search

falcosecurity / falcoctl

Administrative tooling for Falco
Apache License 2.0
87 stars 59 forks source link

chore(deps): Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.1 #648

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.1.

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.4.1

Changelog

  • 9a4cfe1aae777984c07ce373d97a65428bbff734 update changelog for v2.4.1 (#3896)
  • 0bd0d91ff5532e6774c312d0d88d87b21b8ae267 chore(deps): bump actions/checkout in the actions group (#3893)
  • 66af64ef9515a05ef609b5c20e9c3f8254e5f562 chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#3895)
  • 677a262c3205c7bf8612f30b7b44bdf51bd68bac bump scaffolding release to v0.7.11 (#3887)
  • 77f71e0d7470e31ed4ed5653fe5a7c8e3b283606 Update README.md (#3886)
  • 43933130d2cae41d333e5148c54fc2fb7e77e712 Fix bug in attest-blob when using a timestamp authority with new bundles (#3877)
  • 081dea1918e9536c1fe233aa2596301381967b3b fix: documentation link for installation guide (#3884)
  • 780780b11e0998512c034317fd7e98776153e59d chore(deps): bump github.com/xanzy/go-gitlab from 0.108.0 to 0.109.0 (#3867)
  • dee0b23f97cf9cc48a0edf985301c64014c984e0 chore(deps): bump github.com/buildkite/agent/v3 from 3.79.0 to 3.81.0 (#3874)
  • 4ffbf5f681dc94cf3cb7b57aa95a97f6d8e0c72d update to use go1.22.7 and golangci-lint (#3864)
  • 4c35ffc40d58e09b89c24342024a0d15b2c756d5 chore(deps): bump github.com/sigstore/sigstore-go from 0.6.0 to 0.6.1 (#3863)
  • 081ad98a526de15a16ff2c0b2b25281e1eaeb05f use go1.22.6 to build cosign (#3862)
  • f90977c9f881cf6e0023391ea982440296c41979 chore(deps): bump github.com/open-policy-agent/opa from 0.67.1 to 0.68.0 (#3861)
  • c1e508521d73805569b86f245fa35e74c0f607f5 chore(deps): bump google.golang.org/api from 0.194.0 to 0.195.0 (#3860)
  • 42fd5f2161f7e0cfd2f0abd6adcc7aa9e8fdc571 chore(deps): bump github.com/mozillazg/docker-credential-acr-helper (#3859)
  • 4beb7f49ff2b0957804b6dafc87a06edfe7b416b chore(deps): bump github.com/buildkite/agent/v3 from 3.78.0 to 3.79.0 (#3858)
  • 247c9dcb8d7af3702deedde50f9b84ecfbde69db chore(deps): bump go.step.sm/crypto in the gomod group (#3857)
  • 842d3cc86c35198aa74fda496e003721f75ea482 chore(deps): bump actions/upload-artifact in the actions group (#3856)
  • 8defb0e72baa6c0385f4097723a3574e6d0406d0 chore(deps): bump google.golang.org/api from 0.192.0 to 0.194.0 (#3852)
  • fe71244d19c12561dc88cce662959ffcfff2d29a chore(deps): bump github.com/xanzy/go-gitlab from 0.107.0 to 0.108.0 (#3851)
  • 84e979df87efd744c97d051c8f64fc47a84645d9 chore(deps): bump the actions group across 1 directory with 3 updates (#3853)
  • 198b8e497292009deb5e657973a302954d061734 chore(deps): bump github.com/buildkite/agent/v3 from 3.77.0 to 3.78.0 (#3850)
  • 282070958f0b92bbf8d0547e3bb85e13ef32031e chore(deps): bump github.com/sigstore/fulcio in the gomod group (#3848)
  • d712844a0677cb07bfadbca6f8e937dd4f47ea63 add oss-fuzz build script, seeds and dictionaries (#3843)
  • 8a4f39046605e0072cda5da67a457fcb57b5e767 chore(deps): bump github.com/sigstore/fulcio from 1.5.1 to 1.6.2 (#3839)
  • be4cdc231b5264cb62b2f9d03354900165e04cae chore(deps): bump google.golang.org/api from 0.191.0 to 0.192.0 (#3837)
  • 30c1d0f53bf9d646fe5d97c98c69dd4c16fad986 chore(deps): bump github.com/sigstore/sigstore-go from 0.5.1 to 0.6.0 (#3840)
  • 9c0c81cba077a75dcdc137f735e4721cd0ad7538 fuzzing: add fuzzers for multiple packages (#3834)
  • 3694644fdcb3502770658f12167404f225695c15 chore(deps): bump the gomod group with 2 updates (#3824)
  • 182f64b3d7ce0be64bbbd74f31f287d409802020 chore(deps): bump github.com/buildkite/agent/v3 from 3.76.2 to 3.77.0 (#3828)
  • fa128457108cfb1c4f49f953fdf1818e34857003 chore(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#3825)
  • cddce0f1edc5c398ee63433b1e254b548b2c2782 chore(deps): bump google.golang.org/api from 0.190.0 to 0.191.0 (#3830)
  • e99c1a536e595ce72c236ed11dc1acaaa3dca395 chore(deps): bump github.com/docker/docker (#3823)
  • b23586d6390d6a48ba4789848fe6ad89710afb7f Add changelog for v2.4.0 (#3821)
  • cb338e9f788f7105f51ad153825ce2b5b39663d9 Add missing permission to push containers (#3822)

