dependabot[bot]
dbac7405c7
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.28.0 to 1.28.1 ( #213 )
...
Bumps
[github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 )
from 1.28.0 to 1.28.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6b53348f84784d2d39b07258bd236cf322198c04b65b80a89bhttps://redirect.github.com/aws/aws-sdk-go-v2/issues/2852 ">#2852</a>
from RanVaknin/signature-header-parsing-fix</li>
<li><a
href="803614d34fb12c8cf885f0caa97e86e05890387ehttps://redirect.github.com/aws/aws-sdk-go-v2/issues/2851 ">#2851</a>)</li>
<li><a
href="896793a682https://github.com/aws/aws-sdk-go-v2/compare/v1.28.0...config/v1.28.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-04 08:33:57 +00:00
dependabot[bot]
868e44228e
feat(deps): bump github.com/containerd/containerd/v2 from 2.0.0-rc.5 to 2.0.0-rc.6 ( #212 )
...
Bumps
[github.com/containerd/containerd/v2](https://github.com/containerd/containerd )
from 2.0.0-rc.5 to 2.0.0-rc.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/containerd/containerd/releases ">github.com/containerd/containerd/v2's
releases</a>.</em></p>
<blockquote>
<h2>containerd 2.0.0-rc.6</h2>
<p>Welcome to the v2.0.0-rc.6 release of containerd!
<em>This is a pre-release of containerd</em></p>
<p>The first major release of containerd 2.x focuses on the continued
stability of
containerd's core feature set with an easy upgrade from containerd 1.x.
This
release includes the stabilization of new features added in the last 1.x
release
as well as the removal of features which were deprecated in 1.x. The
goal is to
support the vast community of containerd users well into the future
along with
their ever increasing deployment footprints and variety of use
cases.</p>
<h3>Highlights</h3>
<ul>
<li>Allow sections of Plugins to be merged, and not overwritten as
entire sections. (<a
href="https://redirect.github.com/containerd/containerd/pull/9982 ">#9982</a>)</li>
<li>Add Update API for sandbox controller (<a
href="https://redirect.github.com/containerd/containerd/pull/9903 ">#9903</a>)</li>
<li>Configure otel from env instead of config.toml (<a
href="https://redirect.github.com/containerd/containerd/pull/8970 ">#8970</a>)</li>
<li>Enable NRI by default (<a
href="https://redirect.github.com/containerd/containerd/pull/9744 ">#9744</a>)</li>
<li>Add PluginInfo to introspection API (<a
href="https://redirect.github.com/containerd/containerd/pull/9442 ">#9442</a>)</li>
<li>Remove overlayfs volatile option on temp mounts (<a
href="https://redirect.github.com/containerd/containerd/pull/9555 ">#9555</a>)</li>
<li>Expose usage of deprecated features (<a
href="https://redirect.github.com/containerd/containerd/pull/9258 ">#9258</a>)</li>
<li>Use Intel ISA-L's igzip if available (<a
href="https://redirect.github.com/containerd/containerd/pull/9200 ">#9200</a>)</li>
<li>Introduce top level config migration (<a
href="https://redirect.github.com/containerd/containerd/pull/9223 ">#9223</a>)</li>
<li>Add image delete target (<a
href="https://redirect.github.com/containerd/containerd/pull/8989 ">#8989</a>)</li>
<li>Remove <code>LimitNOFILE</code> from <code>containerd.service</code>
(<a
href="https://redirect.github.com/containerd/containerd/pull/8924 ">#8924</a>)</li>
<li>Add support for image expiration during garbage collection (<a
href="https://redirect.github.com/containerd/containerd/pull/9022 ">#9022</a>)</li>
<li>Reduce the contention between ref lock and boltdb lock in content
store (<a
href="https://redirect.github.com/containerd/containerd/pull/8792 ">#8792</a>)</li>
<li>Remove "containerd.io/restart.logpath" label (<a
