Skip to content

Commit

Permalink
Bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 (#246)
Browse files Browse the repository at this point in the history 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor)
from 1.1.1 to 1.2.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/rekor/blob/main/CHANGELOG.md">github.com/sigstore/rekor's
changelog</a>.</em></p>
<blockquote>
<h1>v1.2.0</h1>
<h2>Functional Enhancements</h2>
<ul>
<li>add client method to generate TLE struct (<a
href="https://redirect.github.com/sigstore/rekor/issues/1498">#1498</a>)</li>
<li>add dsse type (<a
href="https://redirect.github.com/sigstore/rekor/issues/1487">#1487</a>)</li>
<li>support other KMS providers (AWS, Azure, Hashicorp) in addition to
GCP (<a
href="https://redirect.github.com/sigstore/rekor/issues/1488">#1488</a>)</li>
<li>Add concurrency to backfill-redis (<a
href="https://redirect.github.com/sigstore/rekor/issues/1504">#1504</a>)</li>
<li>omit informational message if machine-parseable output has been
requested (<a
href="https://redirect.github.com/sigstore/rekor/issues/1486">#1486</a>)</li>
<li>Publish stable checkpoint periodically to Redis (<a
href="https://redirect.github.com/sigstore/rekor/issues/1461">#1461</a>)</li>
<li>Add intoto v0.0.2 to backfill script (<a
href="https://redirect.github.com/sigstore/rekor/issues/1500">#1500</a>)</li>
<li>add new method to test insertability of proposed entries into log
(<a
href="https://redirect.github.com/sigstore/rekor/issues/1410">#1410</a>)</li>
</ul>
<h2>Quality Enhancements</h2>
<ul>
<li>use t.Skip() in fuzzers (<a
href="https://redirect.github.com/sigstore/rekor/issues/1506">#1506</a>)</li>
<li>improve fuzzing coverage (<a
href="https://redirect.github.com/sigstore/rekor/issues/1499">#1499</a>)</li>
<li>Remove watcher script (<a
href="https://redirect.github.com/sigstore/rekor/issues/1484">#1484</a>)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Merge pull request from GHSA-frqx-jfcm-6jjr</li>
<li>Remove requirement of PayloadHash for intoto 0.0.1 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1490">#1490</a>)</li>
<li>fix lint errors, bump linter up to 1.52 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1485">#1485</a>)</li>
<li>Remove dependencies from pkg/util (<a
href="https://redirect.github.com/sigstore/rekor/issues/1469">#1469</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li>Bob Callaway</li>
<li>Carlos Tadeu Panato Junior</li>
<li>Ceridwen Coghlan</li>
<li>Cody Soyland</li>
<li>Hayden B</li>
<li>Miloslav Trmač</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/rekor/commit/20a995116b1548b79e62ba0ad9c29800387e8641"><code>20a9951</code></a>
update for v1.2.0 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1507">#1507</a>)</li>
<li><a
href="https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4"><code>140c5ad</code></a>
Merge pull request from GHSA-frqx-jfcm-6jjr</li>
<li><a
href="https://github.com/sigstore/rekor/commit/85bb2bc7a35dcc94cd94e18984711806f437dcb6"><code>85bb2bc</code></a>
use t.Skip() in fuzzers (<a
href="https://redirect.github.com/sigstore/rekor/issues/1506">#1506</a>)</li>
<li><a
href="https://github.com/sigstore/rekor/commit/3adca0d2528699d2ff93bf78babef8b5cac46122"><code>3adca0d</code></a>
Add concurrency to backfill-redis (<a
href="https://redirect.github.com/sigstore/rekor/issues/1504">#1504</a>)</li>
<li><a
href="https://github.com/sigstore/rekor/commit/795a23619d5db1c9625a71f776474033c6712b56"><code>795a236</code></a>
add client method to generate TLE struct (<a
href="https://redirect.github.com/sigstore/rekor/issues/1498">#1498</a>)</li>
<li><a
href="https://github.com/sigstore/rekor/commit/161a796f91d7255443aa6ce98e7981e6926762f0"><code>161a796</code></a>
build(deps): bump github/codeql-action from 2.3.3 to 2.3.4 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1505">#1505</a>)</li>
<li><a
href="https://github.com/sigstore/rekor/commit/35c4489abcff256298f1bc9f7caaf5a946750dac"><code>35c4489</code></a>
add dsse type (<a
href="https://redirect.github.com/sigstore/rekor/issues/1487">#1487</a>)</li>
<li><a
href="https://github.com/sigstore/rekor/commit/d318e2bf433d398d95923f3509557777a2fe5abb"><code>d318e2b</code></a>
support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP
(<a
href="https://redirect.github.com/sigstore/rekor/issues/1488">#1488</a>)</li>
<li><a
href="https://github.com/sigstore/rekor/commit/d508ebad91ef4e39d8e0dd3543cebe20321dc752"><code>d508eba</code></a>
Remove requirement of PayloadHash for intoto 0.0.1 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1490">#1490</a>)</li>
<li><a
href="https://github.com/sigstore/rekor/commit/b387701f27aace3e3396ad4fdbb8d3ccc869fb5f"><code>b387701</code></a>
Add intoto v0.0.2 to backfill script (<a
href="https://redirect.github.com/sigstore/rekor/issues/1500">#1500</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/rekor&package-manager=go_modules&previous-version=1.1.1&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/launchdarkly/ld-relay/network/alerts).