Thanks to all contributors!

v2.4.0 begins the modernization of the Cosign client, which includes:

  • Support for the newer Sigstore specification-compliant bundle format
  • Support for providing trust roots (e.g. Fulcio certificates, Rekor keys) through a trust root file, instead of many different flags
  • Conformance test suite integration to verify signing and verification behavior

In future updates, we'll include:

... (truncated)

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.4.1

v2.4.1 largely contains bug fixes and updates dependencies.

Features

  • Added fuzzing coverage to multiple packages

Bug Fixes

  • Fix bug in attest-blob when using a timestamp authority with new bundles (#3877)
  • fix: documentation link for installation guide (#3884)

Contributors

  • AdamKorcz
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Hayden B
  • Hemil K
  • Sota Sugiura
  • Zach Steindler

v2.4.0

v2.4.0 begins the modernization of the Cosign client, which includes:

  • Support for the newer Sigstore specification-compliant bundle format
  • Support for providing trust roots (e.g. Fulcio certificates, Rekor keys) through a trust root file, instead of many different flags
  • Conformance test suite integration to verify signing and verification behavior

In future updates, we'll include:

  • General support for the trust root file, instead of only when using the bundle format during verification
  • Simplification of trust root flags and deprecation of the Cosign-specific bundle format
  • Bundle support with container signing

We have also moved nightly Cosign container builds to GHCR instead of GCR.

Features

  • Add new bundle support to verify-blob and verify-blob-attestation (#3796)
  • Adding protobuf bundle support to sign-blob and attest-blob (#3752)
  • Bump sigstore/sigstore to support email_verified as string or boolean (#3819)
  • Conformance testing for cosign (#3806)
  • move incremental builds per commit to GHCR instead of GCR (#3808)
  • Add support for recording creation timestamp for cosign attest (#3797)
  • Include SCT verification failure details in error message (#3799)

... (truncated)

Commits
  • 9a4cfe1 update changelog for v2.4.1 (#3896)
  • 0bd0d91 chore(deps): bump actions/checkout in the actions group (#3893)
  • 66af64e chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#3895)
  • 677a262 bump scaffolding release to v0.7.11 (#3887)
  • 77f71e0 Update README.md (#3886)
  • 4393313 Fix bug in attest-blob when using a timestamp authority with new bundles (#3877)
  • 081dea1 fix: documentation link for installation guide (#3884)
  • 780780b chore(deps): bump github.com/xanzy/go-gitlab from 0.108.0 to 0.109.0 (#3867)
  • dee0b23 chore(deps): bump github.com/buildkite/agent/v3 from 3.79.0 to 3.81.0 (#3874)
  • 4ffbf5f update to use go1.22.7 and golangci-lint (#3864)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
poiana commented 1 month ago

LGTM label has been added.

Git tree hash: e6cf8338ed80e4851f1cb142d936f33d0bff93f7

poiana commented 1 month ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, dependabot[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/falcosecurity/falcoctl/blob/main/OWNERS)~~ [cpanato] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment