blob/main/hack/ec-patches.sh for a list of patches we carry
63- replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20250703195040-6f40a3734728
63+ replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7
6464
6565// Force moby/go-archive to v0.1.0 for compatibility with docker/docker v28.5.2
6666// v0.2.0 removed archive.Compression type which docker still uses
@@ -76,7 +76,6 @@ require (
7676 cloud.google.com/go/monitoring v1.24.3 // indirect
7777 cloud.google.com/go/storage v1.61.3 // indirect
7878 dario.cat/mergo v1.0.2 // indirect
79- filippo.io/edwards25519 v1.1.0 // indirect
8079 github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.15.0 // indirect
8180 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
8281 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
@@ -191,7 +190,7 @@ require (
191190 github.com/felixge/httpsnoop v1.0.4 // indirect
192191 github.com/fsnotify/fsnotify v1.9.0 // indirect
193192 github.com/fxamacker/cbor/v2 v2.9.0 // indirect
194- github.com/gkampitakis/ciinfo v0.3.2 // indirect
193+ github.com/gkampitakis/ciinfo v0.3.4 // indirect
195194 github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 // indirect
196195 github.com/go-chi/chi/v5 v5.2.4 // indirect
197196 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
@@ -202,7 +201,7 @@ require (
202201 github.com/go-logr/stdr v1.2.2 // indirect
203202 github.com/go-ole/go-ole v1.2.6 // indirect
204203 github.com/go-openapi/analysis v0.24.3 // indirect
205- github.com/go-openapi/errors v0.22.7 // indirect
204+ github.com/go-openapi/errors v0.22.8 // indirect
206205 github.com/go-openapi/jsonpointer v0.22.5 // indirect
207206 github.com/go-openapi/jsonreference v0.21.5 // indirect
208207 github.com/go-openapi/loads v0.23.3 // indirect
@@ -221,10 +220,11 @@ require (
221220 github.com/go-openapi/swag/typeutils v0.25.5 // indirect
222221 github.com/go-openapi/swag/yamlutils v0.25.5 // indirect
223222 github.com/go-openapi/validate v0.25.2 // indirect
223+ github.com/go-piv/piv-go/v2 v2.4.0 // indirect
224224 github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
225225 github.com/gobwas/glob v0.2.3 // indirect
226226 github.com/goccy/go-json v0.10.5 // indirect
227- github.com/goccy/go-yaml v1.18.0 // indirect
227+ github.com/goccy/go-yaml v1.19.2 // indirect
228228 github.com/gogo/protobuf v1.3.2 // indirect
229229 github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
230230 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
@@ -272,7 +272,7 @@ require (
272272 github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
273273 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
274274 github.com/magiconair/properties v1.8.10 // indirect
275- github.com/maruel/natural v1.1.1 // indirect
275+ github.com/maruel/natural v1.3.0 // indirect
276276 github.com/mattn/go-colorable v0.1.14 // indirect
277277 github.com/mattn/go-runewidth v0.0.19 // indirect
278278 github.com/miekg/dns v1.1.61 // indirect
@@ -327,9 +327,12 @@ require (
327327 github.com/shirou/gopsutil/v3 v3.23.12 // indirect
328328 github.com/shoenig/go-m1cpu v0.1.6 // indirect
329329 github.com/shteou/go-ignore v0.3.1 // indirect
330- github.com/sigstore/fulcio v1.6.3 // indirect
330+ github.com/sigstore/fulcio v1.6.6 // indirect
331331 github.com/sigstore/protobuf-specs v0.5.0 // indirect
332- github.com/sigstore/timestamp-authority v1.2.2 // indirect
332+ github.com/sigstore/rekor-tiles/v2 v2.0.1 // indirect
333+ github.com/sigstore/sigstore-go v1.1.4 // indirect
334+ github.com/sigstore/timestamp-authority v1.2.9 // indirect
335+ github.com/sigstore/timestamp-authority/v2 v2.0.3 // indirect
333336 github.com/skeema/knownhosts v1.3.1 // indirect
334337 github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
