Skip to content

Commit 2c2280a

Browse files
haydentherapperhaydentherapper
committed
Bump sigstore library dependencies
Signed-off-by: Hayden <8418760+haydentherapper@users.noreply.github.com>
1 parent 4e3042c commit 2c2280a

File tree

8 files changed

+154
-1579
lines changed

8 files changed

+154
-1579
lines changed

go.mod

Lines changed: 46 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/sigstore/cosign/v3
22

3-
go 1.24.9
3+
go 1.25.0
44

55
require (
66
cuelang.org/go v0.15.0
@@ -15,12 +15,12 @@ require (
1515
github.com/go-jose/go-jose/v4 v4.1.3
1616
github.com/go-openapi/runtime v0.29.2
1717
github.com/go-openapi/strfmt v0.25.0
18-
github.com/go-openapi/swag v0.25.1
19-
github.com/go-openapi/swag/conv v0.25.1
18+
github.com/go-openapi/swag v0.25.3
19+
github.com/go-openapi/swag/conv v0.25.4
2020
github.com/go-piv/piv-go/v2 v2.4.0
2121
github.com/google/certificate-transparency-go v1.3.2
2222
github.com/google/go-cmp v0.7.0
23-
github.com/google/go-containerregistry v0.20.6
23+
github.com/google/go-containerregistry v0.20.7
2424
github.com/google/go-github/v73 v73.0.0
2525
github.com/in-toto/attestation v1.1.2
2626
github.com/in-toto/in-toto-golang v0.9.0
@@ -33,17 +33,17 @@ require (
3333
github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481
3434
github.com/open-policy-agent/opa v1.10.1
3535
github.com/secure-systems-lab/go-securesystemslib v0.9.1
36-
github.com/sigstore/fulcio v1.8.1
36+
github.com/sigstore/fulcio v1.8.2
3737
github.com/sigstore/protobuf-specs v0.5.0
38-
github.com/sigstore/rekor v1.4.2
38+
github.com/sigstore/rekor v1.4.3
3939
github.com/sigstore/rekor-tiles/v2 v2.0.1
40-
github.com/sigstore/sigstore v1.9.6-0.20250729224751-181c5d3339b3
41-
github.com/sigstore/sigstore-go v1.1.3
42-
github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.5
43-
github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.5
44-
github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.6-0.20250729224751-181c5d3339b3
45-
github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.5
46-
github.com/sigstore/timestamp-authority v1.2.9
40+
github.com/sigstore/sigstore v1.10.0
41+
github.com/sigstore/sigstore-go v1.1.4-0.20251201121426-2cdedea80894
42+
github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.0
43+
github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.0
44+
github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.10.0
45+
github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.10.0
46+
github.com/sigstore/timestamp-authority/v2 v2.0.2
4747
github.com/spf13/cobra v1.10.1
4848
github.com/spf13/pflag v1.0.10
4949
github.com/spf13/viper v1.21.0
@@ -57,7 +57,7 @@ require (
5757
golang.org/x/oauth2 v0.33.0
5858
golang.org/x/sync v0.18.0
5959
golang.org/x/term v0.37.0
60-
google.golang.org/api v0.255.0
60+
google.golang.org/api v0.256.0
6161
google.golang.org/protobuf v1.36.10
6262
k8s.io/api v0.34.2
6363
k8s.io/apimachinery v0.34.2
@@ -67,23 +67,19 @@ require (
6767
)
6868

