Skip to content

Commit aa00651

Browse files
asraaasraa
authored
Merge branch 'main' into renovate/github-actions
2 parents 8881830 + 9b6ec90 commit aa00651

31 files changed

+300
-523
lines changed

cli/slsa-verifier/main_regression_test.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@ import (
1818

1919
"github.com/google/go-cmp/cmp"
2020
"github.com/google/go-cmp/cmp/cmpopts"
21-
"github.com/sigstore/cosign/pkg/cosign"
22-
"github.com/sigstore/cosign/pkg/oci"
21+
"github.com/sigstore/cosign/v2/pkg/cosign"
22+
"github.com/sigstore/cosign/v2/pkg/oci"
2323

2424
"github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier/verify"
2525
serrors "github.com/slsa-framework/slsa-verifier/v2/errors"

cli/slsa-verifier/testdata/gha_docker-based/main/workflow_dispatch.main.default.intoto.sigstore

+1-1
Large diffs are not rendered by default.

go.mod

+74-72
Original file line numberDiff line numberDiff line change
@@ -4,40 +4,45 @@ go 1.18
44

55
require (
66
github.com/docker/go v1.5.1-1
7-
github.com/go-openapi/runtime v0.25.0
7+
github.com/go-openapi/runtime v0.26.0
88
github.com/google/go-cmp v0.5.9
9-
github.com/google/trillian v1.5.1-0.20220819043421-0a389c4bb8d9 // indirect
10-
github.com/in-toto/in-toto-golang v0.6.1-0.20230209184401-f8269f61247e
11-
github.com/secure-systems-lab/go-securesystemslib v0.4.0
12-
github.com/sigstore/rekor v1.0.1
13-
github.com/sigstore/sigstore v1.5.1
9+
github.com/google/trillian v1.5.1 // indirect
10+
github.com/in-toto/in-toto-golang v0.8.0
11+
github.com/secure-systems-lab/go-securesystemslib v0.5.0
12+
github.com/sigstore/rekor v1.1.1
13+
github.com/sigstore/sigstore v1.6.3
1414
)
1515

1616
require (
17-
github.com/go-openapi/strfmt v0.21.3
17+
github.com/go-openapi/strfmt v0.21.7
1818
github.com/go-openapi/swag v0.22.3
19-
github.com/google/go-containerregistry v0.13.0
19+
github.com/google/go-containerregistry v0.14.1-0.20230409045903-ed5c185df419
2020
github.com/gorilla/mux v1.8.0
21-
github.com/sigstore/cosign v1.13.1
22-
github.com/sigstore/cosign/v2 v2.0.0-rc.2
21+
github.com/sigstore/cosign/v2 v2.0.2
2322
github.com/slsa-framework/slsa-github-generator v1.4.0
24-
github.com/spf13/cobra v1.6.1
25-
golang.org/x/mod v0.8.0
23+
github.com/spf13/cobra v1.7.0
24+
golang.org/x/mod v0.10.0
2625
sigs.k8s.io/release-utils v0.7.3
2726
)
2827

2928
require (
3029
filippo.io/edwards25519 v1.0.0 // indirect
30+
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
31+
github.com/cloudflare/circl v1.1.0 // indirect
3132
github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3 // indirect
3233
github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31 // indirect
33-
github.com/google/go-github/v50 v50.0.0 // indirect
34-
github.com/sigstore/timestamp-authority v0.2.1 // indirect
34+
github.com/emicklei/go-restful/v3 v3.8.0 // indirect
35+
github.com/google/gnostic v0.5.7-v3refs // indirect
36+
github.com/google/go-github/v50 v50.2.0 // indirect
37+
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
38+
github.com/sigstore/timestamp-authority v1.0.0 // indirect
3539
github.com/transparency-dev/merkle v0.0.1 // indirect
36-
go.step.sm/crypto v0.24.0 // indirect
40+
go.step.sm/crypto v0.29.3 // indirect
41+
golang.org/x/tools v0.8.0 // indirect
3742
)
3843

