Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 #3532

Merged
merged 1 commit into from
Feb 13, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 12, 2024

Bumps golang.org/x/oauth2 from 0.16.0 to 0.17.0.

Commits
  • ebe81ad go.mod: update golang.org/x dependencies
  • adffd94 google/internal/externalaccount: update serviceAccountImpersonationRE to supp...
  • deefa7e google/downscope: add DownscopingConfig.UniverseDomain to support TPC
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 12, 2024
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.16.0 to 0.17.0.
- [Commits](golang/oauth2@v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/golang.org/x/oauth2-0.17.0 branch from cd0d69c to 1b54830 Compare February 12, 2024 17:18
@cpanato cpanato merged commit b0a83b8 into main Feb 13, 2024
29 checks passed
@cpanato cpanato deleted the dependabot/go_modules/golang.org/x/oauth2-0.17.0 branch February 13, 2024 08:13
@github-actions github-actions bot added this to the v2.3.0 milestone Feb 13, 2024
nkreiger pushed a commit to fianulabs/cosign that referenced this pull request Mar 2, 2024
…#3532)

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.16.0 to 0.17.0.
- [Commits](golang/oauth2@v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>
nkreiger pushed a commit to fianulabs/cosign that referenced this pull request Mar 7, 2024
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

add tests

Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

add e2e test for pkcs11 token signing (sigstore#3495)

* added e2e test for pkcs11 token signing

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

add license

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

small fix

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

update shebang portable with cross platform

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

enable exit on error and xtrace mode

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

cleanup container

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

pkcs11 test with upcoming changes

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

run pkcs11 e2e test in a separate workflow

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

add pkcs11 test in separate workflow

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

* set shell to bash

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

* set shell options

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>

---------

Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump the actions group with 1 update (sigstore#3516)

Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).

Updates `sigstore/cosign-installer` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@9614fae...e1523de)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 (sigstore#3517)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.5 to 4.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@4fe8c5f...e0b68c6)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump go.step.sm/crypto from 0.42.1 to 0.43.0 (sigstore#3519)

Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump the gomod group with 1 update (sigstore#3518)

Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

Update codeql-analysis.yml (sigstore#3524)

Signed-off-by: Hayden B <hblauzvern@google.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

ErrNoSignaturesFound should be used when there is no signature attached to an image. (sigstore#3526)

* ErrNoSignaturesFound should be used when there is no signature attached to an image.

Signed-off-by: zhaoyonghe <yonghe.zhao@yahoo.com>

* Change error message.

Signed-off-by: zhaoyonghe <yonghe.zhao@yahoo.com>

* Add error type tests.

Signed-off-by: zhaoyonghe <yonghe.zhao@yahoo.com>

---------

Signed-off-by: zhaoyonghe <yonghe.zhao@yahoo.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

Make E2E tests hermetic (sigstore#3499)

* Set rekor URL for online and offline tests

Some tests were setting the REKOR_URL environment variable to try to
test offline verification. This variable is no longer read so it was not
doing anything. This change removes the variable and instead sets
RekorURL in the command to either the local rekor instance (so that the
public instance is not used) or to a bad url with Offline set to true so
that offline verification is truly tested.

This change also removes the COSIGN_EXPERIMENTAL variable which is no
longer used, and replaces os.Setenv with testing.Setenv which
localizes the environment setting to the scope of the test and removes
the need for a cleanup function.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>

* Fix cleanup in E2E script

Calling trap multiple times replaces the last signal handler rather than
appending to it. This change ensures that the most recent trap includes
all previous traps so that all cleanups are executed.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>

* Move verify tests from shell script to Go suite

Move the `cosign dockerfile verify` and `cosign manifest verify` tests
out of the shell script and into the e2e Go test suite file with all the
other tests. This makes them consistent to manage.

The initialization of fulcio roots in other tests pollutes the trust
root in the new tests, so a reset is added to the fulcioroots package
for testing only.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>

* Use local services for verify tests

Update TestDockerfileVerify and TestManifestVerify to sign ephemeral
images within the tests so that the signatures can be created with and
verified from the locally running Fulcio and Rekor instances instead of
verifying images with the public Rekor instance, so that the tests no
longer depend on external services.

The images are signed using --identity-token to avoid changing the
nature of the verification tests, which were originally written to be
keyless. A mock OIDC server is provisioned to provide the token and
enable verification.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>

* Set rekor env variable in Go test suite

Move the setting of SIGSTORE_REKOR_PUBLIC_KEY from the e2e shell script
to the Go test suite, so that only the tests that need it have it set
and the shell script is doing less setup. Also remove unnecessary
instances of os.RemoveAll for temporary directories that the Go testing
framework will automatically clean up.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>

---------

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

Correct help text of verify-attestation policy argument (sigstore#3527)

Signed-off-by: michaelvl <mvl.gh@network42.dk>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

Don't ignore transparency log in tests if possible (sigstore#3528)

Update the e2e tests to default to setting IgnoreTlog to false where
possible. In some cases, where the IgnoreTlog functionality is being
explicitly tested, continue to set it to true.

Since the transparency log isn't being ignored, the signing commands
need to upload it and need the rekor public key and URL in order to do
so.

Removes one redundant test.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump the gomod group with 1 update (sigstore#3530)

Bumps the gomod group with 1 update: cuelang.org/go.

Updates `cuelang.org/go` from 0.7.0 to 0.7.1

---
updated-dependencies:
- dependency-name: cuelang.org/go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 (sigstore#3531)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.18.0 to 0.19.0.
- [Commits](golang/crypto@v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (sigstore#3532)

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.16.0 to 0.17.0.
- [Commits](golang/oauth2@v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump the actions group with 3 updates (sigstore#3535)

Bumps the actions group with 3 updates: [google-github-actions/auth](https://github.com/google-github-actions/auth), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [mikefarah/yq](https://github.com/mikefarah/yq).

Updates `google-github-actions/auth` from 2.1.0 to 2.1.1
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/auth@5a50e58...a6e2e39)

Updates `actions/upload-artifact` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@26f96df...5d5d22a)

Updates `mikefarah/yq` from 4.40.5 to 4.40.7
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@dd64899...bb66c9c)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump github.com/google/go-containerregistry (sigstore#3521)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (sigstore#3536)

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@3a91952...3cfe3a4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump github.com/xanzy/go-gitlab from 0.96.0 to 0.97.0 (sigstore#3522)

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.96.0 to 0.97.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go)
- [Commits](xanzy/go-gitlab@v0.96.0...v0.97.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump google.golang.org/api from 0.160.0 to 0.164.0 (sigstore#3538)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.160.0 to 0.164.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.160.0...v0.164.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

use go1.21.7 as go-version in actions/setup-go (sigstore#3540)

* use go1.21 as go-version in actions/setup-go

Signed-off-by: Dmitry S <dsavints@gmail.com>

* e2e-tests.yml - remove unused GO_VERSION env var

Signed-off-by: Dmitry S <dsavints@gmail.com>

---------

Signed-off-by: Dmitry S <dsavints@gmail.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): update github/codeql-action requirement to 65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 (sigstore#3537)

* chore(deps): update github/codeql-action requirement to 65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9

Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action) to permit the latest version.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/commits/65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update scorecard-action.yml

Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

fix semgrep issues for dgryski.semgrep-go ruleset (sigstore#3541)

* fix semgrep issues dgryski.semgrep-go ruleset

Signed-off-by: Dmitry S <dsavints@gmail.com>

* golangci-lint: check error value of out.Write()

Signed-off-by: Dmitry S <dsavints@gmail.com>

---------

Signed-off-by: Dmitry S <dsavints@gmail.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump google.golang.org/api from 0.164.0 to 0.165.0 (sigstore#3545)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.164.0 to 0.165.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.164.0...v0.165.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump the actions group with 1 update (sigstore#3546)

Bumps the actions group with 1 update: [mikefarah/yq](https://github.com/mikefarah/yq).

