dependabot[bot]
dbac7405c7
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.28.0 to 1.28.1 ( #213 )
...
Bumps
[github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 )
from 1.28.0 to 1.28.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6b53348f84784d2d39b07258bd236cf322198c04b65b80a89bhttps://redirect.github.com/aws/aws-sdk-go-v2/issues/2852 ">#2852</a>
from RanVaknin/signature-header-parsing-fix</li>
<li><a
href="803614d34fb12c8cf885f0caa97e86e05890387ehttps://redirect.github.com/aws/aws-sdk-go-v2/issues/2851 ">#2851</a>)</li>
<li><a
href="896793a682https://github.com/aws/aws-sdk-go-v2/compare/v1.28.0...config/v1.28.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-04 08:33:57 +00:00
dependabot[bot]
868e44228e
feat(deps): bump github.com/containerd/containerd/v2 from 2.0.0-rc.5 to 2.0.0-rc.6 ( #212 )
...
Bumps
[github.com/containerd/containerd/v2](https://github.com/containerd/containerd )
from 2.0.0-rc.5 to 2.0.0-rc.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/containerd/containerd/releases ">github.com/containerd/containerd/v2's
releases</a>.</em></p>
<blockquote>
<h2>containerd 2.0.0-rc.6</h2>
<p>Welcome to the v2.0.0-rc.6 release of containerd!
<em>This is a pre-release of containerd</em></p>
<p>The first major release of containerd 2.x focuses on the continued
stability of
containerd's core feature set with an easy upgrade from containerd 1.x.
This
release includes the stabilization of new features added in the last 1.x
release
as well as the removal of features which were deprecated in 1.x. The
goal is to
support the vast community of containerd users well into the future
along with
their ever increasing deployment footprints and variety of use
cases.</p>
<h3>Highlights</h3>
<ul>
<li>Allow sections of Plugins to be merged, and not overwritten as
entire sections. (<a
href="https://redirect.github.com/containerd/containerd/pull/9982 ">#9982</a>)</li>
<li>Add Update API for sandbox controller (<a
href="https://redirect.github.com/containerd/containerd/pull/9903 ">#9903</a>)</li>
<li>Configure otel from env instead of config.toml (<a
href="https://redirect.github.com/containerd/containerd/pull/8970 ">#8970</a>)</li>
<li>Enable NRI by default (<a
href="https://redirect.github.com/containerd/containerd/pull/9744 ">#9744</a>)</li>
<li>Add PluginInfo to introspection API (<a
href="https://redirect.github.com/containerd/containerd/pull/9442 ">#9442</a>)</li>
<li>Remove overlayfs volatile option on temp mounts (<a
href="https://redirect.github.com/containerd/containerd/pull/9555 ">#9555</a>)</li>
<li>Expose usage of deprecated features (<a
href="https://redirect.github.com/containerd/containerd/pull/9258 ">#9258</a>)</li>
<li>Use Intel ISA-L's igzip if available (<a
href="https://redirect.github.com/containerd/containerd/pull/9200 ">#9200</a>)</li>
<li>Introduce top level config migration (<a
href="https://redirect.github.com/containerd/containerd/pull/9223 ">#9223</a>)</li>
<li>Add image delete target (<a
href="https://redirect.github.com/containerd/containerd/pull/8989 ">#8989</a>)</li>
<li>Remove <code>LimitNOFILE</code> from <code>containerd.service</code>
(<a
href="https://redirect.github.com/containerd/containerd/pull/8924 ">#8924</a>)</li>
<li>Add support for image expiration during garbage collection (<a
href="https://redirect.github.com/containerd/containerd/pull/9022 ">#9022</a>)</li>
<li>Reduce the contention between ref lock and boltdb lock in content
store (<a
href="https://redirect.github.com/containerd/containerd/pull/8792 ">#8792</a>)</li>
<li>Remove "containerd.io/restart.logpath" label (<a
href="https://redirect.github.com/containerd/containerd/pull/8264 ">#8264</a>)</li>
<li>Remove <code>aufs</code> snapshotter (<a
href="https://redirect.github.com/containerd/containerd/pull/8263 ">#8263</a>)</li>
<li>Fix deadlock during NRI plugin registration (<a
href="https://redirect.github.com/containerd/nri/pull/79 ">containerd/nri#79</a>)</li>
<li>Fix deadlock when writing to pipe blocks (<a
href="https://redirect.github.com/containerd/ttrpc/pull/168 ">containerd/ttrpc#168</a>)</li>
</ul>
<h4>Build and Release Toolchain</h4>
<ul>
<li>Generate attestation for artifacts during release (<a
href="https://redirect.github.com/containerd/containerd/pull/10543 ">#10543</a>)</li>
<li>Remove <code>cri-containerd-*.tar.gz</code> release bundles (<a
href="https://redirect.github.com/containerd/containerd/pull/9096 ">#9096</a>)</li>
</ul>
<h4>Container Runtime Interface (CRI)</h4>
<ul>
<li>Use 'UserSpecifiedImage' from CRI to set the image-name annotation
(<a
href="https://redirect.github.com/containerd/containerd/pull/10747 ">#10747</a>)</li>
<li>Fine-grained SupplementalGroups control (<a
href="https://redirect.github.com/containerd/containerd/pull/9737 ">#9737</a>)</li>
<li>Add support to set loopback to up (<a
href="https://redirect.github.com/containerd/containerd/pull/10238 ">#10238</a>)</li>
<li>Add support for multiple subscribers to CRI container events (<a
href="https://redirect.github.com/containerd/containerd/pull/9661 ">#9661</a>)</li>
<li>Enable CDI by default (<a
href="https://redirect.github.com/containerd/containerd/pull/9621 ">#9621</a>)</li>
<li>Remove non-sandboxed CRI implementation (<a
href="https://redirect.github.com/containerd/containerd/pull/9228 ">#9228</a>)</li>
<li>Add support for userns in stateless and stateful pods with idmap
mounts (KEP-127, k8s >= 1.27) (<a
href="https://redirect.github.com/containerd/containerd/pull/8287 ">#8287</a>)</li>
<li>Use sandboxed CRI by default (<a
href="https://redirect.github.com/containerd/containerd/pull/8994 ">#8994</a>)</li>
<li>Implement RuntimeConfig CRI call (<a
href="https://redirect.github.com/containerd/containerd/pull/8722 ">#8722</a>)</li>
<li>Add support for user namespaces (KEP-127) (<a
href="https://redirect.github.com/containerd/containerd/pull/8803 ">#8803</a>)</li>
<li>Remove CRI v1alpha2 (<a
href="https://redirect.github.com/containerd/containerd/pull/8276 ">#8276</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b70cce2085https://redirect.github.com/containerd/containerd/issues/10887 ">#10887</a>
from dmcgowan/prepare-v2.0.0-rc.6</li>
<li><a
href="5c65a3d7b09aa637b22d574f0daa3ehttps://redirect.github.com/containerd/containerd/issues/10884 ">#10884</a>
from samuelkarp/nri-0.7.0</li>
<li><a
href="4b9d6c0144651757761fhttps://redirect.github.com/containerd/containerd/issues/10864 ">#10864</a>
from djdongjin/dedup-cri-util</li>
<li><a
href="deccefc8cfhttps://redirect.github.com/containerd/containerd/issues/9982 ">#9982</a>
from rayburgemeestre/merge-toml-configurations-for-p...</li>
<li><a
href="e370f0e31chttps://redirect.github.com/containerd/containerd/issues/10882 ">#10882</a>
from samuelkarp/containerd-2.0-guide</li>
<li><a
href="bc819bc97a18654db80ahttps://redirect.github.com/containerd/containerd/issues/10881 ">#10881</a>
from samuelkarp/containerd-2.0-guide</li>
<li>Additional commits viewable in <a
href="https://github.com/containerd/containerd/compare/v2.0.0-rc.5...v2.0.0-rc.6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-24 09:05:49 +00:00
dependabot[bot]
31d303ff9c
feat(deps): bump google.golang.org/api from 0.202.0 to 0.203.0 ( #211 )
...
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client )
from 0.202.0 to 0.203.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases ">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.203.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.202.0...v0.203.0 ">0.203.0</a>
(2024-10-23)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2834 ">#2834</a>)
(<a
href="c77b5f4cd2https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md ">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.202.0...v0.203.0 ">0.203.0</a>
(2024-10-23)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/2834 ">#2834</a>)
(<a
href="c77b5f4cd25ca1495a58https://redirect.github.com/googleapis/google-api-go-client/issues/2835 ">#2835</a>)</li>
<li><a
href="71d3f5c68ehttps://redirect.github.com/googleapis/google-api-go-client/issues/2836 ">#2836</a>)</li>
<li><a
href="c77b5f4cd2https://redirect.github.com/googleapis/google-api-go-client/issues/2834 ">#2834</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.202.0...v0.203.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-24 10:03:31 +01:00
dependabot[bot]
b0d6219e34
feat(deps): bump google.golang.org/api from 0.201.0 to 0.202.0 ( #210 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.201.0 to 0.202.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.201.0...v0.202.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-23 13:37:33 +01:00
Jonny Stoten
b4a9283ec3
Update go git ( #209 )
2024-10-22 15:31:55 +01:00
Jonny Stoten
a078fba81d
feat: add internal reproducible git checksum builtin ( #203 )
...
Adds a new rego builtin `attest.internals.reproducible_git_checksum`.
This is needed for verifying DOI provenance, see
https://github.com/docker/doi-image-policy/blob/main/slsa.md#doi-build-reproducible-git-checksum .
We use https://github.com/go-git/go-git for as much of this as possible,
but it doesn't support the actual archive operation, so we shell out to
`git` for that.
There is some similar unexported code in bashbrew, and we should
probably be using the same code in the build process as we are here.
I'll create a follow-up ticket to sort that out.
2024-10-22 14:30:27 +01:00
Joel Kamp
47669993c6
Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/aws-1.8.10
2024-10-17 08:25:14 -05:00
dependabot[bot]
0e1005d0f7
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore ) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-17 13:18:42 +00:00
dependabot[bot]
94f69c75d2
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore ) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-17 13:18:39 +00:00
mrjoelkamp
9b6234f0ae
chore: go mod tidy
2024-10-17 08:12:10 -05:00
James Carnegie
273b61ebd6
Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10
2024-10-17 09:36:58 +01:00
dependabot[bot]
eda0b23910
feat(deps): bump github.com/aws/aws-sdk-go-v2/config ( #202 )
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.43 to 1.28.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.43...v1.28.0 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-17 09:36:43 +01:00
James Carnegie
16f65fefeb
Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10
2024-10-16 10:13:44 +01:00
dependabot[bot]
e39a4ea9f3
feat(deps): bump google.golang.org/api from 0.200.0 to 0.201.0 ( #197 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.200.0 to 0.201.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.200.0...v0.201.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-16 10:13:11 +01:00
dependabot[bot]
2e4f8f79bd
feat(deps): bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10
...
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore ) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-16 09:03:50 +00:00
mrjoelkamp
163c1828e3
chore: go mod tidy
2024-10-15 09:28:32 -05:00
dependabot[bot]
168a574c15
feat(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1
...
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/sigstore/cosign/releases )
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/cosign/compare/v2.4.0...v2.4.1 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-15 14:27:14 +00:00
dependabot[bot]
8460357880
feat(deps): bump google.golang.org/api from 0.199.0 to 0.200.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.199.0 to 0.200.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.199.0...v0.200.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-15 13:44:46 +00:00
Joel Kamp
994240018e
Merge pull request #187 from docker/dependabot/go_modules/github.com/containerd/containerd/v2-2.0.0-rc.5
...
feat(deps): bump github.com/containerd/containerd/v2 from 2.0.0-rc.4 to 2.0.0-rc.5
2024-10-15 08:42:03 -05:00
Joel Kamp
8ae43ba5e9
Merge branch 'main' into dependabot/go_modules/github.com/containerd/containerd/v2-2.0.0-rc.5
2024-10-15 08:33:48 -05:00
dependabot[bot]
ec659e62cd
feat(deps): bump github.com/aws/aws-sdk-go-v2/config
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.39 to 1.27.43.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.39...config/v1.27.43 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-09 08:42:48 +00:00
dependabot[bot]
bf33de5b48
feat(deps): bump github.com/theupdateframework/go-tuf/v2 ( #186 )
...
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf ) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases )
- [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml )
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.0.1...v2.0.2 )
---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-02 10:05:46 +01:00
dependabot[bot]
b8ca85152d
feat(deps): bump github.com/containerd/containerd/v2
...
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd ) from 2.0.0-rc.4 to 2.0.0-rc.5.
- [Release notes](https://github.com/containerd/containerd/releases )
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md )
- [Commits](https://github.com/containerd/containerd/compare/v2.0.0-rc.4...v2.0.0-rc.5 )
---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-02 08:36:57 +00:00
Joel Kamp
fcf98ebc3f
Merge branch 'main' into dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.39
2024-10-01 15:46:46 -05:00
Joel Kamp
f2f13933df
Merge branch 'main' into dependabot/go_modules/github.com/open-policy-agent/opa-0.69.0
2024-10-01 15:42:13 -05:00
dependabot[bot]
ac04e8a9ea
feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0
...
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) from 0.68.0 to 0.69.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.68.0...v0.69.0 )
---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-01 08:30:48 +00:00
dependabot[bot]
e3927acf17
feat(deps): bump github.com/theupdateframework/go-tuf/v2
...
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf ) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases )
- [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml )
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.0.0...v2.0.1 )
---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-10-01 08:30:33 +00:00
dependabot[bot]
251506fd9b
feat(deps): bump github.com/aws/aws-sdk-go-v2/config
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.38 to 1.27.39.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.38...config/v1.27.39 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-09-30 08:47:36 +00:00
dependabot[bot]
5e16b97e02
feat(deps): bump google.golang.org/api from 0.198.0 to 0.199.0 ( #181 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.198.0 to 0.199.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.198.0...v0.199.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-27 15:11:28 +01:00
dependabot[bot]
0ff28b2deb
feat(deps): bump github.com/aws/aws-sdk-go-v2/config ( #180 )
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.35 to 1.27.38.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.35...config/v1.27.38 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-27 15:05:53 +01:00
Jonny Stoten
4ca962b70c
Add function for parsing DOI definition files ( #172 )
...
Add a Rego builtin called `attest.internals.parse_library_definition`
for parsing the DOI definition files in
https://github.com/docker-library/official-images/tree/master/library .
This will allow us to verify DOI provenance fields against these files
which are the source of truth for DOI images.
This function just defers to
https://github.com/docker-library/bashbrew/blob/master/manifest/rfc2822.go .
2024-09-27 12:32:24 +01:00
dependabot[bot]
02b8063d71
feat(deps): bump google.golang.org/api from 0.197.0 to 0.198.0 ( #175 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.197.0 to 0.198.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.197.0...v0.198.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-20 10:01:47 +01:00
mrjoelkamp
fd4e741a1f
feat: support containerd subject annotations
2024-09-19 15:10:56 -05:00
dependabot[bot]
be7a17f214
feat(deps): bump github.com/sigstore/sigstore from 1.8.8 to 1.8.9 ( #169 )
...
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore ) from 1.8.8 to 1.8.9.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-19 11:24:30 +01:00
James Carnegie
05caa959c4
Use a Factory to create signature verifiers at policy evaluation time ( #165 )
...
* Make verifiers composable
* fix: remove unused code and improve signature verification logic
* fix: simplify abstractions and renamed some things
* fix: improve tl interface.
* fix: sort out signer/verifier
2024-09-18 13:34:10 +01:00
dependabot[bot]
5335a56da1
feat(deps): bump github.com/aws/aws-sdk-go-v2/config ( #168 )
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.33 to 1.27.35.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.33...config/v1.27.35 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-18 09:43:50 +01:00
dependabot[bot]
070fa33d0d
feat(deps): bump google.golang.org/api from 0.196.0 to 0.197.0 ( #162 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.196.0 to 0.197.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.196.0...v0.197.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-11 12:27:09 +01:00
James Carnegie
b4e6767cc6
feature!: support for setting HTTP User-Agent header ( #157 )
...
* feature!: support for setting HTTP User-Agent header
* fix lint
* fix e2e
* refactor: move http.go to internal/util/useragent package and rename functions to Get and Set
* Move packages and use attest version
2024-09-09 14:22:17 +01:00
dependabot[bot]
99846a3483
feat(deps): bump google.golang.org/api from 0.195.0 to 0.196.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.195.0 to 0.196.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.195.0...v0.196.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-09-04 21:43:32 +00:00
Joel Kamp
f760b12bb2
Merge pull request #151 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/gcp-1.8.9
...
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.8 to 1.8.9
2024-09-04 16:41:22 -05:00
dependabot[bot]
0705a71115
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore ) from 1.8.8 to 1.8.9.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-09-04 21:37:46 +00:00
dependabot[bot]
b00e02af01
feat(deps): bump github.com/aws/aws-sdk-go-v2/config
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.31 to 1.27.33.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.31...config/v1.27.33 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-09-04 21:36:36 +00:00
Joel Kamp
c8383f3f5a
Merge pull request #149 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/aws-1.8.9
...
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.8 to 1.8.9
2024-09-04 16:33:50 -05:00
dependabot[bot]
67ad27ac22
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws
...
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore ) from 1.8.8 to 1.8.9.
- [Release notes](https://github.com/sigstore/sigstore/releases )
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-09-04 08:41:30 +00:00
dependabot[bot]
16834292de
feat(deps): bump github.com/open-policy-agent/opa from 0.67.1 to 0.68.0
...
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) from 0.67.1 to 0.68.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.67.1...v0.68.0 )
---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-08-30 08:37:19 +00:00
dependabot[bot]
bada1df262
feat(deps): bump google.golang.org/api from 0.194.0 to 0.195.0 ( #139 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.194.0 to 0.195.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.194.0...v0.195.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Carnegie <kipz@users.noreply.github.com >
2024-08-30 09:29:19 +01:00
dependabot[bot]
95319494b5
feat(deps): bump github.com/testcontainers/testcontainers-go/modules/registry ( #127 )
...
Bumps [github.com/testcontainers/testcontainers-go/modules/registry](https://github.com/testcontainers/testcontainers-go ) from 0.32.0 to 0.33.0.
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases )
- [Commits](https://github.com/testcontainers/testcontainers-go/compare/v0.32.0...v0.33.0 )
---
updated-dependencies:
- dependency-name: github.com/testcontainers/testcontainers-go/modules/registry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Carnegie <kipz@users.noreply.github.com >
2024-08-28 09:58:09 +01:00
dependabot[bot]
64046df6f8
feat(deps): bump github.com/aws/aws-sdk-go-v2/config ( #134 )
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.28 to 1.27.31.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.28...config/v1.27.31 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-28 08:57:31 +00:00
dependabot[bot]
57b6df0ab5
feat(deps): bump google.golang.org/api from 0.192.0 to 0.194.0 ( #131 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.192.0 to 0.194.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.192.0...v0.194.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-28 09:56:53 +01:00
dependabot[bot]
857be568b5
feat(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0 ( #136 )
...
Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-28 09:55:28 +01:00
