search

veraison / go-cose

go library for CBOR Object Signing and Encryption (COSE)
Mozilla Public License 2.0
49 stars 26 forks source link

Is go-cose `v1.2.0` mis-released? #152

Closed shizhMSFT closed 1 year ago

shizhMSFT commented 1 year ago

What is the areas you experience the issue in?

Go-COSE Library

What is not working as expected?

dependabot sents PRs for upgrading go-cose from v1.1.0 to v1.2.0. For instance: https://github.com/notaryproject/notation-go/pull/329

The godoc for v1.2.0 is available but there is no tag or release in this repo related to 1.2.0.

@setrofim @yogeshbdeshpande @qmuntal @thomas-fossati Is v1.2.0 mis-released? If so, we should retract the release, and the next release should be v1.3.0.

What did you expect to happen?

In go.mod, have an entry

retract (
    v1.2.0 // Published accidentally.
    v1.2.1 // Contains retractions only.
)

How can we reproduce it?

PS D:\Test\go> go get github.com/veraison/go-cose
go: downloading github.com/veraison/go-cose v1.2.0
go: added github.com/fxamacker/cbor/v2 v2.4.0
go: added github.com/veraison/go-cose v1.2.0
go: added github.com/x448/float16 v0.8.4

Describe your environment

All platforms

What is the version of your Go-COSE Library?

v1.2.0

shizhMSFT commented 1 year ago

@setrofim I've noticed that #153 was merged. Would you like to tag b67457d00c55749e9e03b832d9f497c92f838061 as v1.2.1?

shizhMSFT commented 1 year ago

Closing this issue as v1.2.0 has been successfully retracted.

image
orsenthil commented 4 months ago

Even the 1.2.1 is retracted https://pkg.go.dev/github.com/veraison/go-cose?tab=versions