KEMBAR78
Comparing v1.0.0...v1.1.0 · sigstore/sigstore-go · GitHub
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/sigstore-go
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.0.0
Choose a base ref
...
head repository: sigstore/sigstore-go
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.1.0
Choose a head ref
  • 15 commits
  • 25 files changed
  • 7 contributors

Commits on May 19, 2025

  1. Error Wrapping in New function (#482) 

    The error handling in updater.New(&tmpCfg) is currently returned
direct, which is not in uniform with other error handling in the TUF
client.

This change wraps some meaningful context care of fmt.Errorf

Signed-off-by: Luke Hinds <lukehinds@gmail.com>
    @lukehinds
    lukehinds authored May 19, 2025
    Configuration menu
    Copy the full SHA
    d1ec330 View commit details
    Browse the repository at this point in the history

  2. Avoid naked errors from other modules (#484) 

    * Avoid naked errors from other modules

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>

* Avoid naked errors from external packages.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>

---------

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
    @kommendorkapten
    kommendorkapten authored May 19, 2025
    Configuration menu
    Copy the full SHA
    89a326e View commit details
    Browse the repository at this point in the history

Commits on May 21, 2025

  1. Added a third variant of the live trusted root. (#485) 

    This version accepts a configurable period for the tuf updates.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
    @kommendorkapten
    kommendorkapten authored May 21, 2025
    Configuration menu
    Copy the full SHA
    e7f98e2 View commit details
    Browse the repository at this point in the history

Commits on Jun 5, 2025

  1. Bump the minor-patch group across 2 directories with 2 updates (#486) 

    * Bump the minor-patch group across 2 directories with 2 updates

Bumps the minor-patch group with 2 updates in the / directory: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry).
Bumps the minor-patch group with 2 updates in the /examples/oci-image-verification directory: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry).


Updates `github.com/sigstore/protobuf-specs` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.1...v0.4.2)

Updates `github.com/google/go-containerregistry` from 0.20.3 to 0.20.5
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.3...v0.20.5)

Updates `github.com/sigstore/protobuf-specs` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.1...v0.4.2)

Updates `github.com/sigstore/protobuf-specs` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.1...v0.4.2)

Updates `github.com/google/go-containerregistry` from 0.20.3 to 0.20.5
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.3...v0.20.5)

Updates `github.com/sigstore/protobuf-specs` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.1...v0.4.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.20.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.20.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update RSA key size

Anything under 2048 is insecure and not representative of any keys in the wild.

Signed-off-by: Hayden B <haydentherapper@users.noreply.github.com>

* Fix lint errors, fix test using RSA-512 key

Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Hayden B <haydentherapper@users.noreply.github.com>
Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Hayden B <haydentherapper@users.noreply.github.com>
Co-authored-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
    @dependabot @haydentherapper
    3 people authored Jun 5, 2025
    Configuration menu
    Copy the full SHA
    c43b348 View commit details
    Browse the repository at this point in the history

Commits on Jun 17, 2025

  1. Bump the minor-patch group across 2 directories with 8 updates (#488) 

    * Bump the minor-patch group across 2 directories with 8 updates

Bumps the minor-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) | `1.3.1` | `1.3.2` |
| [github.com/in-toto/attestation](https://github.com/in-toto/attestation) | `1.1.1` | `1.1.2` |
| [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) | `0.4.2` | `0.4.3` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` |
| [github.com/sigstore/timestamp-authority](https://github.com/sigstore/timestamp-authority) | `1.2.7` | `1.2.8` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.38.0` | `0.39.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.5` | `0.20.6` |

Bumps the minor-patch group with 7 updates in the /examples/oci-image-verification directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) | `1.3.1` | `1.3.2` |
| [github.com/in-toto/attestation](https://github.com/in-toto/attestation) | `1.1.1` | `1.1.2` |
| [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) | `0.4.2` | `0.4.3` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` |
| [github.com/sigstore/timestamp-authority](https://github.com/sigstore/timestamp-authority) | `1.2.7` | `1.2.8` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.38.0` | `0.39.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.5` | `0.20.6` |



Updates `github.com/google/certificate-transparency-go` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/google/certificate-transparency-go/releases)
- [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md)
- [Commits](google/certificate-transparency-go@v1.3.1...v1.3.2)

Updates `github.com/in-toto/attestation` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/in-toto/attestation/releases)
- [Commits](in-toto/attestation@v1.1.1...v1.1.2)

