Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps(deps): update module github.com/sigstore/cosign/v2 to v2.4.2 #370

Merged
merged 1 commit into from
Feb 10, 2025
Merged

deps(deps): update module github.com/sigstore/cosign/v2 to v2.4.2 #370

merged 1 commit into from
Feb 10, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 4, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/sigstore/cosign/v2 v2.4.1 -> v2.4.2 age adoption passing confidence

Release Notes

sigstore/cosign (github.com/sigstore/cosign/v2)

v2.4.2

Compare Source

Features

  • Updated open-policy-agent to 1.1.0 library (#​4036)
    • Note that only Rego v0 policies are supported at this time
  • Add UseSignedTimestamps to CheckOpts, refactor TSA options (#​4006)
  • Add support for verifying root checksum in cosign initialize (#​3953)
  • Detect if user supplied a valid protobuf bundle (#​3931)
  • Add a log message if user doesn't provide --trusted-root (#​3933)
  • Support mTLS towards container registry (#​3922)
  • Add bundle create helper command (#​3901)
  • Add trusted-root create helper command (#​3876)

Bug Fixes

  • fix: set tls config while retaining other fields from default http transport (#​4007)
  • policy fuzzer: ignore known panics (#​3993)
  • Fix for multiple WithRemote options (#​3982)
  • Add nightly conformance test workflow (#​3979)
  • Fix copy --only for signatures + update/align docs (#​3904)

Documentation

  • Remove usage.md from spec, point to client spec (#​3918)
  • move reference from gcr to ghcr (#​3897)

Contributors

  • AdamKorcz
  • Aditya Sirish
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Cody Soyland
  • Colleen Murphy
  • Hayden B
  • Jussi Kukkonen
  • Marco Franssen
  • Nianyu Shen
  • Slavek Kabrda
  • Søren Juul
  • Warren Hodgkinson
  • Zach Steindler

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner February 4, 2025 20:39
@renovate renovate bot requested a review from arturshadnik February 4, 2025 20:39
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Feb 4, 2025
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 24 additional dependencies were updated

Details:

Package Change
cel.dev/expr v0.18.0 -> v0.19.0
github.com/fsnotify/fsnotify v1.7.0 -> v1.8.0
github.com/google/certificate-transparency-go v1.2.1 -> v1.3.1
github.com/jmespath/go-jmespath v0.4.0 -> v0.4.1-0.20220621161143-b0104c826a24
github.com/magiconair/properties v1.8.7 -> v1.8.9
github.com/mitchellh/mapstructure v1.5.0 -> v1.5.1-0.20231216201459-8508981c8b6c
github.com/pelletier/go-toml/v2 v2.2.2 -> v2.2.3
github.com/prometheus/client_golang v1.20.2 -> v1.20.5
github.com/prometheus/common v0.55.0 -> v0.62.0
github.com/sigstore/protobuf-specs v0.3.2 -> v0.4.0
github.com/sigstore/rekor v1.3.6 -> v1.3.9
github.com/sigstore/timestamp-authority v1.2.2 -> v1.2.4
github.com/spf13/pflag v1.0.5 -> v1.0.6
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 -> v0.59.0
go.opentelemetry.io/otel v1.33.0 -> v1.34.0
go.opentelemetry.io/otel/metric v1.33.0 -> v1.34.0
go.opentelemetry.io/otel/sdk v1.33.0 -> v1.34.0
go.opentelemetry.io/otel/trace v1.33.0 -> v1.34.0
golang.org/x/time v0.7.0 -> v0.9.0
google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed -> v0.0.0-20250115164207-1a7da9e5054f
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 -> v0.0.0-20250124145028-65684f501c47
google.golang.org/grpc v1.66.0 -> v1.70.0
google.golang.org/protobuf v1.36.3 -> v1.36.4
sigs.k8s.io/release-utils v0.8.4 -> v0.11.0

@dosubot dosubot bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Feb 4, 2025
renovate-approve[bot]
renovate-approve bot previously approved these changes Feb 4, 2025
View reviewed changes
@renovate
deps(deps): update module github.com/sigstore/cosign/v2 to v2.4.2
09b9a03 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 9d1fe04 to 09b9a03 Compare February 10, 2025 19:12
@codecov Codecov
Copy link

codecov bot commented Feb 10, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

@@           Coverage Diff           @@
##             main     #370   +/-   ##
=======================================
  Coverage   43.39%   43.39%           
=======================================
  Files           9        9           
  Lines         848      848           
=======================================
  Hits          368      368           
  Misses        450      450           
  Partials       30       30

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3f4cd8b...09b9a03. Read the comment docs.

@ahmad-ibra ahmad-ibra merged commit 4c341cf into main Feb 10, 2025
8 checks passed
@ahmad-ibra ahmad-ibra deleted the renovate/all-minor-patch branch February 10, 2025 21:11
@TylerGillson TylerGillson mentioned this pull request Feb 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@arturshadnik arturshadnik Awaiting requested review from arturshadnik arturshadnik is a code owner automatically assigned from validator-labs/validator

Assignees
No one assigned
Labels
dependencies go size:M This PR changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ahmad-ibra