3944
require (
40-
cloud.google.com/go/compute v1.15.1 // indirect
45+
cloud.google.com/go/compute v1.19.0 // indirect
4146
cloud.google.com/go/compute/metadata v0.2.3 // indirect
4247
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
4348
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
@@ -61,71 +66,69 @@ require (
6166
github.com/alibabacloud-go/tea-utils v1.4.4 // indirect
6267
github.com/alibabacloud-go/tea-xml v1.1.2 // indirect
6368
github.com/aliyun/credentials-go v1.2.3 // indirect
64-
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
65-
github.com/aws/aws-sdk-go-v2 v1.17.3 // indirect
66-
github.com/aws/aws-sdk-go-v2/config v1.18.8 // indirect
67-
github.com/aws/aws-sdk-go-v2/credentials v1.13.8 // indirect
68-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 // indirect
69-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect
70-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect
71-
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 // indirect
69+
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
70+
github.com/aws/aws-sdk-go-v2 v1.17.8 // indirect
71+
github.com/aws/aws-sdk-go-v2/config v1.18.21 // indirect
72+
github.com/aws/aws-sdk-go-v2/credentials v1.13.20 // indirect
73+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2 // indirect
74+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 // indirect
75+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26 // indirect
76+
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33 // indirect
7277
github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0 // indirect
7378
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect
74-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect
75-
github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 // indirect
76-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 // indirect
77-
github.com/aws/aws-sdk-go-v2/service/sts v1.18.0 // indirect
79+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26 // indirect
80+
github.com/aws/aws-sdk-go-v2/service/sso v1.12.8 // indirect
81+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8 // indirect
82+
github.com/aws/aws-sdk-go-v2/service/sts v1.18.9 // indirect
7883
github.com/aws/smithy-go v1.13.5 // indirect
7984
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795 // indirect
8085
github.com/blang/semver v3.5.1+incompatible // indirect
8186
github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 // indirect
8287
github.com/clbanning/mxj/v2 v2.5.6 // indirect
8388
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
84-
github.com/containerd/stargz-snapshotter/estargz v0.12.1 // indirect
89+
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
8590
github.com/coreos/go-oidc/v3 v3.5.0 // indirect
86-
github.com/cyberphone/json-canonicalization v0.0.0-20210823021906-dc406ceaf94b // indirect
91+
github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
8792
github.com/davecgh/go-spew v1.1.1 // indirect
8893
github.com/dimchansky/utfbom v1.1.1 // indirect
89-
github.com/docker/cli v20.10.21+incompatible // indirect
94+
github.com/docker/cli v23.0.1+incompatible // indirect
9095
github.com/docker/distribution v2.8.1+incompatible // indirect
91-
github.com/docker/docker v20.10.21+incompatible // indirect
96+
github.com/docker/docker v23.0.3+incompatible // indirect
9297
github.com/docker/docker-credential-helpers v0.7.0 // indirect
9398
github.com/fsnotify/fsnotify v1.6.0 // indirect
9499
github.com/ghodss/yaml v1.0.0 // indirect
95100
github.com/go-chi/chi v4.1.2+incompatible // indirect
96101
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
97-
github.com/go-logr/logr v1.2.3 // indirect
102+
github.com/go-logr/logr v1.2.4 // indirect
98103
github.com/go-logr/stdr v1.2.2 // indirect
99104
github.com/go-openapi/analysis v0.21.4 // indirect
100105
github.com/go-openapi/errors v0.20.3 // indirect
101106
github.com/go-openapi/jsonpointer v0.19.5 // indirect
102107
github.com/go-openapi/jsonreference v0.20.0 // indirect
103108
github.com/go-openapi/loads v0.21.2 // indirect
104-
github.com/go-openapi/spec v0.20.7 // indirect
105-
github.com/go-openapi/validate v0.22.0 // indirect
106-
github.com/go-playground/locales v0.14.0 // indirect
107-
github.com/go-playground/universal-translator v0.18.0 // indirect
108-
github.com/go-playground/validator/v10 v10.11.1 // indirect
109+
github.com/go-openapi/spec v0.20.9 // indirect
110+
github.com/go-openapi/validate v0.22.1 // indirect
111+
github.com/go-playground/locales v0.14.1 // indirect
112+
github.com/go-playground/universal-translator v0.18.1 // indirect
113+
github.com/go-playground/validator/v10 v10.13.0 // indirect
109114
github.com/gogo/protobuf v1.3.2 // indirect
110-
github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
111-
github.com/golang/protobuf v1.5.2 // indirect
115+
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
116+
github.com/golang/protobuf v1.5.3 // indirect
112117
github.com/golang/snappy v0.0.4 // indirect
113118
github.com/google/certificate-transparency-go v1.1.4 // indirect
114-
github.com/google/go-github/v45 v45.2.0 // indirect
115119
github.com/google/go-querystring v1.1.0 // indirect
116120
github.com/google/gofuzz v1.2.0 // indirect
117-
github.com/googleapis/gnostic v0.5.5 // indirect
