From ac0d9f63f622d2102b60c95a74567994bf6394e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Aug 2023 16:09:11 +0000 Subject: [PATCH 1/3] chore(deps): bump github.com/theupdateframework/go-tuf Bumps [github.com/theupdateframework/go-tuf](https://github.com/theupdateframework/go-tuf) from 0.5.2 to 0.6.1. - [Release notes](https://github.com/theupdateframework/go-tuf/releases) - [Commits](https://github.com/theupdateframework/go-tuf/compare/v0.5.2...v0.6.1) --- updated-dependencies: - dependency-name: github.com/theupdateframework/go-tuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 55cadc15e83..4632e54f8f7 100644 --- a/go.mod +++ b/go.mod @@ -43,7 +43,7 @@ require ( github.com/spf13/viper v1.16.0 github.com/spiffe/go-spiffe/v2 v2.1.6 github.com/stretchr/testify v1.8.4 - github.com/theupdateframework/go-tuf v0.5.2 + github.com/theupdateframework/go-tuf v0.6.1 github.com/transparency-dev/merkle v0.0.2 github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 github.com/xanzy/go-gitlab v0.90.0 diff --git a/go.sum b/go.sum index f8159b83094..465a8f264c1 100644 --- a/go.sum +++ b/go.sum @@ -953,8 +953,8 @@ github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BG github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= -github.com/theupdateframework/go-tuf v0.5.2 h1:habfDzTmpbzBLIFGWa2ZpVhYvFBoK0C1onC3a4zuPRA= -github.com/theupdateframework/go-tuf v0.5.2/go.mod h1:SyMV5kg5n4uEclsyxXJZI2UxPFJNDc4Y+r7wv+MlvTA= +github.com/theupdateframework/go-tuf v0.6.1 h1:6J89fGjQf7s0mLmTG7p7pO/MbKOg+bIXhaLyQdmbKuE= +github.com/theupdateframework/go-tuf v0.6.1/go.mod h1:LAFusuQsFNBnEyYoTuA5zZrF7iaQ4TEgBXm8lb6Vj18= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tinylib/msgp v1.1.6 h1:i+SbKraHhnrf9M5MYmvQhFnbLhAXSDWF8WWsuyRdocw= From dbaf941e327b566e36f6b905edb8da0ccb434ef0 Mon Sep 17 00:00:00 2001 From: Hayden Blauzvern Date: Fri, 11 Aug 2023 17:46:42 +0000 Subject: [PATCH 2/3] Change deprecated package for go-tuf Signed-off-by: Hayden Blauzvern --- cmd/cosign/cli/attest/attest_blob_test.go | 2 +- cmd/cosign/cli/sign/sign_test.go | 2 +- pkg/cosign/keys.go | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/cmd/cosign/cli/attest/attest_blob_test.go b/cmd/cosign/cli/attest/attest_blob_test.go index 65d6396e1d3..1f40a9e5d5d 100644 --- a/cmd/cosign/cli/attest/attest_blob_test.go +++ b/cmd/cosign/cli/attest/attest_blob_test.go @@ -31,13 +31,13 @@ import ( "github.com/in-toto/in-toto-golang/in_toto" "github.com/pkg/errors" ssldsse "github.com/secure-systems-lab/go-securesystemslib/dsse" + "github.com/secure-systems-lab/go-securesystemslib/encrypted" "github.com/sigstore/cosign/v2/cmd/cosign/cli/generate" "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" "github.com/sigstore/cosign/v2/pkg/cosign" "github.com/sigstore/cosign/v2/test" "github.com/sigstore/sigstore/pkg/signature" "github.com/sigstore/sigstore/pkg/signature/dsse" - "github.com/theupdateframework/go-tuf/encrypted" ) // TestAttestBlobCmdLocalKeyAndSk verifies the AttestBlobCmd returns an error diff --git a/cmd/cosign/cli/sign/sign_test.go b/cmd/cosign/cli/sign/sign_test.go index afb43e3e9af..6959ba3fd01 100644 --- a/cmd/cosign/cli/sign/sign_test.go +++ b/cmd/cosign/cli/sign/sign_test.go @@ -28,13 +28,13 @@ import ( "github.com/stretchr/testify/assert" + "github.com/secure-systems-lab/go-securesystemslib/encrypted" "github.com/sigstore/cosign/v2/cmd/cosign/cli/generate" "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" "github.com/sigstore/cosign/v2/internal/ui" "github.com/sigstore/cosign/v2/pkg/cosign" "github.com/sigstore/cosign/v2/test" "github.com/sigstore/sigstore/pkg/cryptoutils" - "github.com/theupdateframework/go-tuf/encrypted" ) func pass(s string) cosign.PassFunc { diff --git a/pkg/cosign/keys.go b/pkg/cosign/keys.go index 3ab43cae479..9adc22525f8 100644 --- a/pkg/cosign/keys.go +++ b/pkg/cosign/keys.go @@ -30,8 +30,7 @@ import ( "os" "path/filepath" - "github.com/theupdateframework/go-tuf/encrypted" - + "github.com/secure-systems-lab/go-securesystemslib/encrypted" "github.com/sigstore/cosign/v2/pkg/oci/static" "github.com/sigstore/sigstore/pkg/cryptoutils" "github.com/sigstore/sigstore/pkg/signature" From fbbcf3e65f17d39a1d2fbe867a2dd33ff21a1bb5 Mon Sep 17 00:00:00 2001 From: cpanato Date: Mon, 14 Aug 2023 10:23:58 +0200 Subject: [PATCH 3/3] sync go mod Signed-off-by: cpanato --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 4632e54f8f7..4cc3b43352f 100644 --- a/go.mod +++ b/go.mod @@ -43,7 +43,6 @@ require ( github.com/spf13/viper v1.16.0 github.com/spiffe/go-spiffe/v2 v2.1.6 github.com/stretchr/testify v1.8.4 - github.com/theupdateframework/go-tuf v0.6.1 github.com/transparency-dev/merkle v0.0.2 github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 github.com/xanzy/go-gitlab v0.90.0 @@ -243,6 +242,7 @@ require ( github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/thales-e-security/pool v0.0.2 // indirect + github.com/theupdateframework/go-tuf v0.6.1 // indirect github.com/tinylib/msgp v1.1.6 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/tjfoc/gmsm v1.3.2 // indirect