[pull] main from sigstore:main #26
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Remove the need to fetch TUF keys when signing with a private key and attaching a non-Fulcio certificate to the artifact bundle. Verifiers will still need to check whether the certificate contains an SCT and have a policy for verifying it. Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
Bumps the actions group with 1 update: [chainguard-dev/actions](https://github.com/chainguard-dev/actions). Updates `chainguard-dev/actions` from 1.1.2 to 1.1.3 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Changelog](https://github.com/chainguard-dev/actions/blob/main/.goreleaser.yml) - [Commits](chainguard-dev/actions@5363dd9...fb25e25) --- updated-dependencies: - dependency-name: chainguard-dev/actions dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#4237) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.97.0 to 3.98.1. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.97.0...v3.98.1) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-version: 3.98.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.14.0 to 0.15.0. - [Commits](golang/sync@v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) from 0.128.0 to 0.129.0. - [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags) - [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.128.0...v0.129.0) --- updated-dependencies: - dependency-name: gitlab.com/gitlab-org/api/client-go dependency-version: 0.129.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.234.0 to 0.236.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.234.0...v0.236.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.236.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Should pick up the latest workflow for scanning for license issues. Signed-off-by: Hayden B <haydentherapper@users.noreply.github.com>
Use sigstore-go's TUF client to fetch the trusted_root.json from the TUF mirror, if available. Where possible, use sigstore-go's verifiers which natively accept the trusted root as its trusted material. Where there is no trusted root available in TUF or sigstore-go doesn't support a use case, fall back to the sigstore/sigstore TUF v1 client and the existing verifiers in cosign. Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.28.3 to 0.33.1. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.28.3...v0.33.1) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#4233) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.4.2 to 1.5.1. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.4.2...v1.5.1) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.5.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
One minor functional change, printing verification errors when verifying multiple signed timestamps. Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Clients using Rekor v2 need the name of the log server in order to create a checkpoint verifier, so it is useful to include it in the trust root. This change adds that functionality for all key material. Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
When deducing the Rekor log key ID, cosign universally assumes a Rekor v1 type checkpoint, which is not C2SP compliant. Rekor v2 is compliant for all different types of keys, which means the log ID must be calculated differently. This affects the `trusted-root create` tool which must generate the log ID from the public key. This change adds the ability for the trusted-root command to parse a ":" in the --rekor-key flag to indicate that the trusted material should be generated for a Rekor v2 log and that the origin string following the ":" should be used to calculate it. This is backwards compatible and will not affect Rekor v1 which needs no origin string. This addresses the issue strictly for this command so that trusted_root files can be created for Rekor v2 servers. A later change will make more general changes to the TUF client to ensure the trusted material is generated properly for the server it relates to. Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
This change adds documentation to the `no-upload` option of the `cosign attest` command to clarify that when the option is used, the produced attestation is written to STDOUT Signed-off-by: Travis Truman <trumant@gmail.com>
In 32a2d62 the ability to use TUF to read and refresh trusted_root.json was added. Prior, there was already a --trusted-root flag for verify* commands, to read trusted_root.json directly without using a TUF client. This did not exist for the sign* commands, which still need key material to verifyi the CT key. The workaround for the sign commands was to use the SIGSTORE_CT_LOG_PUBLIC_KEY_FILE environment variable, but when the TUF client was updated, this workaround regressed. This change makes it so that this flag will still work and that the machine's cached trusted root is not used if it's not intended to be used. The permanent fix going forward should be to add the --trusted-root flags to the sign* commands. Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
Bumps the actions group with 1 update: [chainguard-dev/actions](https://github.com/chainguard-dev/actions). Updates `chainguard-dev/actions` from 1.1.3 to 1.2.1 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Changelog](https://github.com/chainguard-dev/actions/blob/main/.goreleaser.yml) - [Commits](chainguard-dev/actions@fb25e25...939ece6) --- updated-dependencies: - dependency-name: chainguard-dev/actions dependency-version: 1.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) from 0.129.0 to 0.130.1. - [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags) - [Changelog](https://gitlab.com/gitlab-org/api/client-go/blob/main/CHANGELOG.md) - [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.129.0...v0.130.1) --- updated-dependencies: - dependency-name: gitlab.com/gitlab-org/api/client-go dependency-version: 0.130.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…4252) Bumps the gomod group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) | `3.98.1` | `3.98.2` | | [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) | `1.3.1` | `1.3.2` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.5` | `0.20.6` | | [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) | `0.4.2` | `0.4.3` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | Updates `github.com/buildkite/agent/v3` from 3.98.1 to 3.98.2 - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.98.1...v3.98.2) Updates `github.com/google/certificate-transparency-go` from 1.3.1 to 1.3.2 - [Release notes](https://github.com/google/certificate-transparency-go/releases) - [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md) - [Commits](google/certificate-transparency-go@v1.3.1...v1.3.2) Updates `github.com/google/go-containerregistry` from 0.20.5 to 0.20.6 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.20.5...v0.20.6) Updates `github.com/sigstore/protobuf-specs` from 0.4.2 to 0.4.3 - [Release notes](https://github.com/sigstore/protobuf-specs/releases) - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md) - [Commits](sigstore/protobuf-specs@v0.4.2...v0.4.3) Updates `github.com/sigstore/sigstore` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `golang.org/x/crypto` from 0.38.0 to 0.39.0 - [Commits](golang/crypto@v0.38.0...v0.39.0) Updates `google.golang.org/api` from 0.236.0 to 0.237.