build(deps): bump github.com/sylabs/sif/v2 from 2.6.0 to 2.9.2 #156

dependabot · 2023-02-20T12:11:52Z

Bumps github.com/sylabs/sif/v2 from 2.6.0 to 2.9.2.

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.9.2

What's Changed

build(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.4.0 to 0.5.0 by @dependabot in sylabs/sif#257

build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 by @dependabot in sylabs/sif#260

deps: bump github.com/ProtonMail/go-crypto by @tri-adam in sylabs/sif#261

Full Changelog: sylabs/sif@v2.9.1...v2.9.2

v2.9.1

What's Changed

test: move gen_sifs.go to images dir by @tri-adam in sylabs/sif#248

test: add testing against Go 1.20 RC by @tri-adam in sylabs/sif#250

build(deps): bump github.com/sigstore/sigstore from 1.4.6 to 1.5.0 by @dependabot in sylabs/sif#252

build(deps): bump github.com/sigstore/sigstore from 1.5.0 to 1.5.1 by @dependabot in sylabs/sif#253

Bump Go Version by @tri-adam in sylabs/sif#254

ci: bump golangci-lint to v1.51 by @tri-adam in sylabs/sif#255

Refactor Test Key Corpus by @tri-adam in sylabs/sif#256

Full Changelog: sylabs/sif@v2.9.0...v2.9.1

v2.9.0

This release adds support for digital signature data objects in Dead Simple Signing Envelope (DSSE) format. This adds support for digital signatures that use non-PGP key material sources.

Specifically, the following APIs have been added:

func OptSignWithSigner: use a signature.Signer as key material when calling NewSigner.

func OptVerifyWithVerifier: use one or more signature.Verifier as key material when calling NewVerifier.

func (VerifyResult) Keys: get the public key(s) used to verify a signature.

What's Changed

Rename PGP test files by @tri-adam in sylabs/sif#243

DSSE support by @tri-adam in sylabs/sif#228

build(deps): bump github.com/sigstore/sigstore from 1.4.5 to 1.4.6 by @dependabot in sylabs/sif#246

Expose non-PGP digital signature support by @tri-adam in sylabs/sif#245

chore: bump node version by @tri-adam in sylabs/sif#247

Full Changelog: sylabs/sif@v2.8.3...v2.9.0

v2.8.3

What's Changed

SBOM support for siftool by @tri-adam in sylabs/sif#238

build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in sylabs/sif#240

Handle signature descriptors without fingerprints by @tri-adam in sylabs/sif#241

Bump github.com/ProtonMail/go-crypto by @tri-adam in sylabs/sif#242

... (truncated)

Commits

d02c40d deps: bump github.com/ProtonMail/go-crypto from v0.0.0-20230201104953-d1d05f4...
100acca build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 (#260)
4c08da5 Merge pull request #257 from sylabs/dependabot/go_modules/main/github.com/sec...
bf492a3 refactor: mods for [email protected]
25ab293 build(deps): bump github.com/secure-systems-lab/go-securesystemslib
f61233a Merge pull request #256 from tri-adam/refactor-sv
1828fa2 test: refactor getTestSignerVerifier
0094142 test: add public keys to test corpus
749e30a Merge pull request #255 from tri-adam/bump-linter
d06fb50 ci: bump golangci-lint to v1.51
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/sylabs/sif/v2](https://github.com/sylabs/sif) from 2.6.0 to 2.9.2. - [Release notes](https://github.com/sylabs/sif/releases) - [Changelog](https://github.com/sylabs/sif/blob/main/.goreleaser.yml) - [Commits](sylabs/sif@v2.6.0...v2.9.2) --- updated-dependencies: - dependency-name: github.com/sylabs/sif/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2023-02-27T12:17:45Z

Superseded by #159.

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 20, 2023

dependabot bot mentioned this pull request Feb 20, 2023

build(deps): bump github.com/sylabs/sif/v2 from 2.6.0 to 2.9.1 #151

Closed

dependabot bot closed this Feb 27, 2023

dependabot bot deleted the dependabot/go_modules/release-3.9/github.com/sylabs/sif/v2-2.9.2 branch February 27, 2023 12:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github.com/sylabs/sif/v2 from 2.6.0 to 2.9.2 #156

build(deps): bump github.com/sylabs/sif/v2 from 2.6.0 to 2.9.2 #156

dependabot bot commented on behalf of github Feb 20, 2023

dependabot bot commented on behalf of github Feb 27, 2023

build(deps): bump github.com/sylabs/sif/v2 from 2.6.0 to 2.9.2 #156

build(deps): bump github.com/sylabs/sif/v2 from 2.6.0 to 2.9.2 #156

Conversation

dependabot bot commented on behalf of github Feb 20, 2023

v2.9.2

What's Changed

v2.9.1

What's Changed

v2.9.0

What's Changed

v2.8.3

What's Changed

dependabot bot commented on behalf of github Feb 27, 2023