href="https://redirect.github.com/containerd/containerd/pull/8264 ">#8264</a>)</li>
<li>Remove <code>aufs</code> snapshotter (<a
href="https://redirect.github.com/containerd/containerd/pull/8263 ">#8263</a>)</li>
<li>Fix deadlock during NRI plugin registration (<a
href="https://redirect.github.com/containerd/nri/pull/79 ">containerd/nri#79</a>)</li>
<li>Fix deadlock when writing to pipe blocks (<a
href="https://redirect.github.com/containerd/ttrpc/pull/168 ">containerd/ttrpc#168</a>)</li>
</ul>
<h4>Build and Release Toolchain</h4>
<ul>
<li>Generate attestation for artifacts during release (<a
href="https://redirect.github.com/containerd/containerd/pull/10543 ">#10543</a>)</li>
<li>Remove <code>cri-containerd-*.tar.gz</code> release bundles (<a
href="https://redirect.github.com/containerd/containerd/pull/9096 ">#9096</a>)</li>
</ul>
<h4>Container Runtime Interface (CRI)</h4>
<ul>
<li>Use 'UserSpecifiedImage' from CRI to set the image-name annotation
(<a
href="https://redirect.github.com/containerd/containerd/pull/10747 ">#10747</a>)</li>
<li>Fine-grained SupplementalGroups control (<a
href="https://redirect.github.com/containerd/containerd/pull/9737 ">#9737</a>)</li>
<li>Add support to set loopback to up (<a
href="https://redirect.github.com/containerd/containerd/pull/10238 ">#10238</a>)</li>
<li>Add support for multiple subscribers to CRI container events (<a
href="https://redirect.github.com/containerd/containerd/pull/9661 ">#9661</a>)</li>
<li>Enable CDI by default (<a
href="https://redirect.github.com/containerd/containerd/pull/9621 ">#9621</a>)</li>
<li>Remove non-sandboxed CRI implementation (<a
href="https://redirect.github.com/containerd/containerd/pull/9228 ">#9228</a>)</li>
<li>Add support for userns in stateless and stateful pods with idmap
mounts (KEP-127, k8s >= 1.27) (<a
href="https://redirect.github.com/containerd/containerd/pull/8287 ">#8287</a>)</li>
<li>Use sandboxed CRI by default (<a
href="https://redirect.github.com/containerd/containerd/pull/8994 ">#8994</a>)</li>
<li>Implement RuntimeConfig CRI call (<a
href="https://redirect.github.com/containerd/containerd/pull/8722 ">#8722</a>)</li>
<li>Add support for user namespaces (KEP-127) (<a
href="https://redirect.github.com/containerd/containerd/pull/8803 ">#8803</a>)</li>
<li>Remove CRI v1alpha2 (<a
href="https://redirect.github.com/containerd/containerd/pull/8276 ">#8276</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b70cce2085https://redirect.github.com/containerd/containerd/issues/10887 ">#10887</a>
from dmcgowan/prepare-v2.0.0-rc.6</li>
<li><a
href="5c65a3d7b09aa637b22d574f0daa3ehttps://redirect.github.com/containerd/containerd/issues/10884 ">#10884</a>
from samuelkarp/nri-0.7.0</li>
<li><a
href="4b9d6c0144651757761fhttps://redirect.github.com/containerd/containerd/issues/10864 ">#10864</a>
from djdongjin/dedup-cri-util</li>
<li><a
href="deccefc8cfhttps://redirect.github.com/containerd/containerd/issues/9982 ">#9982</a>
from rayburgemeestre/merge-toml-configurations-for-p...</li>
<li><a
href="e370f0e31chttps://redirect.github.com/containerd/containerd/issues/10882 ">#10882</a>
from samuelkarp/containerd-2.0-guide</li>
<li><a
href="bc819bc97a18654db80ahttps://redirect.github.com/containerd/containerd/issues/10881 ">#10881</a>
from samuelkarp/containerd-2.0-guide</li>
<li>Additional commits viewable in <a
href="https://github.com/containerd/containerd/compare/v2.0.0-rc.5...v2.0.0-rc.6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-24 09:05:49 +00:00
dependabot[bot]
31d303ff9c
feat(deps): bump google.golang.org/api from 0.202.0 to 0.203.0 ( #211 )
...
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client )
from 0.202.0 to 0.203.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases ">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.203.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.202.0...v0.203.0 ">0.203.0</a>
(2024-10-23)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2834 ">#2834</a>)
(<a
href="c77b5f4cd2https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md ">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.202.0...v0.203.0 ">0.203.0</a>
(2024-10-23)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2834 ">#2834</a>)
(<a
href="c77b5f4cd25ca1495a58https://redirect.github.com/googleapis/google-api-go-client/issues/2835 ">#2835</a>)</li>
<li><a
href="71d3f5c68ehttps://redirect.github.com/googleapis/google-api-go-client/issues/2836 ">#2836</a>)</li>
<li><a
href="c77b5f4cd2https://redirect.github.com/googleapis/google-api-go-client/issues/2834 ">#2834</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.202.0...v0.203.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-24 10:03:31 +01:00
dependabot[bot]
b0d6219e34
feat(deps): bump google.golang.org/api from 0.201.0 to 0.202.0 ( #210 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.201.0 to 0.202.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.201.0...v0.202.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-23 13:37:33 +01:00
Jonny Stoten
b4a9283ec3
Update go git ( #209 )
2024-10-22 15:31:55 +01:00
Jonny Stoten
ca97a23d07
Skip DCO requirement for org members ( #208 )
...
Signed-off-by: Jonny Stoten <jonny.stoten@docker.com >
2024-10-22 14:41:44 +01:00
Jonny Stoten
a078fba81d
feat: add internal reproducible git checksum builtin ( #203 )
...
Adds a new rego builtin `attest.internals.reproducible_git_checksum`.
This is needed for verifying DOI provenance, see
https://github.com/docker/doi-image-policy/blob/main/slsa.md#doi-build-reproducible-git-checksum .
We use https://github.com/go-git/go-git for as much of this as possible,
but it doesn't support the actual archive operation, so we shell out to
`git` for that.
There is some similar unexported code in bashbrew, and we should
probably be using the same code in the build process as we are here.
I'll create a follow-up ticket to sort that out.
2024-10-22 14:30:27 +01:00
Joel Kamp
3cf2d929f7
Merge pull request #206 from docker/feat-add-code-of-conduct
...
feat: add code of conduct
2024-10-21 10:09:26 -05:00
mrjoelkamp
c7b2ebefac
feat: add code of conduct
...
Signed-off-by: mrjoelkamp <joel.kamp@docker.com >
2024-10-21 10:00:36 -05:00
Joel Kamp
85cf56de49
Merge pull request #205 from docker/feat-add-pr-issue-templates
...
feat: add pr and issue templates
2024-10-18 10:00:53 -05:00
mrjoelkamp
f426fa367c
feat: add pr and issue templates
2024-10-18 09:55:27 -05:00
Joel Kamp
c7c3d23717
Merge pull request #204 from docker/chore-apply-license
...
chore: apply license headers
2024-10-18 09:45:31 -05:00
mrjoelkamp
01a6a2ab7d
refactor: remove copyright year; add newline
2024-10-18 09:25:31 -05:00
mrjoelkamp
6fd73fe45d
chore: add notice
2024-10-17 14:08:33 -05:00
mrjoelkamp
0215b620cd
chore: apply license headers
2024-10-17 13:43:30 -05:00
Joel Kamp
79bbc9b55b
Merge pull request #198 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/aws-1.8.10
...
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.9 to 1.8.10
2024-10-17 08:31:45 -05:00
Joel Kamp
47669993c6
Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/aws-1.8.10
2024-10-17 08:25:14 -05:00
Joel Kamp
7414fb7339
Merge pull request #199 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/gcp-1.8.10
...
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.9 to 1.8.10
2024-10-17 08:24:47 -05:00
dependabot[bot]
0e1005d0f7
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore ) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-17 13:18:42 +00:00
dependabot[bot]
94f69c75d2
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore ) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-17 13:18:39 +00:00
Joel Kamp
b2e8166079
Merge pull request #200 from docker/dependabot/go_modules/github.com/sigstore/sigstore-1.8.10
...
feat(deps): bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10
2024-10-17 08:16:22 -05:00
Joel Kamp
8c4ee60f50
Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10
2024-10-17 08:12:39 -05:00
mrjoelkamp
9b6234f0ae
chore: go mod tidy
2024-10-17 08:12:10 -05:00
Joel Kamp
17b0978b44
Merge pull request #201 from docker/feat--add-verifier-version-to-vsa
...
feat: add verifier version to vsa
2024-10-17 08:09:17 -05:00
Joel Kamp
7ff20a9328
Merge branch 'main' into feat--add-verifier-version-to-vsa
2024-10-17 08:03:47 -05:00
James Carnegie
273b61ebd6
Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10
2024-10-17 09:36:58 +01:00
dependabot[bot]
eda0b23910
feat(deps): bump github.com/aws/aws-sdk-go-v2/config ( #202 )
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.43 to 1.28.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.43...v1.28.0 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-17 09:36:43 +01:00
mrjoelkamp
4a82bb9981
feat: add version checker test
2024-10-16 15:18:34 -05:00
mrjoelkamp
84c0b116a7
feat: add verifier version to vsa
2024-10-16 12:01:31 -05:00
James Carnegie
16f65fefeb
Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10
2024-10-16 10:13:44 +01:00
dependabot[bot]
e39a4ea9f3
feat(deps): bump google.golang.org/api from 0.200.0 to 0.201.0 ( #197 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.200.0 to 0.201.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.200.0...v0.201.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-16 10:13:11 +01:00
dependabot[bot]
2e4f8f79bd
feat(deps): bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10
...
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore ) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-16 09:03:50 +00:00
James Carnegie
da667de610
feat: support arbitrary rego input parameters ( #196 )
...
* feat: support arbitrary rego input parameters
2024-10-15 16:07:26 +01:00
Joel Kamp
7027d2d054
Merge pull request #188 from docker/dependabot/go_modules/github.com/sigstore/cosign/v2-2.4.1
...
feat(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1
2024-10-15 09:37:02 -05:00
mrjoelkamp
163c1828e3
chore: go mod tidy
2024-10-15 09:28:32 -05:00
dependabot[bot]
168a574c15
feat(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1
...
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/sigstore/cosign/releases )
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/cosign/compare/v2.4.0...v2.4.1 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-15 14:27:14 +00:00
Joel Kamp
ad2f8befa2
Merge pull request #195 from docker/dependabot/go_modules/google.golang.org/api-0.200.0
...
feat(deps): bump google.golang.org/api from 0.199.0 to 0.200.0
2024-10-15 08:53:56 -05:00
dependabot[bot]
8460357880
feat(deps): bump google.golang.org/api from 0.199.0 to 0.200.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.199.0 to 0.200.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.199.0...v0.200.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-15 13:44:46 +00:00
Joel Kamp
994240018e
Merge pull request #187 from docker/dependabot/go_modules/github.com/containerd/containerd/v2-2.0.0-rc.5
...
feat(deps): bump github.com/containerd/containerd/v2 from 2.0.0-rc.4 to 2.0.0-rc.5
2024-10-15 08:42:03 -05:00
Joel Kamp
5c51ee7c19
Merge pull request #194 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.43
...
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.27.43
2024-10-15 08:36:49 -05:00
Joel Kamp
8ae43ba5e9
Merge branch 'main' into dependabot/go_modules/github.com/containerd/containerd/v2-2.0.0-rc.5
2024-10-15 08:33:48 -05:00
dependabot[bot]
ec659e62cd
feat(deps): bump github.com/aws/aws-sdk-go-v2/config
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.39 to 1.27.43.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.39...config/v1.27.43 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-09 08:42:48 +00:00
Joel Kamp
2d7f6cae3c
Merge pull request #191 from docker/feat-vsa-input-attestations
...
feat: vsa input attestations
2024-10-08 08:30:06 -05:00
mrjoelkamp
a686de72fd
feat: add input atts to result summary
2024-10-07 15:07:21 -05:00
mrjoelkamp
d58ce0c600
feat: add reference wrapper for envelope
2024-10-07 13:34:04 -05:00
dependabot[bot]
bf33de5b48
feat(deps): bump github.com/theupdateframework/go-tuf/v2 ( #186 )
...
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf ) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases )
- [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml )
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.0.1...v2.0.2 )
---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-02 10:05:46 +01:00
dependabot[bot]
b8ca85152d
feat(deps): bump github.com/containerd/containerd/v2
...
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd ) from 2.0.0-rc.4 to 2.0.0-rc.5.
- [Release notes](https://github.com/containerd/containerd/releases )
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md )
- [Commits](https://github.com/containerd/containerd/compare/v2.0.0-rc.4...v2.0.0-rc.5 )
---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-02 08:36:57 +00:00
Joel Kamp
e06d8736df
Merge pull request #182 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.39
...
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.38 to 1.27.39
2024-10-01 16:02:00 -05:00
Joel Kamp
fcf98ebc3f
Merge branch 'main' into dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.39
2024-10-01 15:46:46 -05:00
Joel Kamp
acd8d427a1
Merge pull request #185 from docker/dependabot/go_modules/github.com/open-policy-agent/opa-0.69.0
...
feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0
2024-10-01 15:46:34 -05:00