335338 github.com/spf13/cast v1.10.0 // indirect
@@ -340,7 +343,8 @@ require (
340343 github.com/tchap/go-patricia/v2 v2.3.3 // indirect
341344 github.com/thales-e-security/pool v0.0.2 // indirect
342345 github.com/theupdateframework/go-tuf v0.7.0 // indirect
343- github.com/tidwall/gjson v1.18.0 // indirect
346+ github.com/theupdateframework/go-tuf/v2 v2.4.1 // indirect
347+ github.com/tidwall/gjson v1.19.0 // indirect
344348 github.com/tidwall/match v1.1.1 // indirect
345349 github.com/tidwall/pretty v1.2.1 // indirect
346350 github.com/tidwall/sjson v1.2.5 // indirect
@@ -349,19 +353,21 @@ require (
349353 github.com/tklauser/numcpus v0.6.1 // indirect
350354 github.com/tmccombs/hcl2json v0.6.7 // indirect
351355 github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0 // indirect
356+ github.com/transparency-dev/formats v0.0.0-20251017110053-404c0d5b696c // indirect
352357 github.com/transparency-dev/merkle v0.0.2 // indirect
353358 github.com/ulikunitz/xz v0.5.15 // indirect
354359 github.com/valyala/fastjson v1.6.7 // indirect
355360 github.com/vbatts/tar-split v0.12.2 // indirect
356361 github.com/vektah/gqlparser/v2 v2.5.32 // indirect
357362 github.com/x448/float16 v0.8.4 // indirect
358- github.com/xanzy/go-gitlab v0.109.0 // indirect
359363 github.com/xanzy/ssh-agent v0.3.3 // indirect
360364 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
361365 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
362366 github.com/yashtewari/glob-intersection v0.2.0 // indirect
367+ github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
363368 github.com/yusufpapurcu/wmi v1.2.3 // indirect
364369 github.com/zclconf/go-cty v1.16.2 // indirect
370+ gitlab.com/gitlab-org/api/client-go v0.123.0 // indirect
365371 go.opentelemetry.io/auto/sdk v1.2.1 // indirect
366372 go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect
367373 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect
@@ -379,20 +385,19 @@ require (
379385 go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect
380386 go.opentelemetry.io/otel/trace v1.43.0 // indirect
381387 go.opentelemetry.io/proto/otlp v1.10.0 // indirect
382- go.step.sm/crypto v0.74.0 // indirect
383388 go.uber.org/automaxprocs v1.6.0 // indirect
384389 go.uber.org/multierr v1.11.0 // indirect
385390 go.uber.org/zap v1.28.0 // indirect
386391 go.yaml.in/yaml/v2 v2.4.3 // indirect
387392 go.yaml.in/yaml/v3 v3.0.4 // indirect
388- golang.org/x/crypto v0.50 .0 // indirect
389- golang.org/x/mod v0.35 .0 // indirect
393+ golang.org/x/crypto v0.53 .0 // indirect
394+ golang.org/x/mod v0.36 .0 // indirect
390395 golang.org/x/oauth2 v0.36.0 // indirect
391- golang.org/x/sys v0.43 .0 // indirect
392- golang.org/x/term v0.42 .0 // indirect
393- golang.org/x/text v0.36 .0 // indirect
396+ golang.org/x/sys v0.46 .0 // indirect
397+ golang.org/x/term v0.44 .0 // indirect
398+ golang.org/x/text v0.38 .0 // indirect
394399 golang.org/x/time v0.15.0 // indirect
395- golang.org/x/tools v0.44 .0 // indirect
400+ golang.org/x/tools v0.45 .0 // indirect
396401 gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
397402 google.golang.org/api v0.271.0 // indirect
398403 google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 // indirect
@@ -405,7 +410,7 @@ require (
405410 gopkg.in/ini.v1 v1.67.1 // indirect
406411 gopkg.in/warnings.v0 v0.1.2 // indirect
407412 gopkg.in/yaml.v3 v3.0.1 // indirect
408- k8s.io/api v0.35.4 // indirect
413+ k8s.io/api v0.35.6 // indirect
409414 k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
410415 knative.dev/pkg v0.0.0-20260318013857-98d5a706d4fd // indirect
411416 olympos.io/encoding/edn v0.0.0-20201019073823-d3554ca0b0a3 // indirect
0 commit comments