Intoto has deprecated the old Subject types in favor of a new library, and this is getting pulled in via recent cosign updates. This is going to be a significant refactor that we'll need to make to chains. This changes the behavior of the lint tool to only flag/block on new issues for now to give us time to work through this.
Error: SA1019: intoto.Subject is deprecated: This implementation of Subject exists for historical compatibility and should not be used. This implementation has been superseded by a ResourceDescriptor struct generated from the Protobuf definition in https://github.com/in-toto/attestation/tree/main/protos/in_toto_attestation/v1. To generate an ITE-6 v1 Statement subject, use the ResourceDescriptor Go APIs provided in https://github.com/in-toto/attestation/tree/main/go/v1. (staticcheck)
[ ] Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
[ ] Release notes contains the string "action required" if the change requires additional action from users switching to the new release
Needs approval from an approver in each of these files:
- ~~[OWNERS](https://github.com/tektoncd/chains/blob/main/OWNERS)~~ [lcarva]
Approvers can indicate their approval by writing `/approve` in a comment
Approvers can cancel approval by writing `/approve cancel` in a comment
Changes
Intoto has deprecated the old Subject types in favor of a new library, and this is getting pulled in via recent cosign updates. This is going to be a significant refactor that we'll need to make to chains. This changes the behavior of the lint tool to only flag/block on new issues for now to give us time to work through this.
https://github.com/tektoncd/chains/actions/runs/8707835742/job/23883780247?pr=1104
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
Release Notes