search

chainguard-dev / terraform-provider-cosign

Terraform provider for Sigstore Cosign
https://registry.terraform.io/providers/chainguard-dev/cosign/latest
Mozilla Public License 2.0
8 stars 9 forks source link

Bump github.com/sigstore/policy-controller from 0.9.0 to 0.10.0 #192

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps github.com/sigstore/policy-controller from 0.9.0 to 0.10.0.

Changelog

Sourced from github.com/sigstore/policy-controller's changelog.

v0.1.0

Enhancements

  • Refactor entire policy validation into ValidatePolicy.
  • Set reinvocationPolicy to 'IfNeeded' for the tag resolver webhook
  • Add policy-tester CLI for testing ClusterImagePolicies
  • (tester) Validate CIP before using it.
  • (tester) call SetDefaults on cip before conversion
  • remove v1.21 k8s which is deprecated and add v1.24
  • chore: do not fail to verify signed images if the secret-name flag is not set

Bug fixes

  • Fix issue #38. Do not block status updates.
  • Avoid test race condition.
  • Fix sigstore/cosign#1653
  • Allow for @ symbol on globs to support image refs with digest
  • Validate globs at admission time.
  • fix: add missing conversion to CRD
  • fix: solve vuln from our opa version
  • Fix issue #24
  • Bump some vulnerable dependencies; base on distroless/static

Others

  • Bump mikefarah/yq from 4.25.3 to 4.26.1
  • Bump actions/dependency-review-action from 2.0.2 to 2.0.4
  • Bump google.golang.org/grpc from 1.47.0 to 1.48.0
  • Bump github/codeql-action from 2.1.15 to 2.1.16
  • Bump actions/cache from 3.0.4 to 3.0.5
  • Bump actions/setup-go from 3.2.0 to 3.2.1
  • update knative to use v1.5.0 release
  • update scafolding to use release v0.3.0
  • Bump github.com/aws/aws-sdk-go-v2 from 1.16.6 to 1.16.7
  • Bump sigstore/cosign-installer from 2.4.0 to 2.4.1
  • Bump github.com/aws/aws-sdk-go-v2 from 1.16.5 to 1.16.6
  • increase timeout for golangci-lint
  • Bump github.com/stretchr/testify from 1.7.5 to 1.8.0
  • Bump github/codeql-action from 2.1.14 to 2.1.15
  • Switch to direct returns
  • Bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0
  • Bump ossf/scorecard-action from 1.1.1 to 1.1.2
  • chore: skip secret not found
  • Bump github.com/stretchr/testify from 1.7.4 to 1.7.5
  • Bump mikefarah/yq from 4.25.2 to 4.25.3
  • Bump github/codeql-action from 2.1.13 to 2.1.14
  • Bump github.com/google/go-containerregistry from 0.9.0 to 0.10.0
  • Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
  • Bump github/codeql-action from 2.1.12 to 2.1.13

... (truncated)

Commits
  • a54d830 chore(deps): Bump github.com/aws/aws-sdk-go from 1.54.14 to 1.54.15 (#1534)
  • d2b2f9a chore(deps): Bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3 (#1533)
  • 876e5b9 chore(deps): Bump golang.org/x/net from 0.26.0 to 0.27.0 (#1531)
  • 01ff4c8 chore(deps): Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#1530)
  • 6932216 chore(deps): Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#1532)
  • 97ecc9f chore(deps): Bump github.com/sigstore/scaffolding from 0.7.1 to 0.7.3 (#1529)
  • ed93ab1 chore(deps): Bump github.com/aws/aws-sdk-go from 1.54.13 to 1.54.14 (#1528)
  • 83ba705 chore(deps): Bump github.com/aws/aws-sdk-go from 1.54.12 to 1.54.13 (#1527)
  • 518173e chore(deps): Bump github.com/aws/aws-sdk-go from 1.54.11 to 1.54.12 (#1526)
  • bfc49a6 chore(deps): Bump github.com/docker/docker (#1524)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 3 months ago

Looks like github.com/sigstore/policy-controller is up-to-date now, so this is no longer needed.