Bump github.com/sigstore/fulcio from 0.5.2 to 0.5.3

[dependabot]

Bumps github.com/sigstore/fulcio from 0.5.2 to 0.5.3.

Release notes

Sourced from github.com/sigstore/fulcio's releases.

v0.5.3

What's Changed

• Bump google.golang.org/api from 0.88.0 to 0.89.0 by @​dependabot in sigstore/fulcio#705
• Bump imjasonh/setup-ko from 0.4 to 0.5 by @​dependabot in sigstore/fulcio#704
• Bump golang from 9349ed8 to f3d3d69 by @​dependabot in sigstore/fulcio#707
• ✨ Enable Scorecard badge by @​azeemshaikh38 in sigstore/fulcio#706
• Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in /hack/tools by @​dependabot in sigstore/fulcio#712
• Bump golang from f3d3d69 to 6e10f44 by @​dependabot in sigstore/fulcio#708
• Bump google.golang.org/api from 0.89.0 to 0.90.0 by @​dependabot in sigstore/fulcio#711
• Bump github/codeql-action from 2.1.16 to 2.1.17 by @​dependabot in sigstore/fulcio#709
• Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 by @​dependabot in sigstore/fulcio#710
• Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.1 by @​dependabot in sigstore/fulcio#714
• Bump golang from 6e10f44 to 8a62670 by @​dependabot in sigstore/fulcio#713
• Bump golang from 1.18.4 to 1.18.5 by @​dependabot in sigstore/fulcio#717
• Update certificate issuance documentation by @​haydentherapper in sigstore/fulcio#702
• Bump google.golang.org/api from 0.90.0 to 0.91.0 by @​dependabot in sigstore/fulcio#720
• Add documentation for SCT formats by @​haydentherapper in sigstore/fulcio#718
• Bump github/codeql-action from 2.1.17 to 2.1.18 by @​dependabot in sigstore/fulcio#721
• Create certificate specification by @​haydentherapper in sigstore/fulcio#703
• Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @​dependabot in sigstore/fulcio#725
• Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.1 to 2.11.2 by @​dependabot in sigstore/fulcio#724
• install protobuff 3.20.1 by @​cpanato in sigstore/fulcio#728
• Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.2 in /hack/tools by @​dependabot in sigstore/fulcio#726
• Bump go.uber.org/zap from 1.21.0 to 1.22.0 by @​dependabot in sigstore/fulcio#730
• Bump github.com/googleapis/api-linter from 1.33.2 to 1.33.3 in /hack/tools by @​dependabot in sigstore/fulcio#722
• Bump github.com/googleapis/api-linter from 1.33.3 to 1.34.0 in /hack/tools by @​dependabot in sigstore/fulcio#731
• fix example to explicitly set port for gRPC call by @​bobcallaway in sigstore/fulcio#732
• Bump google.golang.org/api from 0.91.0 to 0.92.0 by @​dependabot in sigstore/fulcio#733
• Bump go.step.sm/crypto from 0.17.0 to 0.17.1 by @​dependabot in sigstore/fulcio#737
• update github.com/google/tink/go to 1.7.0 and fix deprecation by @​cpanato in sigstore/fulcio#736
• address Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server by @​cpanato in sigstore/fulcio#735
• Bump go.step.sm/crypto from 0.17.1 to 0.17.2 by @​dependabot in sigstore/fulcio#742
• Bump google.golang.org/api from 0.92.0 to 0.93.0 by @​dependabot in sigstore/fulcio#741
• update builder and cosign images by @​cpanato in sigstore/fulcio#743
• Update scorecard-action to v2:alpha by @​azeemshaikh38 in sigstore/fulcio#746
• Bump actions/dependency-review-action from 2.0.4 to 2.1.0 by @​dependabot in sigstore/fulcio#744
• update changelog to add release v0.5.3 by @​cpanato in sigstore/fulcio#747
• Clean up unix socket by @​pauldthomson in sigstore/fulcio#739
• bump sigstore/sigstore from 1.3.1 to 1.4.0 by @​k4leung4 in sigstore/fulcio#745
• Bump github/codeql-action from 2.1.18 to 2.1.19 by @​dependabot in sigstore/fulcio#749
• Bump github/codeql-action from 2.1.19 to 2.1.20 by @​dependabot in sigstore/fulcio#750
• adding tuf root env variable by @​cpanato in sigstore/fulcio#751