Updates `mikefarah/yq` from 4.40.7 to 4.41.1
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@bb66c9c...0476945)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump the gomod group with 2 updates (sigstore#3543)

Bumps the gomod group with 2 updates: [github.com/sigstore/timestamp-authority](https://github.com/sigstore/timestamp-authority) and [go.step.sm/crypto](https://github.com/smallstep/crypto).

Updates `github.com/sigstore/timestamp-authority` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](sigstore/timestamp-authority@v1.2.1...v1.2.2)

Updates `go.step.sm/crypto` from 0.43.0 to 0.43.1
- [Release notes](https://github.com/smallstep/crypto/releases)
- [Commits](smallstep/crypto@v0.43.0...v0.43.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/timestamp-authority
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: go.step.sm/crypto
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

fix 'go vet -tags e2e ./...' (sigstore#3550)

* fix 'go vet -tags e2e ./...'

Signed-off-by: Dmitry S <dsavints@gmail.com>

* fix typo in 'concatenating'

Signed-off-by: Dmitry S <dsavints@gmail.com>

---------

Signed-off-by: Dmitry S <dsavints@gmail.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump github.com/xanzy/go-gitlab from 0.97.0 to 0.98.0 (sigstore#3556)

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.97.0 to 0.98.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go)
- [Commits](xanzy/go-gitlab@v0.97.0...v0.98.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 (sigstore#3557)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.165.0 to 0.167.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.165.0...v0.167.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

remove unused rootPool var (sigstore#3559)

Signed-off-by: Dmitry S <dsavints@gmail.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

Bump sigstore/sigstore to v1.8.2 (sigstore#3561)

Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

Correct help text of triangulate cmd (sigstore#3551)

Signed-off-by: michaelvl <mvl.gh@network42.dk>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump imranismail/setup-kustomize from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198 (sigstore#3554)

* chore(deps): bump imranismail/setup-kustomize

Bumps [imranismail/setup-kustomize](https://github.com/imranismail/setup-kustomize) from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198.
- [Release notes](https://github.com/imranismail/setup-kustomize/releases)
- [Commits](imranismail/setup-kustomize@a76db1c...f6959cf)

---
updated-dependencies:
- dependency-name: imranismail/setup-kustomize
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update kind-e2e-insecure-registry.yaml

Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump the actions group with 3 updates (sigstore#3564)

Bumps the actions group with 3 updates: [google-github-actions/auth](https://github.com/google-github-actions/auth), [mikefarah/yq](https://github.com/mikefarah/yq) and [codecov/codecov-action](https://github.com/codecov/codecov-action).

Updates `google-github-actions/auth` from 2.1.1 to 2.1.2
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/auth@a6e2e39...55bd3a7)

Updates `mikefarah/yq` from 4.41.1 to 4.42.1
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@0476945...9adde1a)

Updates `codecov/codecov-action` from 4.0.1 to 4.1.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@e0b68c6...54bcd87)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

add flag for fulcio auth flow and client creds

Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

chore(deps): bump the actions group with 1 update (sigstore#3516)

Bumps the actions group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).

Updates `sigstore/cosign-installer` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@9614fae...e1523de)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Update codeql-analysis.yml (sigstore#3524)

Signed-off-by: Hayden B <hblauzvern@google.com>

ErrNoSignaturesFound should be used when there is no signature attached to an image. (sigstore#3526)

* ErrNoSignaturesFound should be used when there is no signature attached to an image.

Signed-off-by: zhaoyonghe <yonghe.zhao@yahoo.com>

* Change error message.

Signed-off-by: zhaoyonghe <yonghe.zhao@yahoo.com>

* Add error type tests.

Signed-off-by: zhaoyonghe <yonghe.zhao@yahoo.com>

---------

Signed-off-by: zhaoyonghe <yonghe.zhao@yahoo.com>

Correct help text of verify-attestation policy argument (sigstore#3527)

Signed-off-by: michaelvl <mvl.gh@network42.dk>

Don't ignore transparency log in tests if possible (sigstore#3528)

Update the e2e tests to default to setting IgnoreTlog to false where
possible. In some cases, where the IgnoreTlog functionality is being
explicitly tested, continue to set it to true.

