Bump github.com/buildkite/go-pipeline from 0.3.1 to 0.13.0

[dependabot[bot]]

Bumps github.com/buildkite/go-pipeline from 0.3.1 to 0.13.0.

Release notes

Sourced from github.com/buildkite/go-pipeline's releases.

v0.13.0

Added

• Add support for crypto.Signer when signing and verifying signatures by @​wolfeidau in buildkite/go-pipeline#48

Full Changelog: https://github.com/buildkite/go-pipeline/compare/v0.12.0...v0.13.0

v0.12.0

Changed

• Add a checksum of to the payload debugging to detect binary differences by @​wolfeidau in buildkite/go-pipeline#47

New Contributors

• @​wolfeidau made their first contribution in buildkite/go-pipeline#47

Full Changelog: https://github.com/buildkite/go-pipeline/compare/v0.11.0...v0.12.0

v0.11.0

Fixed

• Canonicalise empty env/plugins/matrix to nil for sign/verify by @​DrJosh9000 in buildkite/go-pipeline#45

Internal

• Bump github.com/lestrrat-go/jwx/v2 from 2.1.0 to 2.1.1 by @​dependabot in buildkite/go-pipeline#44
• Bump github.com/buildkite/interpolate from 0.1.2 to 0.1.3 by @​dependabot in buildkite/go-pipeline#43

Full Changelog: https://github.com/buildkite/go-pipeline/compare/v0.10.0...v0.11.0

v0.10.0

v0.10.0 (2024-06-25)

Full Changelog

⚠️ This release has some breaking changes to the signature subpackage.

All the following functions now take as their first param a context.Context, as well as the following changes.

The signature of signature.Sign function has changed to no longer take env map[string]string but instead use signature.WithEnv(env) as an option.

-func Sign(key jwk.Key, env map[string]string, sf SignedFielder) (*pipeline.Signature, error)
+func Sign(_ context.Context, key jwk.Key, sf SignedFielder, opts ...Option) (*pipeline.Signature, error)

The signature of signature.Verify function has also changed to take signature.WithEnv(env) as an option instead of env map[string]string.

-func Verify(s *pipeline.Signature, keySet jwk.Set, env map[string]string, sf SignedFielder)
+func Verify(ctx context.Context, s *pipeline.Signature, keySet jwk.Set, sf SignedFielder, opts ...Option) error

The signature of signature.SignSteps function has also changed to take signature.WithEnv(env) as an option instead of env map[string]string.

-func SignSteps(s pipeline.Steps, key jwk.Key, env map[string]string, repoURL string)
</tr></table> 

... (truncated)

Commits

• 09eb8d4 Merge pull request #48 from buildkite/feat_support_crypto_signer
• 8c91c9c Handle all the errors when loading keys in the test
• 01baf75 Addressed feedback on hex printing and mock -> test signer
• 6880862 Added a test for the crypto signer with an ECDSA key pair
• 0971b8e Updated the comments for the sign and verify methods to add key types
• 8efb3c6 Add support for crypto.Signer when signing and verifying signatures
• 176ba77 Merge pull request #47 from buildkite/fix_payload_checksum
• d4d8372 Add a checksum of to the payload debugging to detect binary differences
• 3d59172 Merge pull request #43 from buildkite/dependabot/go_modules/github.com/buildk...
• bc8d0e2 Merge pull request #44 from buildkite/dependabot/go_modules/github.com/lestrr...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #455.