Skip to content

Commit 63e7113

Browse files
renovate[bot]renovate[bot]
authored
Update module github.com/sigstore/cosign/v2 to v2.6.2 [SECURITY]
1 parent aece3e5 commit 63e7113

File tree

4 files changed

+744
-197
lines changed

4 files changed

+744
-197
lines changed

acceptance/go.mod

Lines changed: 93 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
11
module github.com/conforma/cli/acceptance
22

3-
go 1.24.6
3+
go 1.25.0
44

55
require (
6-
cuelang.org/go v0.11.1
6+
cuelang.org/go v0.14.1
77
github.com/conforma/crds/api v0.1.7
88
github.com/cucumber/godog v0.15.0
9-
github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f
9+
github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467
1010
github.com/doiit/picocolors v1.0.1
1111
github.com/evanphx/json-patch/v5 v5.9.0
1212
github.com/gkampitakis/go-snaps v0.5.7
1313
github.com/go-git/go-billy/v5 v5.6.0
1414
github.com/go-git/go-git/v5 v5.13.0
15-
github.com/go-openapi/strfmt v0.23.0
15+
github.com/go-openapi/strfmt v0.25.0
1616
github.com/google/go-containerregistry v0.20.7
1717
github.com/in-toto/in-toto-golang v0.9.0
1818
github.com/konflux-ci/application-api v0.0.0-20240812090716-e7eb2ecfb409
@@ -21,18 +21,18 @@ require (
2121
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
2222
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e
2323
github.com/pkg/errors v0.9.1
24-
github.com/secure-systems-lab/go-securesystemslib v0.9.0
25-
github.com/sigstore/cosign/v2 v2.4.1
26-
github.com/sigstore/rekor v1.3.6
27-
github.com/sigstore/sigstore v1.8.9
24+
github.com/secure-systems-lab/go-securesystemslib v0.9.1
25+
github.com/sigstore/cosign/v2 v2.6.2
26+
github.com/sigstore/rekor v1.4.3
27+
github.com/sigstore/sigstore v1.10.3
2828
github.com/stretchr/testify v1.11.1
2929
github.com/tektoncd/cli v0.37.1
3030
github.com/tektoncd/pipeline v0.66.0
3131
github.com/testcontainers/testcontainers-go v0.34.0
3232
github.com/transparency-dev/merkle v0.0.2
3333
github.com/wiremock/go-wiremock v1.11.0
3434
github.com/yudai/gojsondiff v1.0.0
35-
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
35+
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
3636
gopkg.in/go-jose/go-jose.v2 v2.6.3
3737
k8s.io/api v0.34.2
3838
k8s.io/apimachinery v0.34.2
@@ -49,12 +49,12 @@ replace github.com/google/go-containerregistry => github.com/conforma/go-contain
4949

5050
require (
5151
cel.dev/expr v0.24.0 // indirect
52-
cloud.google.com/go/kms v1.20.1 // indirect
53-
cloud.google.com/go/longrunning v0.6.2 // indirect
52+
cloud.google.com/go/kms v1.23.2 // indirect
53+
cloud.google.com/go/longrunning v0.6.7 // indirect
5454
contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect
5555
contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect
5656
dario.cat/mergo v1.0.2 // indirect
57-
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
57+
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
5858
github.com/BurntSushi/toml v1.4.0 // indirect
5959
github.com/Microsoft/go-winio v0.6.2 // indirect
6060
github.com/ProtonMail/go-crypto v1.1.3 // indirect
@@ -66,6 +66,7 @@ require (
6666
github.com/blang/semver/v4 v4.0.0 // indirect
6767
github.com/blendle/zapdriver v1.3.1 // indirect
6868
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
69+
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
6970
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
7071
github.com/cespare/xxhash/v2 v2.3.0 // indirect
7172
github.com/cloudflare/circl v1.4.0 // indirect
@@ -74,7 +75,8 @@ require (
7475
github.com/containerd/errdefs/pkg v0.3.0 // indirect
7576
github.com/containerd/log v0.1.0 // indirect
7677
github.com/containerd/platforms v1.0.0-rc.2 // indirect
77-
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
78+
github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect
79+
github.com/coreos/go-oidc/v3 v3.17.0 // indirect
7880
github.com/coreos/go-systemd/v22 v22.6.0 // indirect
7981
github.com/cpuguy83/dockercfg v0.3.2 // indirect
8082
github.com/cucumber/gherkin/go/v26 v26.2.0 // indirect
@@ -84,7 +86,7 @@ require (
8486
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
8587
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
8688
github.com/distribution/reference v0.6.0 // indirect
87-
github.com/docker/cli v28.2.2+incompatible // indirect
89+
github.com/docker/cli v29.0.3+incompatible // indirect
8890
github.com/docker/distribution v2.8.3+incompatible // indirect
8991
github.com/docker/docker v28.3.3+incompatible // indirect
9092
github.com/docker/docker-credential-helpers v0.9.3 // indirect
@@ -93,53 +95,66 @@ require (
9395
github.com/dustin/go-humanize v1.0.1 // indirect
9496
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
9597
github.com/emirpasic/gods v1.18.1 // indirect
96-
github.com/fatih/color v1.17.0 // indirect
98+
github.com/fatih/color v1.18.0 // indirect
9799
github.com/felixge/httpsnoop v1.0.4 // indirect
98100
github.com/fsnotify/fsnotify v1.9.0 // indirect
99101
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
100102
github.com/gkampitakis/ciinfo v0.3.0 // indirect
101103
github.com/gkampitakis/go-diff v1.3.2 // indirect
102104
github.com/go-chi/chi v4.1.2+incompatible // indirect
105+
github.com/go-chi/chi/v5 v5.2.3 // indirect
103106
github.com/go-errors/errors v1.5.1 // indirect
104107
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
105108
github.com/go-jose/go-jose/v3 v3.0.4 // indirect
106-
github.com/go-jose/go-jose/v4 v4.1.2 // indirect
109+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
107110
github.com/go-kit/log v0.2.1 // indirect
108111
github.com/go-logfmt/logfmt v0.6.0 // indirect
109112
github.com/go-logr/logr v1.4.3 // indirect
110113
github.com/go-logr/stdr v1.2.2 // indirect
111114
github.com/go-ole/go-ole v1.3.0 // indirect
112-
github.com/go-openapi/analysis v0.23.0 // indirect
113-
github.com/go-openapi/errors v0.22.0 // indirect
114-
github.com/go-openapi/jsonpointer v0.21.0 // indirect
115-
github.com/go-openapi/jsonreference v0.21.0 // indirect
116-
github.com/go-openapi/loads v0.22.0 // indirect
117-
github.com/go-openapi/runtime v0.28.0 // indirect
118-
github.com/go-openapi/spec v0.21.0 // indirect
119-
github.com/go-openapi/swag v0.23.0 // indirect
120-
github.com/go-openapi/validate v0.24.0 // indirect
121-
github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
115+
github.com/go-openapi/analysis v0.24.1 // indirect
116+
github.com/go-openapi/errors v0.22.4 // indirect
117+
github.com/go-openapi/jsonpointer v0.22.1 // indirect
118+
github.com/go-openapi/jsonreference v0.21.3 // indirect
119+
github.com/go-openapi/loads v0.23.2 // indirect
120+
github.com/go-openapi/runtime v0.29.2 // indirect
121+
github.com/go-openapi/spec v0.22.1 // indirect
122+
github.com/go-openapi/swag v0.25.4 // indirect
123+
github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
124+
github.com/go-openapi/swag/conv v0.25.4 // indirect
125+
github.com/go-openapi/swag/fileutils v0.25.4 // indirect
126+
github.com/go-openapi/swag/jsonname v0.25.4 // indirect
127+
github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
128+
github.com/go-openapi/swag/loading v0.25.4 // indirect
129+
github.com/go-openapi/swag/mangling v0.25.4 // indirect
130+
github.com/go-openapi/swag/netutils v0.25.4 // indirect
131+
github.com/go-openapi/swag/stringutils v0.25.4 // indirect
132+
github.com/go-openapi/swag/typeutils v0.25.4 // indirect
133+
github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
134+
github.com/go-openapi/validate v0.25.1 // indirect
135+
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
122136
github.com/gofrs/uuid v4.4.0+incompatible // indirect
123137
github.com/gogo/protobuf v1.3.2 // indirect
124138
github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
125139
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
126140
github.com/golang/protobuf v1.5.4 // indirect
127141
github.com/golang/snappy v0.0.4 // indirect
128142
github.com/google/cel-go v0.26.0 // indirect
129-
github.com/google/certificate-transparency-go v1.2.1 // indirect
143+
github.com/google/certificate-transparency-go v1.3.2 // indirect
130144
github.com/google/gnostic-models v0.7.0 // indirect
131145
github.com/google/go-cmp v0.7.0 // indirect
132146
github.com/google/safetext v0.0.0-20240722112252-5a72de7e7962 // indirect
133147
github.com/google/uuid v1.6.0 // indirect
134-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
148+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
135149
github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b // indirect
136150
github.com/hashicorp/errwrap v1.1.0 // indirect
137151
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
138152
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
139153
github.com/hashicorp/go-memdb v1.3.4 // indirect
140154
github.com/hashicorp/go-multierror v1.1.1 // indirect
141-
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
155+
github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
142156
github.com/hashicorp/golang-lru v1.0.2 // indirect
157+
github.com/in-toto/attestation v1.1.2 // indirect
143158
github.com/inconshreveable/mousetrap v1.1.0 // indirect
144159
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
145160
github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
@@ -150,107 +165,113 @@ require (
150165
github.com/klauspost/compress v1.18.1 // indirect
151166
github.com/kr/pretty v0.3.1 // indirect
152167
github.com/kr/text v0.2.0 // indirect
153-
github.com/letsencrypt/boulder v0.0.0-20240830194243-1fcf0ee08180 // indirect
168+
github.com/letsencrypt/boulder v0.20251110.0 // indirect
154169
github.com/lufia/plan9stats v0.0.0-20240819163618-b1d8f4d146e7 // indirect
155170
github.com/magiconair/properties v1.8.7 // indirect
156-
github.com/mailru/easyjson v0.7.7 // indirect
171+
github.com/mailru/easyjson v0.9.0 // indirect
157172
github.com/maruel/natural v1.1.1 // indirect
158-
github.com/mattn/go-colorable v0.1.13 // indirect
173+
github.com/mattn/go-colorable v0.1.14 // indirect
159174
github.com/mattn/go-isatty v0.0.20 // indirect
160175
github.com/mitchellh/go-homedir v1.1.0 // indirect
161-
github.com/mitchellh/mapstructure v1.5.0 // indirect
176+
github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c // indirect
162177
github.com/moby/docker-image-spec v1.3.1 // indirect
163178
github.com/moby/go-archive v0.1.0 // indirect
164179
github.com/moby/patternmatcher v0.6.0 // indirect
165180
github.com/moby/sys/sequential v0.6.0 // indirect
166181
github.com/moby/sys/user v0.4.0 // indirect
167182
github.com/moby/sys/userns v0.1.0 // indirect
168-
github.com/moby/term v0.5.0 // indirect
183+
github.com/moby/term v0.5.2 // indirect
169184
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
170185
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
171186
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
172187
github.com/morikuni/aec v1.0.0 // indirect
173188
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
174189
github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
175190
github.com/oklog/ulid v1.3.1 // indirect
176-
github.com/open-policy-agent/opa v1.6.0 // indirect
191+
github.com/open-policy-agent/opa v1.8.0 // indirect
177192
github.com/opencontainers/go-digest v1.0.0 // indirect
178193
github.com/opentracing/opentracing-go v1.2.0 // indirect
179194
github.com/pborman/uuid v1.2.1 // indirect
180195
github.com/pelletier/go-toml v1.9.5 // indirect
181196
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
182197
github.com/pjbgf/sha1cd v0.3.0 // indirect
198+
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
183199
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
184200
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
185201
github.com/prometheus/client_golang v1.23.2 // indirect
186202
github.com/prometheus/client_model v0.6.2 // indirect
187-
github.com/prometheus/common v0.66.1 // indirect
188-
github.com/prometheus/procfs v0.16.1 // indirect
203+
github.com/prometheus/common v0.67.4 // indirect
204+
github.com/prometheus/procfs v0.17.0 // indirect
189205
github.com/prometheus/statsd_exporter v0.27.1 // indirect
190-
github.com/rogpeppe/go-internal v1.13.1 // indirect
191-
github.com/sagikazarmark/locafero v0.7.0 // indirect
206+
github.com/rogpeppe/go-internal v1.14.1 // indirect
207+
github.com/sagikazarmark/locafero v0.11.0 // indirect
192208
github.com/sassoftware/relic v7.2.1+incompatible // indirect
193-
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
209+
github.com/sergi/go-diff v1.4.0 // indirect
194210
github.com/shibumi/go-pathspec v1.3.0 // indirect
195211
github.com/shirou/gopsutil/v3 v3.24.5 // indirect
196212
github.com/shoenig/go-m1cpu v0.1.6 // indirect
197-
github.com/sigstore/protobuf-specs v0.3.2 // indirect
198-
github.com/sigstore/timestamp-authority v1.2.2 // indirect
213+
github.com/sigstore/protobuf-specs v0.5.0 // indirect
214+
github.com/sigstore/rekor-tiles/v2 v2.0.1 // indirect
215+
github.com/sigstore/sigstore-go v1.1.4 // indirect
216+
github.com/sigstore/timestamp-authority v1.2.9 // indirect
217+
github.com/sigstore/timestamp-authority/v2 v2.0.3 // indirect
199218
github.com/sirupsen/logrus v1.9.3 // indirect
200219
github.com/skeema/knownhosts v1.3.0 // indirect
201-
github.com/sourcegraph/conc v0.3.0 // indirect
202-
github.com/spf13/afero v1.12.0 // indirect
203-
github.com/spf13/cast v1.7.1 // indirect
204-
github.com/spf13/cobra v1.9.1 // indirect
205-
github.com/spf13/pflag v1.0.6 // indirect
206-
github.com/spf13/viper v1.20.1 // indirect
220+
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
221+
github.com/spf13/afero v1.15.0 // indirect
222+
github.com/spf13/cast v1.10.0 // indirect
223+
github.com/spf13/cobra v1.10.2 // indirect
224+
github.com/spf13/pflag v1.0.10 // indirect
225+
github.com/spf13/viper v1.21.0 // indirect
207226
github.com/stoewer/go-strcase v1.3.0 // indirect
208227
github.com/stretchr/objx v0.5.2 // indirect
209228
github.com/subosito/gotenv v1.6.0 // indirect
210229
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
211230
github.com/tchap/go-patricia/v2 v2.3.3 // indirect
212231
github.com/theupdateframework/go-tuf v0.7.0 // indirect
232+
github.com/theupdateframework/go-tuf/v2 v2.3.0 // indirect
213233
github.com/tidwall/gjson v1.17.3 // indirect
214234
github.com/tidwall/match v1.1.1 // indirect
215235
github.com/tidwall/pretty v1.2.1 // indirect
216236
github.com/tidwall/sjson v1.2.5 // indirect
217237
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
218238
github.com/tklauser/go-sysconf v0.3.14 // indirect
219239
github.com/tklauser/numcpus v0.8.0 // indirect
220-
github.com/vbatts/tar-split v0.12.1 // indirect
240+
github.com/transparency-dev/formats v0.0.0-20251017110053-404c0d5b696c // indirect
241+
github.com/vbatts/tar-split v0.12.2 // indirect
221242
github.com/x448/float16 v0.8.4 // indirect
222243
github.com/xanzy/ssh-agent v0.3.3 // indirect
223244
github.com/xlab/treeprint v1.2.0 // indirect
224245
github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect
225246
github.com/yudai/pp v2.0.1+incompatible // indirect
226247
github.com/yusufpapurcu/wmi v1.2.4 // indirect
227-
go.mongodb.org/mongo-driver v1.16.1 // indirect
248+
go.mongodb.org/mongo-driver v1.17.6 // indirect
228249
go.opencensus.io v0.24.0 // indirect
229-
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
230-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
231-
go.opentelemetry.io/otel v1.37.0 // indirect
232-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0 // indirect
233-
go.opentelemetry.io/otel/metric v1.37.0 // indirect
234-
go.opentelemetry.io/otel/trace v1.37.0 // indirect
250+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
251+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
252+
go.opentelemetry.io/otel v1.38.0 // indirect
253+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 // indirect
254+
go.opentelemetry.io/otel/metric v1.38.0 // indirect
255+
go.opentelemetry.io/otel/trace v1.38.0 // indirect
235256
go.uber.org/multierr v1.11.0 // indirect
236-
go.uber.org/zap v1.27.0 // indirect
237-
go.yaml.in/yaml/v2 v2.4.2 // indirect
257+
go.uber.org/zap v1.27.1 // indirect
258+
go.yaml.in/yaml/v2 v2.4.3 // indirect
238259
go.yaml.in/yaml/v3 v3.0.4 // indirect
239-
golang.org/x/crypto v0.41.0 // indirect
240-
golang.org/x/mod v0.29.0 // indirect
241-
golang.org/x/net v0.43.0 // indirect
242-
golang.org/x/oauth2 v0.30.0 // indirect
243-
golang.org/x/sync v0.17.0 // indirect
244-
golang.org/x/sys v0.37.0 // indirect
245-
golang.org/x/term v0.34.0 // indirect
246-
golang.org/x/text v0.28.0 // indirect
260+
golang.org/x/crypto v0.46.0 // indirect
261+
golang.org/x/mod v0.30.0 // indirect
262+
golang.org/x/net v0.48.0 // indirect
263+
golang.org/x/oauth2 v0.33.0 // indirect
264+
golang.org/x/sync v0.19.0 // indirect
265+
golang.org/x/sys v0.39.0 // indirect
266+
golang.org/x/term v0.38.0 // indirect
267+
golang.org/x/text v0.32.0 // indirect
247268
golang.org/x/time v0.14.0 // indirect
248269
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
249-
google.golang.org/api v0.215.0 // indirect
250-
google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect
251-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b // indirect
252-
google.golang.org/grpc v1.76.0 // indirect
253-
google.golang.org/protobuf v1.36.10 // indirect
270+
google.golang.org/api v0.257.0 // indirect
271+
google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect
272+
google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 // indirect
273+
google.golang.org/grpc v1.77.0 // indirect
274+
google.golang.org/protobuf v1.36.11 // indirect
254275
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
255276
gopkg.in/inf.v0 v0.9.1 // indirect
256277
gopkg.in/warnings.v0 v0.1.2 // indirect
@@ -260,7 +281,7 @@ require (
260281
k8s.io/cli-runtime v0.34.2 // indirect
261282
k8s.io/klog/v2 v2.130.1 // indirect
262283
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
263-
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
284+
k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d // indirect
264285
knative.dev/pkg v0.0.0-20240815051656-89743d9bbf7c // indirect
265286
sigs.k8s.io/controller-runtime v0.19.0 // indirect
266287
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect

0 commit comments

Comments
 (0)