118121
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
119-
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
122+
github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
120123
github.com/hashicorp/hcl v1.0.0 // indirect
121124
github.com/imdario/mergo v0.3.12 // indirect
122125
github.com/inconshreveable/mousetrap v1.1.0 // indirect
123126
github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect
124127
github.com/jmespath/go-jmespath v0.4.0 // indirect
125128
github.com/josharian/intern v1.0.0 // indirect
126129
github.com/json-iterator/go v1.1.12 // indirect
127-
github.com/klauspost/compress v1.15.11 // indirect
128-
github.com/leodido/go-urn v1.2.1 // indirect
130+
github.com/klauspost/compress v1.16.0 // indirect
131+
github.com/leodido/go-urn v1.2.3 // indirect
129132
github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect
130133
github.com/magiconair/properties v1.8.7 // indirect
131134
github.com/mailru/easyjson v0.7.7 // indirect
@@ -141,11 +144,11 @@ require (
141144
github.com/opentracing/opentracing-go v1.2.0 // indirect
142145
github.com/pelletier/go-toml/v2 v2.0.6 // indirect
143146
github.com/pkg/errors v0.9.1 // indirect
144-
github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74 // indirect
147+
github.com/sassoftware/relic v7.2.1+incompatible // indirect
145148
github.com/segmentio/ksuid v1.0.4 // indirect
146149
github.com/shibumi/go-pathspec v1.3.0 // indirect
147-
github.com/sigstore/fulcio v1.0.0 // indirect
148-
github.com/sigstore/protobuf-specs v0.1.1-0.20230426054333-13e09aafd3a7
150+
github.com/sigstore/fulcio v1.2.0 // indirect
151+
github.com/sigstore/protobuf-specs v0.1.1-0.20230503063121-91485b44360d
149152
github.com/sirupsen/logrus v1.9.0 // indirect
150153
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
151154
github.com/spf13/afero v1.9.3 // indirect
@@ -155,44 +158,43 @@ require (
155158
github.com/spf13/viper v1.15.0 // indirect
156159
github.com/subosito/gotenv v1.4.2 // indirect
157160
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
158-
github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect
159161
github.com/thales-e-security/pool v0.0.2 // indirect
160162
github.com/theupdateframework/go-tuf v0.5.2 // indirect
161163
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
162164
github.com/tjfoc/gmsm v1.3.2 // indirect
163165
github.com/vbatts/tar-split v0.11.2 // indirect
164-
github.com/xanzy/go-gitlab v0.79.1 // indirect
165-
go.mongodb.org/mongo-driver v1.10.3 // indirect
166-
go.opentelemetry.io/otel v1.11.1 // indirect
167-
go.opentelemetry.io/otel/trace v1.11.1 // indirect
166+
github.com/xanzy/go-gitlab v0.83.0 // indirect
167+
go.mongodb.org/mongo-driver v1.11.3 // indirect
168+
go.opentelemetry.io/otel v1.14.0 // indirect
169+
go.opentelemetry.io/otel/trace v1.14.0 // indirect
168170
go.uber.org/atomic v1.10.0 // indirect
169-
go.uber.org/multierr v1.8.0 // indirect
171+
go.uber.org/multierr v1.9.0 // indirect
170172
go.uber.org/zap v1.24.0 // indirect
171-
golang.org/x/crypto v0.6.0 // indirect
172-
golang.org/x/exp v0.0.0-20220823124025-807a23277127 // indirect
173-
golang.org/x/net v0.6.0 // indirect
174-
golang.org/x/oauth2 v0.5.0 // indirect
173+
golang.org/x/crypto v0.8.0 // indirect
174+
golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 // indirect
175+
golang.org/x/net v0.9.0 // indirect
176+
golang.org/x/oauth2 v0.7.0 // indirect
175177
golang.org/x/sync v0.1.0 // indirect
176-
golang.org/x/sys v0.5.0 // indirect
177-
golang.org/x/term v0.5.0 // indirect
178-
golang.org/x/text v0.7.0 // indirect
178+
golang.org/x/sys v0.7.0 // indirect
179+
golang.org/x/term v0.7.0 // indirect
180+
golang.org/x/text v0.9.0 // indirect
179181
golang.org/x/time v0.3.0 // indirect
180182
google.golang.org/appengine v1.6.7 // indirect
181-
google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect
182-
google.golang.org/grpc v1.53.0 // indirect
183-
google.golang.org/protobuf v1.28.1
183+
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
184+
google.golang.org/grpc v1.54.0 // indirect
185+
google.golang.org/protobuf v1.30.0
184186
gopkg.in/inf.v0 v0.9.1 // indirect
185187
gopkg.in/ini.v1 v1.67.0 // indirect
186188
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
187189
gopkg.in/yaml.v2 v2.4.0 // indirect
188190
gopkg.in/yaml.v3 v3.0.1 // indirect
189-
k8s.io/api v0.23.5 // indirect
190-
k8s.io/apimachinery v0.23.5 // indirect
191-
k8s.io/client-go v0.23.5 // indirect
192-
k8s.io/klog/v2 v2.80.1 // indirect
193-
k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf // indirect
194-
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
195-
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
196-
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
191+
k8s.io/api v0.26.1 // indirect
192+
k8s.io/apimachinery v0.26.1 // indirect
193+
k8s.io/client-go v0.25.4 // indirect
194+
k8s.io/klog/v2 v2.90.0 // indirect
195+
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
196+
k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect
197+
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
198+
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
197199
sigs.k8s.io/yaml v1.3.0 // indirect
198200
)

0 commit comments

Comments
 (0)