Since the transparency log isn't being ignored, the signing commands
need to upload it and need the rekor public key and URL in order to do
so.

Removes one redundant test.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>

chore(deps): bump the gomod group with 1 update (sigstore#3530)

Bumps the gomod group with 1 update: cuelang.org/go.

Updates `cuelang.org/go` from 0.7.0 to 0.7.1

---
updated-dependencies:
- dependency-name: cuelang.org/go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

chore(deps): bump github.com/google/go-containerregistry (sigstore#3521)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (sigstore#3536)

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@3a91952...3cfe3a4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

use go1.21.7 as go-version in actions/setup-go (sigstore#3540)

* use go1.21 as go-version in actions/setup-go

Signed-off-by: Dmitry S <dsavints@gmail.com>

* e2e-tests.yml - remove unused GO_VERSION env var

Signed-off-by: Dmitry S <dsavints@gmail.com>

---------

Signed-off-by: Dmitry S <dsavints@gmail.com>

chore(deps): update github/codeql-action requirement to 65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 (sigstore#3537)

* chore(deps): update github/codeql-action requirement to 65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9

Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action) to permit the latest version.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/commits/65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update scorecard-action.yml

Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

fix semgrep issues for dgryski.semgrep-go ruleset (sigstore#3541)

* fix semgrep issues dgryski.semgrep-go ruleset

Signed-off-by: Dmitry S <dsavints@gmail.com>

* golangci-lint: check error value of out.Write()

Signed-off-by: Dmitry S <dsavints@gmail.com>

---------

Signed-off-by: Dmitry S <dsavints@gmail.com>

fix 'go vet -tags e2e ./...' (sigstore#3550)

* fix 'go vet -tags e2e ./...'

Signed-off-by: Dmitry S <dsavints@gmail.com>

* fix typo in 'concatenating'

Signed-off-by: Dmitry S <dsavints@gmail.com>

---------

Signed-off-by: Dmitry S <dsavints@gmail.com>

chore(deps): bump github.com/xanzy/go-gitlab from 0.97.0 to 0.98.0 (sigstore#3556)

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.97.0 to 0.98.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go)
- [Commits](xanzy/go-gitlab@v0.97.0...v0.98.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

remove unused rootPool var (sigstore#3559)

Signed-off-by: Dmitry S <dsavints@gmail.com>

Bump sigstore/sigstore to v1.8.2 (sigstore#3561)

Correct help text of triangulate cmd (sigstore#3551)

Signed-off-by: michaelvl <mvl.gh@network42.dk>

chore(deps): bump imranismail/setup-kustomize from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198 (sigstore#3554)

* chore(deps): bump imranismail/setup-kustomize

Bumps [imranismail/setup-kustomize](https://github.com/imranismail/setup-kustomize) from a76db1c6419124d51470b1e388c4b29476f495f1 to f6959cf94216d4be0182d7c78b39f14d0c8bb198.
- [Release notes](https://github.com/imranismail/setup-kustomize/releases)
- [Commits](imranismail/setup-kustomize@a76db1c...f6959cf)

---
updated-dependencies:
- dependency-name: imranismail/setup-kustomize
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update kind-e2e-insecure-registry.yaml

Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

chore(deps): bump the actions group with 3 updates (sigstore#3564)

Bumps the actions group with 3 updates: [google-github-actions/auth](https://github.com/google-github-actions/auth), [mikefarah/yq](https://github.com/mikefarah/yq) and [codecov/codecov-action](https://github.com/codecov/codecov-action).

Updates `google-github-actions/auth` from 2.1.1 to 2.1.2
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/auth@a6e2e39...55bd3a7)

Updates `mikefarah/yq` from 4.41.1 to 4.42.1
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@0476945...9adde1a)

Updates `codecov/codecov-action` from 4.0.1 to 4.1.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@e0b68c6...54bcd87)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

re-add missing from rebase

Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>

add to doc

Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant