Skip to content

Commit 145ed4a

Browse files
authored
Merge pull request #1583 from fluxcd/cosign-v2.4.0
Update cosign to v2.4.0
2 parents 5b980f1 + cfccdb5 commit 145ed4a

File tree

4 files changed

+167
-156
lines changed

4 files changed

+167
-156
lines changed

api/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ require (
66
github.com/fluxcd/pkg/apis/acl v0.3.0
77
github.com/fluxcd/pkg/apis/meta v1.6.0
88
k8s.io/apimachinery v0.31.0
9-
sigs.k8s.io/controller-runtime v0.19.0-beta.0
9+
sigs.k8s.io/controller-runtime v0.19.0
1010
)
1111

1212
// Fix CVE-2022-28948

api/go.sum

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -101,16 +101,16 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
101101
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
102102
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
103103
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
104-
k8s.io/api v0.31.0-rc.1 h1:ph2dq1aCz0s+Qa4wT//TMYgVFpYPdYLf1bOUeBL9mN0=
105-
k8s.io/api v0.31.0-rc.1/go.mod h1:PcQwrOI3pFXW19JtLyLqIwFC95rRJN1fakusa1HD0ZM=
104+
k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
105+
k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
106106
k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
107107
k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
108108
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
109109
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
110110
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
111111
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
112-
sigs.k8s.io/controller-runtime v0.19.0-beta.0 h1:2dhsJeWBmzrnSE+NMourFWen0lSRg3JYs3Pp04+cJss=
113-
sigs.k8s.io/controller-runtime v0.19.0-beta.0/go.mod h1:DsWafTWWtE45ewmWCXm3Tsend5uwveZCkpYfod82SXE=
112+
sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
113+
sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
114114
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
115115
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
116116
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=

go.mod

Lines changed: 40 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/fluxcd/source-controller
22

3-
go 1.22.4
3+
go 1.22.5
44

55
replace github.com/fluxcd/source-controller/api => ./api
66

@@ -9,19 +9,19 @@ replace github.com/fluxcd/source-controller/api => ./api
99
replace github.com/opencontainers/go-digest => github.com/opencontainers/go-digest v1.0.1-0.20220411205349-bde1400a84be
1010

1111
require (
12-
cloud.google.com/go/compute/metadata v0.3.0
13-
cloud.google.com/go/storage v1.39.1
12+
cloud.google.com/go/compute/metadata v0.5.0
13+
cloud.google.com/go/storage v1.41.0
1414
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
15-
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
16-
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
17-
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2
15+
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0
16+
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
17+
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.0
1818
github.com/Masterminds/semver/v3 v3.2.1
1919
github.com/cyphar/filepath-securejoin v0.3.1
2020
github.com/distribution/distribution/v3 v3.0.0-beta.1
2121
github.com/docker/cli v27.1.2+incompatible
2222
github.com/docker/go-units v0.5.0
2323
github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380
24-
github.com/fluxcd/cli-utils v0.36.0-flux.8
24+
github.com/fluxcd/cli-utils v0.36.0-flux.9
2525
github.com/fluxcd/pkg/apis/event v0.10.0
2626
github.com/fluxcd/pkg/apis/meta v1.6.0
2727
github.com/fluxcd/pkg/git v0.20.0
@@ -30,8 +30,8 @@ require (
3030
github.com/fluxcd/pkg/helmtestserver v0.19.0
3131
github.com/fluxcd/pkg/lockedfile v0.3.0
3232
github.com/fluxcd/pkg/masktoken v0.4.0
33-
github.com/fluxcd/pkg/oci v0.39.0
34-
github.com/fluxcd/pkg/runtime v0.48.0
33+
github.com/fluxcd/pkg/oci v0.40.0
34+
github.com/fluxcd/pkg/runtime v0.49.0
3535
github.com/fluxcd/pkg/sourceignore v0.8.0
3636
github.com/fluxcd/pkg/ssh v0.14.0
3737
github.com/fluxcd/pkg/tar v0.8.0
@@ -56,35 +56,35 @@ require (
5656
github.com/otiai10/copy v1.14.0
5757
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
5858
github.com/prometheus/client_golang v1.20.0
59-
github.com/sigstore/cosign/v2 v2.2.4
60-
github.com/sigstore/sigstore v1.8.3
59+
github.com/sigstore/cosign/v2 v2.4.0
60+
github.com/sigstore/sigstore v1.8.8
6161
github.com/sirupsen/logrus v1.9.3
6262
github.com/spf13/pflag v1.0.5
6363
golang.org/x/crypto v0.26.0
6464
golang.org/x/oauth2 v0.22.0
6565
golang.org/x/sync v0.8.0
66-
google.golang.org/api v0.177.0
66+
google.golang.org/api v0.190.0
6767
gotest.tools v2.2.0+incompatible
6868
helm.sh/helm/v3 v3.15.4
6969
k8s.io/api v0.31.0
7070
k8s.io/apimachinery v0.31.0
7171
k8s.io/client-go v0.31.0
7272
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
7373
oras.land/oras-go/v2 v2.5.0
74-
sigs.k8s.io/controller-runtime v0.19.0-beta.0
74+
sigs.k8s.io/controller-runtime v0.19.0
7575
sigs.k8s.io/yaml v1.4.0
7676
)
7777

7878
require (
79-
cloud.google.com/go v0.112.2 // indirect
80-
cloud.google.com/go/auth v0.3.0 // indirect
81-
cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
82-
cloud.google.com/go/iam v1.1.6 // indirect
79+
cloud.google.com/go v0.115.0 // indirect
80+
cloud.google.com/go/auth v0.7.3 // indirect
81+
cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect
82+
cloud.google.com/go/iam v1.1.12 // indirect
8383
dario.cat/mergo v1.0.0 // indirect
8484
filippo.io/edwards25519 v1.1.0 // indirect
8585
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
8686
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
87-
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect
87+
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
8888
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
8989
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
9090
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
@@ -137,9 +137,10 @@ require (
137137
github.com/blang/semver v3.5.1+incompatible // indirect
138138
github.com/blang/semver/v4 v4.0.0 // indirect
139139
github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
140-
github.com/buildkite/agent/v3 v3.62.0 // indirect
141-
github.com/buildkite/go-pipeline v0.3.2 // indirect
142-
github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
140+
github.com/buildkite/agent/v3 v3.76.2 // indirect
141+
github.com/buildkite/go-pipeline v0.10.0 // indirect
142+
github.com/buildkite/interpolate v0.1.3 // indirect
143+
github.com/buildkite/roko v1.2.0 // indirect
143144
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
144145
github.com/cespare/xxhash/v2 v2.3.0 // indirect
145146
github.com/chai2010/gettext-go v1.0.2 // indirect
@@ -153,7 +154,7 @@ require (
153154
github.com/containerd/log v0.1.0 // indirect
154155
github.com/containerd/platforms v0.2.1 // indirect
155156
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
156-
github.com/coreos/go-oidc/v3 v3.10.0 // indirect
157+
github.com/coreos/go-oidc/v3 v3.11.0 // indirect
157158
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
158159
github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
159160
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
@@ -214,17 +215,17 @@ require (
214215
github.com/golang/protobuf v1.5.4 // indirect
215216
github.com/golang/snappy v0.0.4 // indirect
216217
github.com/google/btree v1.1.2 // indirect
217-
github.com/google/certificate-transparency-go v1.1.8 // indirect
218+
github.com/google/certificate-transparency-go v1.2.1 // indirect
218219
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
219220
github.com/google/go-cmp v0.6.0 // indirect
220221
github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230516205744-dbecb1de8cfa // indirect
221222
github.com/google/go-github/v55 v55.0.0 // indirect
222223
github.com/google/go-querystring v1.1.0 // indirect
223224
github.com/google/gofuzz v1.2.0 // indirect
224-
github.com/google/s2a-go v0.1.7 // indirect
225+
github.com/google/s2a-go v0.1.8 // indirect
225226
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
226227
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
227-
github.com/googleapis/gax-go/v2 v2.12.3 // indirect
228+
github.com/googleapis/gax-go/v2 v2.13.0 // indirect
228229
github.com/gorilla/handlers v1.5.2 // indirect
229230
github.com/gorilla/mux v1.8.1 // indirect
230231
github.com/gorilla/websocket v1.5.3 // indirect
@@ -236,7 +237,7 @@ require (
236237
github.com/hashicorp/go-multierror v1.1.1 // indirect
237238
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
238239
github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect
239-
github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
240+
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
240241
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
241242
github.com/huandu/xstrings v1.4.0 // indirect
242243
github.com/imdario/mergo v0.3.16 // indirect
@@ -254,15 +255,15 @@ require (
254255
github.com/kylelemons/godebug v1.1.0 // indirect
255256
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
256257
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
257-
github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
258+
github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
258259
github.com/lib/pq v1.10.9 // indirect
259260
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
260261