6969
require (
70-
cel.dev/expr v0.25.1 // indirect
7170
cloud.google.com/go v0.121.6 // indirect
7271
cloud.google.com/go/auth v0.17.0 // indirect
7372
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
7473
cloud.google.com/go/compute/metadata v0.9.0 // indirect
75-
cloud.google.com/go/iam v1.5.2 // indirect
74+
cloud.google.com/go/iam v1.5.3 // indirect
7675
cloud.google.com/go/kms v1.23.2 // indirect
7776
cloud.google.com/go/longrunning v0.6.7 // indirect
78-
cloud.google.com/go/monitoring v1.24.2 // indirect
79-
cloud.google.com/go/spanner v1.86.1 // indirect
80-
cloud.google.com/go/storage v1.57.1 // indirect
8177
cuelabs.dev/go/oci/ociregistry v0.0.0-20250722084951-074d06050084 // indirect
8278
filippo.io/edwards25519 v1.1.0 // indirect
8379
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.14.0 // indirect
8480
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
85-
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 // indirect
86-
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 // indirect
81+
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 // indirect
82+
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 // indirect
8783
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
8884
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.4.0 // indirect
8985
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 // indirect
@@ -96,11 +92,7 @@ require (
9692
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
9793
github.com/Azure/go-autorest/logger v0.2.1 // indirect
9894
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
99-
github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 // indirect
100-
github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.3 // indirect
101-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 // indirect
102-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.54.0 // indirect
103-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.54.0 // indirect
95+
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
10496
github.com/Microsoft/go-winio v0.6.2 // indirect
10597
github.com/agnivade/levenshtein v1.2.1 // indirect
10698
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
@@ -117,8 +109,8 @@ require (
117109
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
118110
github.com/aws/aws-sdk-go v1.55.8 // indirect
119111
github.com/aws/aws-sdk-go-v2 v1.39.6 // indirect
120-
github.com/aws/aws-sdk-go-v2/config v1.31.17 // indirect
121-
github.com/aws/aws-sdk-go-v2/credentials v1.18.21 // indirect
112+
github.com/aws/aws-sdk-go-v2/config v1.31.20 // indirect
113+
github.com/aws/aws-sdk-go-v2/credentials v1.18.24 // indirect
122114
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 // indirect
123115
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 // indirect
124116
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 // indirect
@@ -127,10 +119,10 @@ require (
127119
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.33.2 // indirect
128120
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect
129121
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 // indirect
130-
github.com/aws/aws-sdk-go-v2/service/kms v1.47.1 // indirect
131-
github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 // indirect
132-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 // indirect
133-
github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 // indirect
122+
github.com/aws/aws-sdk-go-v2/service/kms v1.48.2 // indirect
123+
github.com/aws/aws-sdk-go-v2/service/sso v1.30.3 // indirect
124+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.7 // indirect
125+
github.com/aws/aws-sdk-go-v2/service/sts v1.40.2 // indirect
134126
github.com/aws/smithy-go v1.23.2 // indirect
135127
github.com/beorn7/perks v1.0.1 // indirect
136128
github.com/blang/semver v3.5.1+incompatible // indirect
@@ -142,24 +134,21 @@ require (
142134
github.com/cespare/xxhash/v2 v2.3.0 // indirect
143135
github.com/chzyer/readline v1.5.1 // indirect
144136
github.com/clbanning/mxj/v2 v2.7.0 // indirect
145-
github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect
146137
github.com/cockroachdb/apd/v3 v3.2.1 // indirect
147138
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
148-
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
139+
github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect
149140
github.com/coreos/go-oidc/v3 v3.16.0 // indirect