</details>
  • Loading branch information
@louis-launchdarkly
louis-launchdarkly authored Jun 9, 2023
2 parents 239e6b6 + 929df13 commit abf2f69
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 80 deletions.
56 changes: 28 additions & 28 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ require (
contrib.go.opencensus.io/exporter/prometheus v0.4.2
github.com/DataDog/opencensus-go-exporter-datadog v0.0.0-20220622145613-731d59e8b567
github.com/armon/go-metrics v0.4.1 // indirect
github.com/aws/aws-sdk-go-v2 v1.17.8
github.com/aws/aws-sdk-go-v2/config v1.18.21
github.com/aws/aws-sdk-go-v2/credentials v1.13.20
github.com/aws/aws-sdk-go-v2 v1.18.0
github.com/aws/aws-sdk-go-v2/config v1.18.23
github.com/aws/aws-sdk-go-v2/credentials v1.13.22
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.19.2
github.com/cyphar/filepath-securejoin v0.2.3
github.com/fatih/color v1.15.0 // indirect
Expand Down Expand Up @@ -40,26 +40,26 @@ require (
github.com/launchdarkly/go-test-helpers/v3 v3.0.2
github.com/launchdarkly/opencensus-go-exporter-stackdriver v0.14.2
github.com/pborman/uuid v1.2.1
github.com/prometheus/client_golang v1.15.0 // indirect; override to address CVE-2022-21698
github.com/prometheus/client_golang v1.15.1 // indirect; override to address CVE-2022-21698
github.com/stretchr/testify v1.8.2
go.opencensus.io v0.24.0
golang.org/x/net v0.9.0 // indirect; override to address CVE-2022-41723
golang.org/x/sync v0.1.0
golang.org/x/net v0.10.0 // indirect; override to address CVE-2022-41723
golang.org/x/sync v0.2.0
gopkg.in/gcfg.v1 v1.2.3
gopkg.in/launchdarkly/go-server-sdk.v5 v5.10.1
)

require (
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.25 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.12.8 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.18.9 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 // indirect
github.com/aws/smithy-go v1.13.5 // indirect
golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
)
Expand All @@ -71,7 +71,7 @@ require (
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/container v1.15.0 // indirect
cloud.google.com/go/iam v0.13.0 // indirect
cloud.google.com/go/kms v1.10.1 // indirect
cloud.google.com/go/kms v1.10.2 // indirect
cloud.google.com/go/monitoring v1.13.0 // indirect
cloud.google.com/go/storage v1.29.0 // indirect
cloud.google.com/go/trace v1.9.0 // indirect
Expand All @@ -85,7 +85,7 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.28 // indirect
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect
github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
Expand All @@ -106,15 +106,15 @@ require (
github.com/alessio/shellescape v1.4.1 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/atc0005/go-teams-notify/v2 v2.7.0 // indirect
github.com/aws/aws-sdk-go v1.44.248 // indirect
github.com/aws/aws-sdk-go v1.44.257 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.17.5 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.5 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 // indirect
github.com/aws/aws-sdk-go-v2/service/kms v1.20.11 // indirect
github.com/aws/aws-sdk-go-v2/service/kms v1.21.1 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 // indirect
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220517224237-e6f29200ae04 // indirect
github.com/aymanbagabas/go-osc52 v1.2.1 // indirect
Expand Down Expand Up @@ -169,15 +169,15 @@ require (
github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.4.3 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/go-containerregistry v0.14.0 // indirect
github.com/google/go-github/v50 v50.0.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/ko v0.12.0 // indirect
github.com/google/s2a-go v0.1.2 // indirect
github.com/google/s2a-go v0.1.3 // indirect
github.com/google/wire v0.5.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
github.com/googleapis/gax-go/v2 v2.8.0 // indirect
Expand Down Expand Up @@ -236,7 +236,7 @@ require (
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.3.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.42.0 // indirect
github.com/prometheus/procfs v0.9.0 // indirect
github.com/prometheus/statsd_exporter v0.23.1 // indirect
Expand All @@ -245,8 +245,8 @@ require (
github.com/sasha-s/go-csync v0.0.0-20210812194225-61421b77c44b // indirect
github.com/sergi/go-diff v1.2.0 // indirect
github.com/sigstore/cosign v1.13.1 // indirect
github.com/sigstore/rekor v1.1.1 // indirect
github.com/sigstore/sigstore v1.6.3 // indirect
github.com/sigstore/rekor v1.2.0 // indirect
github.com/sigstore/sigstore v1.6.4 // indirect
github.com/sirupsen/logrus v1.9.0 // indirect
github.com/slack-go/slack v0.12.1 // indirect
github.com/spf13/afero v1.9.3 // indirect
Expand All @@ -269,19 +269,19 @@ require (
gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect
go.mongodb.org/mongo-driver v1.11.3 // indirect
gocloud.dev v0.29.0 // indirect
golang.org/x/crypto v0.8.0 // indirect
golang.org/x/crypto v0.9.0 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/oauth2 v0.7.0 // indirect
golang.org/x/sys v0.7.0 // indirect
golang.org/x/term v0.7.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/term v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.7.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/api v0.119.0 // indirect
google.golang.org/api v0.121.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
google.golang.org/grpc v1.54.0 // indirect
google.golang.org/grpc v1.55.0 // indirect
google.golang.org/protobuf v1.30.0 // indirect
gopkg.in/DataDog/dd-trace-go.v1 v1.48.0 // indirect
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
Expand Down
Loading

0 comments on commit abf2f69

Please sign in to comment.