github.com/magiconair/properties v1.8.7 // indirect
261262
github.com/mailru/easyjson v0.7.7 // indirect
262263
github.com/mattn/go-colorable v0.1.13 // indirect
263264
github.com/mattn/go-isatty v0.0.20 // indirect
264265
github.com/mattn/go-runewidth v0.0.15 // indirect
265-
github.com/miekg/dns v1.1.57 // indirect
266+
github.com/miekg/dns v1.1.58 // indirect
266267
github.com/miekg/pkcs11 v1.1.1 // indirect
267268
github.com/minio/md5-simd v1.1.2 // indirect
268269
github.com/mitchellh/copystructure v1.2.0 // indirect
@@ -287,7 +288,7 @@ require (
287288
github.com/opencontainers/runc v1.1.13 // indirect
288289
github.com/opentracing/opentracing-go v1.2.0 // indirect
289290
github.com/pborman/uuid v1.2.1 // indirect
290-
github.com/pelletier/go-toml/v2 v2.1.0 // indirect
291+
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
291292
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
292293
github.com/pjbgf/sha1cd v0.3.0 // indirect
293294
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
@@ -310,7 +311,8 @@ require (
310311
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
311312
github.com/shibumi/go-pathspec v1.3.0 // indirect
312313
github.com/shopspring/decimal v1.3.1 // indirect
313-
github.com/sigstore/fulcio v1.4.5 // indirect
314+
github.com/sigstore/fulcio v1.5.1 // indirect
315+
github.com/sigstore/protobuf-specs v0.3.2 // indirect
314316
github.com/sigstore/rekor v1.3.6 // indirect
315317
github.com/sigstore/timestamp-authority v1.2.2 // indirect
316318
github.com/skeema/knownhosts v1.3.0 // indirect
@@ -319,8 +321,8 @@ require (
319321
github.com/spf13/afero v1.11.0 // indirect
320322
github.com/spf13/cast v1.6.0 // indirect
321323
github.com/spf13/cobra v1.8.1 // indirect
322-
github.com/spf13/viper v1.18.2 // indirect
323-
github.com/spiffe/go-spiffe/v2 v2.2.0 // indirect
324+
github.com/spf13/viper v1.19.0 // indirect
325+
github.com/spiffe/go-spiffe/v2 v2.3.0 // indirect
324326
github.com/subosito/gotenv v1.6.0 // indirect
325327
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
326328
github.com/thales-e-security/pool v0.0.2 // indirect
@@ -331,7 +333,7 @@ require (
331333
github.com/vbatts/tar-split v0.11.5 // indirect
332334
github.com/veraison/go-cose v1.2.1 // indirect
333335
github.com/x448/float16 v0.8.4 // indirect
334-
github.com/xanzy/go-gitlab v0.102.0 // indirect
336+
github.com/xanzy/go-gitlab v0.107.0 // indirect
335337
github.com/xanzy/ssh-agent v0.3.3 // indirect
336338
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
337339
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -364,7 +366,7 @@ require (
364366
go.opentelemetry.io/otel/trace v1.28.0 // indirect
365367
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
366368
go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
367-
go.step.sm/crypto v0.44.2 // indirect
369+
go.step.sm/crypto v0.51.1 // indirect
368370
go.uber.org/multierr v1.11.0 // indirect
369371
go.uber.org/zap v1.27.0 // indirect
370372
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
@@ -376,13 +378,12 @@ require (
376378
golang.org/x/time v0.6.0 // indirect
377379
golang.org/x/tools v0.24.0 // indirect
378380
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
379-
google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
380-
google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
381-
google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
381+
google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect
382+
google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect
383+
google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect
382384
google.golang.org/grpc v1.65.0 // indirect
383385
google.golang.org/protobuf v1.34.2 // indirect
384386
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
385-
gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
386387
gopkg.in/inf.v0 v0.9.1 // indirect
387388
gopkg.in/ini.v1 v1.67.0 // indirect
388389
gopkg.in/warnings.v0 v0.1.2 // indirect
@@ -399,7 +400,7 @@ require (
399400
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
400401
sigs.k8s.io/kustomize/api v0.17.3 // indirect
401402
sigs.k8s.io/kustomize/kyaml v0.17.2 // indirect
402-
sigs.k8s.io/release-utils v0.7.7 // indirect
403+
sigs.k8s.io/release-utils v0.8.4 // indirect
403404
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
404405
)
405406

0 commit comments

Comments
 (0)