search

sigstore / cosign-gatekeeper-provider

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Apache License 2.0
75 stars 23 forks source link

Bump github.com/sigstore/rekor from 1.0.1 to 1.2.2 #76

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 1 year ago

Bumps github.com/sigstore/rekor from 1.0.1 to 1.2.2.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.2.2

Changelog

  • 9c13e97 changelog for v1.2.2 (#1570)
  • aacc6ae fuzz: Add utility to create structured jar bytes (#1548)
  • beae36f build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#1567)
  • 67b37f1 build(deps): bump go.step.sm/crypto from 0.32.1 to 0.32.2 (#1568)
  • a1349da swap killswitch for 'docker-compose restart' (#1562)
  • a9f13f6 build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#1564)
  • 3c405d3 build(deps): bump golang from 8f958bf to 344193a (#1563)
  • 0ac9ff7 build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#1565)
  • c17612e chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml (#1558)
  • c2e3149 pass down error with message instead of nil (#1560)
  • ffdd884 build(deps): bump github.com/sigstore/sigstore from 1.7.0 to 1.7.1 (#1556)
  • 00010f2 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#1554)
  • b7427aa build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#1555)
  • 4aab392 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#1553)
  • ad4c9b5 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#1557)
  • 37d2923 build(deps): bump golang from 6b3fa4b to 8f958bf (#1551)
  • 4ad3681 build(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.1 (#1552)
  • 40ed74d build(deps): bump go.step.sm/crypto from 0.32.0 to 0.32.1 (#1550)
  • 1e6818c build(deps): bump gocloud.dev from 0.29.0 to 0.30.0 (#1549)
  • b036ef5 build(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.0 (#1545)
  • 32c71d5 build(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (#1547)
  • ab48775 build(deps): bump github.com/prometheus/client_golang (#1546)
  • 8dbd76a update sigstore/sigstore/pkg/signature/kms/aws to v1.7.0 (#1544)
  • 89d7540 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#1541)
  • a3924df build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#1543)
  • 193085f build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#1539)
  • a913d94 build(deps): bump github.com/sigstore/sigstore from 1.6.5 to 1.7.0 (#1542)
  • 5cc2078 build(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 (#1540)
  • 7889964 build(deps): bump golang from e7bb4d1 to 6b3fa4b (#1538)
  • 3e37426 build(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 (#1537)
  • adca94e build(deps): bump golang from 4b1fc02 to e7bb4d1 (#1536)
  • 2ae46bf build(deps): bump golang.org/x/crypto from 0.9.0 to 0.10.0 (#1535)
  • d13cc57 build(deps): bump go.step.sm/crypto from 0.31.2 to 0.32.0 (#1534)
  • 5c4b8ac bump golangci-lint version to v1.53.x (#1533)
  • 2ba7cc8 bump go-swagger to v0.30.5 (#1532)
  • 7ca40d0 build(deps): bump github.com/go-openapi/errors from 0.20.3 to 0.20.4 (#1529)
  • cabcc98 build(deps): bump github.com/go-openapi/swag from 0.22.3 to 0.22.4 (#1530)
  • 59ed3e3 build(deps): bump github/codeql-action from 2.3.6 to 2.13.4 (#1528)
  • c656213 build(deps): bump actions/checkout from 3.5.2 to 3.5.3 (#1527)
  • a2dbcab build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#1526)
  • f01f9cd update builder image to use go1.20.5 (#1524)
  • f763496 build(deps): bump golang from 1.20.4 to 1.20.5 (#1522)
  • 2b1bab9 build(deps): bump github.com/hashicorp/go-retryablehttp (#1523)
  • 9eb7ec6 build(deps): bump github.com/go-playground/validator/v10 (#1521)
  • 1d0520b build(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#1520)
  • d412f53 build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#1519)
  • 4c81ff2 build(deps): bump go.step.sm/crypto from 0.31.1 to 0.31.2 (#1518)
  • c4bd9c9 build(deps): bump github.com/sigstore/sigstore from 1.6.4 to 1.6.5 (#1516)

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.2.2

Quality Enhancements

  • swap killswitch for 'docker-compose restart' (#1562)
  • pass treeSize and rootHash to avoid trillian import (#1513)
  • Move github.com/sigstore/protobuf-specs users into a separate subpackage (#1511)

Bug Fixes

  • pass down error with message instead of nil (#1560)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Eng Zer Jun
  • Miloslav Trmač

v1.2.1

Bug Fixes

  • run go mod tidy in hack/tools (#1510)

Contributors

  • Bob Callaway

v1.2.0

Functional Enhancements

  • add client method to generate TLE struct (#1498)
  • add dsse type (#1487)
  • support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (#1488)
  • Add concurrency to backfill-redis (#1504)
  • omit informational message if machine-parseable output has been requested (#1486)
  • Publish stable checkpoint periodically to Redis (#1461)
  • Add intoto v0.0.2 to backfill script (#1500)
  • add new method to test insertability of proposed entries into log (#1410)

Quality Enhancements

  • use t.Skip() in fuzzers (#1506)
  • improve fuzzing coverage (#1499)
  • Remove watcher script (#1484)

Bug Fixes

  • Merge pull request from GHSA-frqx-jfcm-6jjr
  • Remove requirement of PayloadHash for intoto 0.0.1 (#1490)
  • fix lint errors, bump linter up to 1.52 (#1485)
  • Remove dependencies from pkg/util (#1469)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior

... (truncated)

Commits
  • 9c13e97 changelog for v1.2.2 (#1570)
  • aacc6ae fuzz: Add utility to create structured jar bytes (#1548)
  • beae36f build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#1567)
  • 67b37f1 build(deps): bump go.step.sm/crypto from 0.32.1 to 0.32.2 (#1568)
  • a1349da swap killswitch for 'docker-compose restart' (#1562)
  • a9f13f6 build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#1564)
  • 3c405d3 build(deps): bump golang from 8f958bf to 344193a (#1563)
  • 0ac9ff7 build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#1565)
  • c17612e chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml (#1558)
  • c2e3149 pass down error with message instead of nil (#1560)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 8 months ago

Superseded by #77.