150141
github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
151142
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
152143
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
153144
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
154145
github.com/dimchansky/utfbom v1.1.1 // indirect
155-
github.com/docker/cli v28.2.2+incompatible // indirect
146+
github.com/docker/cli v29.0.3+incompatible // indirect
156147
github.com/docker/distribution v2.8.3+incompatible // indirect
157148
github.com/docker/docker-credential-helpers v0.9.3 // indirect
158149
github.com/docker/go-units v0.5.0 // indirect
159150
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
160151
github.com/emicklei/proto v1.14.2 // indirect
161-
github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
162-
github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
163152
github.com/felixge/httpsnoop v1.0.4 // indirect
164153
github.com/fsnotify/fsnotify v1.9.0 // indirect
165154
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
@@ -174,16 +163,16 @@ require (
174163
github.com/go-openapi/jsonreference v0.21.3 // indirect
175164
github.com/go-openapi/loads v0.23.2 // indirect
176165
github.com/go-openapi/spec v0.22.1 // indirect
177-
github.com/go-openapi/swag/cmdutils v0.25.1 // indirect
178-
github.com/go-openapi/swag/fileutils v0.25.1 // indirect
179-
github.com/go-openapi/swag/jsonname v0.25.1 // indirect
180-
github.com/go-openapi/swag/jsonutils v0.25.1 // indirect
181-
github.com/go-openapi/swag/loading v0.25.1 // indirect
182-
github.com/go-openapi/swag/mangling v0.25.1 // indirect
183-
github.com/go-openapi/swag/netutils v0.25.1 // indirect
184-
github.com/go-openapi/swag/stringutils v0.25.1 // indirect
185-
github.com/go-openapi/swag/typeutils v0.25.1 // indirect
186-
github.com/go-openapi/swag/yamlutils v0.25.1 // indirect
166+
github.com/go-openapi/swag/cmdutils v0.25.3 // indirect
167+
github.com/go-openapi/swag/fileutils v0.25.3 // indirect
168+
github.com/go-openapi/swag/jsonname v0.25.3 // indirect
169+
github.com/go-openapi/swag/jsonutils v0.25.3 // indirect
170+
github.com/go-openapi/swag/loading v0.25.3 // indirect
171+
github.com/go-openapi/swag/mangling v0.25.3 // indirect
172+
github.com/go-openapi/swag/netutils v0.25.3 // indirect
173+
github.com/go-openapi/swag/stringutils v0.25.3 // indirect
174+
github.com/go-openapi/swag/typeutils v0.25.4 // indirect
175+
github.com/go-openapi/swag/yamlutils v0.25.3 // indirect
187176
github.com/go-openapi/validate v0.25.1 // indirect
188177
github.com/go-sql-driver/mysql v1.9.3 // indirect
189178
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
@@ -192,14 +181,13 @@ require (
192181
github.com/gogo/protobuf v1.3.2 // indirect
193182
github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
194183
github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
195-
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
196184
github.com/golang/snappy v0.0.4 // indirect
197185
github.com/google/gnostic-models v0.7.0 // indirect
198186
github.com/google/go-querystring v1.1.0 // indirect
199187
github.com/google/s2a-go v0.1.9 // indirect
200188
github.com/google/trillian v1.7.2 // indirect
201189
github.com/google/uuid v1.6.0 // indirect
202-
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
190+
github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
203191
github.com/googleapis/gax-go/v2 v2.15.0 // indirect
204192
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
205193
github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -211,8 +199,8 @@ require (
211199
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
212200
github.com/hashicorp/go-sockaddr v1.0.7 // indirect
213201
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
214-
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
215-
github.com/hashicorp/vault/api v1.16.0 // indirect
202+
github.com/hashicorp/hcl v1.0.1-vault-7 // indirect
203+
github.com/hashicorp/vault/api v1.22.0 // indirect
216204
github.com/inconshreveable/mousetrap v1.1.0 // indirect
217205
github.com/jackc/pgpassfile v1.0.0 // indirect
218206
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
@@ -232,12 +220,13 @@ require (
232220
github.com/lestrrat-go/jwx/v3 v3.0.11 // indirect
233221
github.com/lestrrat-go/option v1.0.1 // indirect
234222
github.com/lestrrat-go/option/v2 v2.0.0 // indirect
235-