Updates `github.com/sigstore/protobuf-specs` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.2...v0.4.3)

Updates `github.com/sigstore/sigstore` from 1.9.4 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.4...v1.9.5)

Updates `github.com/sigstore/timestamp-authority` from 1.2.7 to 1.2.8
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](sigstore/timestamp-authority@v1.2.7...v1.2.8)

Updates `golang.org/x/crypto` from 0.38.0 to 0.39.0
- [Commits](golang/crypto@v0.38.0...v0.39.0)

Updates `golang.org/x/mod` from 0.24.0 to 0.25.0
- [Commits](golang/mod@v0.24.0...v0.25.0)

Updates `github.com/google/go-containerregistry` from 0.20.5 to 0.20.6
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.5...v0.20.6)

Updates `github.com/sigstore/protobuf-specs` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.2...v0.4.3)

Updates `github.com/sigstore/sigstore` from 1.9.4 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.4...v1.9.5)

Updates `github.com/google/certificate-transparency-go` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/google/certificate-transparency-go/releases)
- [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md)
- [Commits](google/certificate-transparency-go@v1.3.1...v1.3.2)

Updates `github.com/in-toto/attestation` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/in-toto/attestation/releases)
- [Commits](in-toto/attestation@v1.1.1...v1.1.2)

Updates `github.com/sigstore/protobuf-specs` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.2...v0.4.3)

Updates `github.com/sigstore/sigstore` from 1.9.4 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.4...v1.9.5)

Updates `github.com/sigstore/timestamp-authority` from 1.2.7 to 1.2.8
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](sigstore/timestamp-authority@v1.2.7...v1.2.8)

Updates `golang.org/x/crypto` from 0.38.0 to 0.39.0
- [Commits](golang/crypto@v0.38.0...v0.39.0)

Updates `golang.org/x/mod` from 0.24.0 to 0.25.0
- [Commits](golang/mod@v0.24.0...v0.25.0)

Updates `github.com/google/go-containerregistry` from 0.20.5 to 0.20.6
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.5...v0.20.6)

Updates `github.com/sigstore/protobuf-specs` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.2...v0.4.3)

Updates `github.com/sigstore/sigstore` from 1.9.4 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.4...v1.9.5)

---
updated-dependencies:
- dependency-name: github.com/google/certificate-transparency-go
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/in-toto/attestation
  dependency-version: 1.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/timestamp-authority
  dependency-version: 1.2.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: golang.org/x/mod
  dependency-version: 0.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.20.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/google/certificate-transparency-go
  dependency-version: 1.3.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/in-toto/attestation
  dependency-version: 1.1.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/timestamp-authority
  dependency-version: 1.2.8
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.39.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: golang.org/x/mod
  dependency-version: 0.25.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.20.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* go mod tidy

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>
    @dependabot @kommendorkapten
    dependabot[bot] and kommendorkapten authored Jun 17, 2025
    Configuration menu
    Copy the full SHA
    2c9ea93 View commit details
    Browse the repository at this point in the history

Commits on Jun 18, 2025

  1. Add end to end tests (#489) 

    Add integration tests using the new lightweight setup-sigstore-env
action from sigstore/scaffolding. This CI action starts instances of
both Rekor v1 and Rekor v2, so the tests are in a position to start
testing the new Rekor v2 pathways immediately.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
    @cmurphy
    cmurphy authored Jun 18, 2025
    Configuration menu
    Copy the full SHA
    7212b45 View commit details
    Browse the repository at this point in the history

Commits on Jun 25, 2025

  1. fail SigstoreTimestampingAuthority) Verifywith nil Root (#490) 

    add a check to SigstoreTimestampingAuthority) Verify and return
an error if tsa.Root is present but nil to avoid passing it
along in the tsaverification.VerifyOpts.

See issue sigstore/cosign#4261.

