search

sigstore / rekor

Software Supply Chain Transparency Log
https://sigstore.dev
Apache License 2.0
904 stars 164 forks source link

Incorrect dependency version in v1.2.2 go.mod #2159

Closed airycanon closed 2 months ago

airycanon commented 5 months ago

Description

The package at https://github.com/sigstore/rekor/blob/v1.2.2/go.mod#L54 references a non-existent version. Please visit https://github.com/AdamKorcz/go-fuzz-headers-1/commit/e936619f9f18 using the commit e936619f9f18, which states: 

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Version

v1.2.2

haydentherapper commented 3 months ago

@AdamKorcz Can we switch to https://github.com/AdaLogics/go-fuzz-headers, will you be upstreaming the changes in your fork?

haydentherapper commented 2 months ago

Closing - newer versions should not have this issue.