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.236.0...v0.237.0) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-version: 3.98.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/google/certificate-transparency-go dependency-version: 1.3.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/google/go-containerregistry dependency-version: 0.20.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/protobuf-specs dependency-version: 0.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: golang.org/x/crypto dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: google.golang.org/api dependency-version: 0.237.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Bumps the gomod group with 3 updates: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/client-go](https://github.com/kubernetes/client-go). Updates `k8s.io/api` from 0.33.1 to 0.33.2 - [Commits](kubernetes/api@v0.33.1...v0.33.2) Updates `k8s.io/apimachinery` from 0.33.1 to 0.33.2 - [Commits](kubernetes/apimachinery@v0.33.1...v0.33.2) Updates `k8s.io/client-go` from 0.33.1 to 0.33.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.33.1...v0.33.2) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.33.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: k8s.io/apimachinery dependency-version: 0.33.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: k8s.io/client-go dependency-version: 0.33.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* avoid double-loading trustedroot from file Signed-off-by: Dmitry Savintsev <dsavints@gmail.com> * remove duplicate check for nil co.TrustedMaterial Signed-off-by: Dmitry Savintsev <dsavints@gmail.com> --------- Signed-off-by: Dmitry Savintsev <dsavints@gmail.com>
#4269) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.5.1 to 1.6.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.5.1...v1.6.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.238.0 to 0.239.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.238.0...v0.239.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.239.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#4267) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.98.2 to 3.100.1. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.98.2...v3.100.1) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-version: 3.100.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions group with 1 update: [chainguard-dev/actions](https://github.com/chainguard-dev/actions). Updates `chainguard-dev/actions` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Changelog](https://github.com/chainguard-dev/actions/blob/main/.goreleaser.yml) - [Commits](chainguard-dev/actions@4f7ad4f...16e2fd6) --- updated-dependencies: - dependency-name: chainguard-dev/actions dependency-version: 1.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Add --ctfe-end-time and and --rekor-end-time to `cosign trusted-root create` to accompany the start time flags. This is necessary to declare a transparency log instance is being turned down and force clients to move to the newer instance. Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
…4276) Bumps the gomod group with 1 update: [github.com/sigstore/rekor-tiles](https://github.com/sigstore/rekor-tiles). Updates `github.com/sigstore/rekor-tiles` from 0.1.5 to 0.1.6 - [Release notes](https://github.com/sigstore/rekor-tiles/releases) - [Changelog](https://github.com/sigstore/rekor-tiles/blob/main/RELEASE.md) - [Commits](sigstore/rekor-tiles@v0.1.5...v0.1.6) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor-tiles dependency-version: 0.1.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….0 (#4275) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.100.1 to 3.101.0. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.100.1...v3.101.0) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-version: 3.101.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions group with 1 update: [chainguard-dev/actions](https://github.com/chainguard-dev/actions). Updates `chainguard-dev/actions` from 1.4.3 to 1.4.4 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Changelog](https://github.com/chainguard-dev/actions/blob/main/.goreleaser.yml) - [Commits](chainguard-dev/actions@16e2fd6...a643ade) --- updated-dependencies: - dependency-name: chainguard-dev/actions dependency-version: 1.4.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.239.0 to 0.240.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.239.0...v0.240.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-version: 0.240.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) from 0.130.1 to 0.134.0. - [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags) - [Changelog](https://gitlab.com/gitlab-org/api/client-go/blob/main/CHANGELOG.md) - [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.130.1...v0.134.0) --- updated-dependencies: - dependency-name: gitlab.com/gitlab-org/api/client-go dependency-version: 0.134.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* bump golangci-lint to v2.2.x Signed-off-by: Carlos Panato <ctadeu@gmail.com> * fix lints Signed-off-by: Carlos Panato <ctadeu@gmail.com> --------- Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Support was previously added to attach, sign, and verify to use the OCI 1.1 referrer's API for associated supply chain artifacts. This change adds the same support to cosign tree. Signed-off-by: Ralph Bean <rbean@redhat.com>
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.32.0 to 0.33.0. - [Commits](golang/term@v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions group with 2 updates: [chainguard-dev/actions](https://github.com/chainguard-dev/actions) and [mikefarah/yq](https://github.com/mikefarah/yq). Updates `chainguard-dev/actions` from 1.4.4 to 1.4.5 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Changelog](https://github.com/chainguard-dev/actions/blob/main/.goreleaser.yml) - [Commits](chainguard-dev/actions@a643ade...86e8917) Updates `mikefarah/yq` from 4.45.4 to 4.46.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@b534aa9...1187c95) --- updated-dependencies: - dependency-name: chainguard-dev/actions dependency-version: 1.4.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-version: 4.46.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )