Closed mtrmac closed 5 months ago
Note to self: Afterwards we should github.com/letsencrypt/boulder to avoid a dependency on no-longer-maintained gopkg.in/go-jose/go-jose.v2
. (We don’t call it though that path AFAIK, still, we include it.)
Cross-linking for visibility: https://github.com/containers/skopeo/pull/2297#issuecomment-2057502035 says we need an update to the Renovate config (affecting also repos using c/image).
(Marking as draft to make sure we have a decision the Renovate configuration first; I understand Renovate would immediately start failing otherwise.)
(cross-post / copy)
I don't believe it will fail, it will simply (and mostly silently) refuse to open any module update PRs which also require a bump of go 1.21.
LGTM
… primarily because some dependencies started to require it: if we ever needed to quickly update a dependency for a vulnerability fix, we might have to update to Go 1.21 on a short notice, or fork the dependency.
And then bump dependencies which we have been holding back:
github.com/sylabs/sif/v2
: https://github.com/containers/image/pull/2356github.com/sigstore/fulcio
: https://github.com/containers/image/pull/2320 https://github.com/containers/image/pull/2371github.com/sigstore/rekor
: https://github.com/containers/image/pull/2100 https://github.com/containers/image/pull/2139 https://github.com/containers/image/pull/2141 https://github.com/containers/image/pull/2169 https://github.com/containers/image/pull/2192 https://github.com/containers/image/pull/2208 https://github.com/containers/image/pull/2278 https://github.com/containers/image/pull/2292 https://github.com/containers/image/pull/2362github.com/docker/docker
: https://github.com/containers/image/pull/2353 (+ an update to 26.0.1)github.com/docker/cli
: https://github.com/containers/image/pull/2352 (+ an update to 26.0.1)Cc: @jnovy @lsm5 @cevich @TomSweeneyRedHat