github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
223+
github.com/letsencrypt/boulder v0.20251110.0 // indirect
236224
github.com/mitchellh/go-homedir v1.1.0 // indirect
237225
github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c // indirect
238226
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
239227
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
240228
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
229+
github.com/natefinch/atomic v1.0.1 // indirect
241230
github.com/oklog/ulid v1.3.1 // indirect
242231
github.com/oleiade/reflections v1.1.0 // indirect
243232
github.com/opencontainers/go-digest v1.0.0 // indirect
@@ -246,7 +235,6 @@ require (
246235
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
247236
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
248237
github.com/pkg/errors v0.9.1 // indirect
249-
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
250238
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
251239
github.com/prometheus/client_golang v1.23.2 // indirect
252240
github.com/prometheus/client_model v0.6.2 // indirect
@@ -261,11 +249,8 @@ require (
261249
github.com/sagikazarmark/locafero v0.11.0 // indirect
262250
github.com/sassoftware/relic v7.2.1+incompatible // indirect
263251
github.com/segmentio/asm v1.2.0 // indirect
264-
github.com/segmentio/ksuid v1.0.4 // indirect
265252
github.com/shibumi/go-pathspec v1.3.0 // indirect
266-
github.com/sigstore/rekor-tiles v0.1.11 // indirect
267253
github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af // indirect
268-
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
269254
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
270255
github.com/spf13/afero v1.15.0 // indirect
271256
github.com/spf13/cast v1.10.0 // indirect
@@ -281,41 +266,37 @@ require (
281266
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
282267
github.com/tjfoc/gmsm v1.4.1 // indirect
283268
github.com/transparency-dev/formats v0.0.0-20251017110053-404c0d5b696c // indirect
284-
github.com/transparency-dev/tessera v1.0.1-0.20251104110637-ba6c65c4ae73 // indirect
285269
github.com/urfave/negroni v1.0.0 // indirect
286270
github.com/valyala/fastjson v1.6.4 // indirect
287-
github.com/vbatts/tar-split v0.12.1 // indirect
271+
github.com/vbatts/tar-split v0.12.2 // indirect
288272
github.com/vektah/gqlparser/v2 v2.5.30 // indirect
289273
github.com/x448/float16 v0.8.4 // indirect
290274
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
291275
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
292276
github.com/yashtewari/glob-intersection v0.2.0 // indirect
293277
go.mongodb.org/mongo-driver v1.17.6 // indirect
294-
go.opencensus.io v0.24.0 // indirect
295278
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
296-
go.opentelemetry.io/contrib/detectors/gcp v1.38.0 // indirect
297279
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect
298280
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
299281
go.opentelemetry.io/otel v1.38.0 // indirect
300282
go.opentelemetry.io/otel/metric v1.38.0 // indirect
301283
go.opentelemetry.io/otel/sdk v1.38.0 // indirect
302-
go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect
303284
go.opentelemetry.io/otel/trace v1.38.0 // indirect
304-
go.step.sm/crypto v0.73.0 // indirect
285+
go.step.sm/crypto v0.74.0 // indirect
305286
go.uber.org/multierr v1.11.0 // indirect
306287
go.uber.org/zap v1.27.0 // indirect
307288
go.yaml.in/yaml/v2 v2.4.3 // indirect
308289
go.yaml.in/yaml/v3 v3.0.4 // indirect
309290
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
310-
golang.org/x/mod v0.29.0 // indirect
291+
golang.org/x/mod v0.30.0 // indirect
311292
golang.org/x/net v0.47.0 // indirect
312293
golang.org/x/sys v0.38.0 // indirect
313294
golang.org/x/text v0.31.0 // indirect
314295
golang.org/x/time v0.14.0 // indirect
315-
golang.org/x/tools v0.38.0 // indirect
296+
golang.org/x/tools v0.39.0 // indirect
316297
google.golang.org/genproto v0.0.0-20250922171735-9219d122eba9 // indirect
317298
google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 // indirect
318-
google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda // indirect
299+
google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 // indirect
319300
google.golang.org/grpc v1.76.0 // indirect
320301
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
321302
gopkg.in/inf.v0 v0.9.1 // indirect

0 commit comments

Comments
 (0)