Signed-off-by: Dmitry Savintsev <dsavints@gmail.com>
    @dmitris
    dmitris authored Jun 25, 2025
    Configuration menu
    Copy the full SHA
    ac77dfc View commit details
    Browse the repository at this point in the history

Commits on Jun 27, 2025

  1. Add support for Rekor V2 signing and verification (#481) 

    Add support for handling and uploading a Rekor v2 entry. Replace
reliance on rekor v1 with the TransparencyLogEntry from protobuf-specs
as much as possible to reduce divergence in how different entries are
handled. Add new functions where needed to avoid breaking backwards
compatibility with existing functions.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
    @cmurphy
    cmurphy authored Jun 27, 2025
    Configuration menu
    Copy the full SHA
    2aab0d7 View commit details
    Browse the repository at this point in the history

Commits on Jun 30, 2025

  1. Bump github.com/go-viper/mapstructure/v2 (#491) 

    Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](go-viper/mapstructure@v2.2.1...v2.3.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.3.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 30, 2025
    Configuration menu
    Copy the full SHA
    0327602 View commit details
    Browse the repository at this point in the history

Commits on Jul 1, 2025

  1. Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#492) 

    Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](go-viper/mapstructure@v2.2.1...v2.3.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.3.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 1, 2025
    Configuration menu
    Copy the full SHA
    2ec0fb6 View commit details
    Browse the repository at this point in the history

  2. Allow public keys to sign hashedrekord (#497) 

    There was a restriction when signing Rekor v1 hashedrekord entries that
required them to use a certificate rather than a public key. This isn't
a restriction imposed by Rekor, and it is going to need to have this
kind of flexibility if and when this gets used for signing in cosign.
This change eliminates the restriction and then updates the examples to
show how this could be used.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
    @cmurphy
    cmurphy authored Jul 1, 2025
    Configuration menu
    Copy the full SHA
    55a5b9c View commit details
    Browse the repository at this point in the history

Commits on Jul 2, 2025

  1. Add support for operator in SigningConfig (#494) 

    The v0.2 signing config includes an Operator field so that clients will
select Services from distinct operators. This PR adds support for the
Operator field, where multi-service selection will select distinct
instances. Later, we'll add support for the Operator field for instances
declared in the trusted root, to verify that instances from the same
operator do not all count towards meeting a threshold.

Since the v0.2 signing config is only distributed via the staging TUF
repo, I've left the example as-is for now, since any integrators will
need to declare their signing config manually for production.

Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
Co-authored-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper and haydentherapper authored Jul 2, 2025
    Configuration menu
    Copy the full SHA
    df24b2d View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2025

  1. Add MarshalJSON to SigningConfig, fix marshaling bug (#498) 

    This adds a MarshalJSON method to SigningConfig so that clients don't
have to construct the proto structure themselves. This also fixes a bug
in ToServiceProtobuf where we didn't handle the validity window. Test
cases have been updated as well to specify validity windows and
operators, and I've verified that these tests fail without the bug fix.

Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper authored Jul 10, 2025
    Configuration menu
    Copy the full SHA
    2d48428 View commit details
    Browse the repository at this point in the history

Commits on Jul 11, 2025

  1. Select highest API version for SigningConfig services always (#499) 

    Found a bug in the selection logic for SigningConfig services where a
lower version service would be selected if it were newer than another
service with a higher API version. Fix this issue looping through
sorted versions and services until a set of services are found. Also
added a test case to catch this.

Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
Co-authored-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper and haydentherapper authored Jul 11, 2025
    Configuration menu
    Copy the full SHA
    e2d7d21 View commit details
    Browse the repository at this point in the history

Commits on Jul 14, 2025

  1. Bump the minor-patch group across 2 directories with 3 updates (#500) 

    Bumps the minor-patch group with 3 updates in the / directory: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs), [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/mod](https://github.com/golang/mod).
Bumps the minor-patch group with 3 updates in the /examples/oci-image-verification directory: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs), [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/mod](https://github.com/golang/mod).


Updates `github.com/sigstore/protobuf-specs` from 0.4.3 to 0.5.0
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.3...v0.5.0)

Updates `golang.org/x/crypto` from 0.39.0 to 0.40.0
- [Commits](golang/crypto@v0.39.0...v0.40.0)

Updates `golang.org/x/mod` from 0.25.0 to 0.26.0
- [Commits](golang/mod@v0.25.0...v0.26.0)

Updates `github.com/sigstore/protobuf-specs` from 0.4.3 to 0.5.0
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.3...v0.5.0)

Updates `golang.org/x/crypto` from 0.39.0 to 0.40.0
- [Commits](golang/crypto@v0.39.0...v0.40.0)

Updates `golang.org/x/mod` from 0.25.0 to 0.26.0
- [Commits](golang/mod@v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: golang.org/x/mod
  dependency-version: 0.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.40.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: golang.org/x/mod
  dependency-version: 0.26.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 14, 2025
    Configuration menu
    Copy the full SHA
    dcab992 View commit details
    Browse the repository at this point in the history
Loading