New Contributors

• @​azeemshaikh38 made their first contribution in sigstore/fulcio#706
• @​pauldthomson made their first contribution in sigstore/fulcio#739

Full Changelog: sigstore/fulcio@v0.5.2...v0.5.3

Changelog

Sourced from github.com/sigstore/fulcio's changelog.

v0.5.3

Bug Fixes

• address Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (sigstore/fulcio#735)
• fix example to explicitly set port for gRPC call (sigstore/fulcio#732)

Documentation

• Create certificate specification (sigstore/fulcio#703)
• Add documentation for SCT formats (sigstore/fulcio#718)
• Update certificate issuance documentation (sigstore/fulcio#702)

Miscellaneous

• Bump actions/dependency-review-action from 2.0.4 to 2.1.0 (sigstore/fulcio#744)
• Update scorecard-action to v2:alpha (sigstore/fulcio#746)
• update builder and cosign images (sigstore/fulcio#743)
• Bump google.golang.org/api from 0.92.0 to 0.93.0 (sigstore/fulcio#741)
• Bump go.step.sm/crypto from 0.17.1 to 0.17.2 (sigstore/fulcio#742)
• update github.com/google/tink/go to 1.7.0 and fix deprecation (sigstore/fulcio#736)
• Bump go.step.sm/crypto from 0.17.0 to 0.17.1 (sigstore/fulcio#737)
• Bump google.golang.org/api from 0.91.0 to 0.92.0 (sigstore/fulcio#733)
• Bump github.com/googleapis/api-linter in /hack/tools (sigstore/fulcio#731)
• Bump github.com/googleapis/api-linter in /hack/tools (sigstore/fulcio#722)
• Bump go.uber.org/zap from 1.21.0 to 1.22.0 (sigstore/fulcio#730)
• Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.2 in /hack/tools (sigstore/fulcio#726)
• install protobuff 3.20.1 (sigstore/fulcio#728)
• Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.1 to 2.11.2 (sigstore/fulcio#724)
• Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 (sigstore/fulcio#725)
• Bump github/codeql-action from 2.1.17 to 2.1.18 (sigstore/fulcio#721)
• Bump google.golang.org/api from 0.90.0 to 0.91.0 (sigstore/fulcio#720)
• Bump golang from 1.18.4 to 1.18.5 (sigstore/fulcio#717)
• Bump golang from 6e10f44 to 8a62670 (sigstore/fulcio#713)
• Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.1 (sigstore/fulcio#714)
• Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (sigstore/fulcio#710)
• Bump github/codeql-action from 2.1.16 to 2.1.17 (sigstore/fulcio#709)
• Bump google.golang.org/api from 0.89.0 to 0.90.0 (sigstore/fulcio#711)
• Bump golang from f3d3d69 to 6e10f44 (sigstore/fulcio#708)
• Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in /hack/tools (sigstore/fulcio#712)
• Enable Scorecard badge (sigstore/fulcio#706)
• Bump golang from 9349ed8 to f3d3d69 (sigstore/fulcio#707)
• Bump imjasonh/setup-ko from 0.4 to 0.5 (sigstore/fulcio#704)
• Bump google.golang.org/api from 0.88.0 to 0.89.0 (sigstore/fulcio#705)

Contributors

• Azeem Shaikh (@​azeemshaikh38)
• Bob Callaway (@​bobcallaway)
• Carlos Tadeu Panato Junior (@​cpanato)

... (truncated)

Commits

• 7d1229b adding tuf root env variable (#751)
• 166c2bc Bump github/codeql-action from 2.1.19 to 2.1.20 (#750)
• 4664e69 Bump github/codeql-action from 2.1.18 to 2.1.19 (#749)
• 3cc125b bump sigstore/sigstore from 1.3.1 to 1.4.0 (#745)
• ab74398 Clean up unix socket (#739)
• f49be76 update changelog to add release v0.5.3 (#747)
• d7f6bbe Bump actions/dependency-review-action from 2.0.4 to 2.1.0 (#744)
• 26a3ec9 Update scorecard-action to v2:alpha (#746)
• db44841 update builder and cosign images (#743)
• 59ed1dd Bump google.golang.org/api from 0.92.0 to 0.93.0 (#741)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #2190 (50f5a34) into main (e8b3c71) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2190   +/-   ##
=======================================
  Coverage   26.69%   26.69%           
=======================================
  Files         131      131           
  Lines        7690     7690           
=======================================
  Hits         2053     2053           
  Misses       5376     5376           
  Partials      261      261           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.