Update to v2.4.3 #343
Merged
Update to v2.4.3 #343
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Bob Callaway <bcallaway@google.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Bumps the actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.6.0` | `3.7.0` | | [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.5` | `2.1.6` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.0` | `6.1.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.0` | `4.4.1` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.5.0` | `4.6.0` | Updates `sigstore/cosign-installer` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@4959ce0...dc72c7d) Updates `google-github-actions/auth` from 2.1.5 to 2.1.6 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@62cf5bd...8254fb7) Updates `actions/cache` from 4.0.2 to 4.1.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0c45773...2cdf405) Updates `golangci/golangci-lint-action` from 6.1.0 to 6.1.1 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@aaa42aa...971e284) Updates `actions/upload-artifact` from 4.4.0 to 4.4.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5076954...604373d) Updates `codecov/codecov-action` from 4.5.0 to 4.6.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@e28ff12...b9fd7d1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/cache](https://github.com/actions/cache) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/checkout` from 4.2.0 to 4.2.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@d632683...eef6144) Updates `actions/cache` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@2cdf405...3624ceb) Updates `actions/upload-artifact` from 4.4.1 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@604373d...b4b15b8) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
Fixes sigstore#3911 Signed-off-by: Hayden B <hblauzvern@google.com>
Bumps the actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-go](https://github.com/actions/setup-go), [actions/cache](https://github.com/actions/cache) and [cpanato/vault-installer](https://github.com/cpanato/vault-installer). Updates `actions/checkout` from 4.2.1 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@eef6144...11bd719) Updates `actions/setup-go` from 5.0.2 to 5.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0a12ed9...41dfa10) Updates `actions/cache` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@3624ceb...6849a64) Updates `cpanato/vault-installer` from 1.1.0 to 1.2.0 - [Release notes](https://github.com/cpanato/vault-installer/releases) - [Commits](cpanato/vault-installer@892767a...e7c1d66) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: cpanato/vault-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fixes sigstore#3700: add trusted-root create helper command To help cosign users move from providing disparate verification material to a single file that contains the needed verification material. This makes it easier for users to rotate key material and specify what time period different keys were valid. Signed-off-by: Zach Steindler <steiza@github.com> * Linter fixes and docgen Signed-off-by: Zach Steindler <steiza@github.com> * Fix Windows unit test Signed-off-by: Zach Steindler <steiza@github.com> * Output via stdout instead of stderr Signed-off-by: Zach Steindler <steiza@github.com> * Add ctlogs to `cosign trusted-root create` With `--ignore-sct` to support if you are using keys instead of Fulcio. Signed-off-by: Zach Steindler <steiza@github.com> * Replace `--rekor-url` with `--ignore-tlog` Similar to `--ignore-sct` Signed-off-by: Zach Steindler <steiza@github.com> * Just use paths to files on disk Instead of clients querying remote servers Signed-off-by: Zach Steindler <steiza@github.com> * Add the ability to supply multiple verification material Also add ability to specify validity start time for keys Signed-off-by: Zach Steindler <steiza@github.com> * Don't panic if there's unexpected content in PEM file Update tests, also fix documentation for flags that were removed. Co-authored-by: Dmitry S <dsavints@gmail.com> Signed-off-by: Zach Steindler <steiza@github.com> * remove trailing newline Signed-off-by: Zach Steindler <steiza@github.com> * Simplify imports Signed-off-by: Zach Steindler <steiza@github.com> --------- Signed-off-by: Zach Steindler <steiza@github.com> Co-authored-by: Dmitry S <dsavints@gmail.com>
Fixes sigstore#3908 Signed-off-by: Hayden B <hblauzvern@google.com>
…gstore#3923) Bumps the actions group with 1 update: [google-github-actions/auth](https://github.com/google-github-actions/auth). Updates `google-github-actions/auth` from 2.1.6 to 2.1.7 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@8254fb7...6fc4af4) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…igstore#3925) Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.5.0 to 4.5.1. - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md) - [Commits](golang-jwt/jwt@v4.5.0...v4.5.1) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add bundle create helper command Signed-off-by: Zach Steindler <steiza@github.com> * Check for empty envelope Signed-off-by: Zach Steindler <steiza@github.com> * Fix bug with detached signature Also add test for Fulcio certificate and old bundle format Signed-off-by: Zach Steindler <steiza@github.com> --------- Signed-off-by: Zach Steindler <steiza@github.com>
* Support for client certs towards registry server This commit refactors the registry options handling in the `cmd/cosign/cli/options/registry.go` file. It introduces new flags for specifying the X.509 CA certificate, client certificate, client key, and server name for the connection to the registry. This allows cosign to connect to registries that requires mTLS for authentication. Signed-off-by: Søren Juul <449942+zpon@users.noreply.github.com> * Update documentation Signed-off-by: Søren Juul <449942+zpon@users.noreply.github.com> * Add registry_test.go Increase test coverage of `getTLSConfig` method. Signed-off-by: Søren Juul <449942+zpon@users.noreply.github.com> * Fix unittests on win and linter errors Signed-off-by: Søren Juul <449942+zpon@users.noreply.github.com> * Fix temp file creation Signed-off-by: Søren Juul <449942+zpon@users.noreply.github.com> --------- Signed-off-by: Søren Juul <449942+zpon@users.noreply.github.com>
…3933) So the user knows that we're assuming the public good instance and fetching the trusted root via TUF. Signed-off-by: Zach Steindler <steiza@github.com>
Even if they leave off `--new-bundle-format` Signed-off-by: Zach Steindler <steiza@github.com>
…e#3937) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@b9fd7d1...5c47607) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions group with 1 update: [mikefarah/yq](https://github.com/mikefarah/yq). Updates `mikefarah/yq` from 4.44.3 to 4.44.5 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@bbdd974...bc5b54c) --- updated-dependencies: - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add e2e tests using a TUF mirror Add a test that, instead of overriding trusted keys with environment variables, actually initializes a TUF cache using a local TUF mirror. This will prepare us to safely make changes to the TUF client. Metadata for the public good instance goes through a different code path, since those keys are embedded in the code. We can't test signing and verifying with the public good instance hermetically, so we rely on conformance tests to catch issues with that path. Signed-off-by: Colleen Murphy <colleenmurphy@google.com> * go mod tidy Signed-off-by: Colleen Murphy <colleenmurphy@google.com> --------- Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
The git-diff hook implementation prevents us from seeing the failure details. Simplify so that the git diff output is logged. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
…re#3945) Bumps the actions group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 5.0.2 to 5.0.7 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@5c47607...015f24e) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The path must be present on each line in CODEOWNERS. According to [GitHub docs](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners): > Each line is a file pattern followed by one or more owners. Signed-off-by: Cody Soyland <codysoyland@github.com>
Signed-off-by: Cody Soyland <codysoyland@github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.18.0 to 0.31.0. - [Commits](golang/crypto@v0.18.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This reverts commit 77f46ca.
Signed-off-by: cpanato <ctadeu@gmail.com>
…#3966) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.27.0 to 0.31.0. - [Commits](golang/crypto@v0.27.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
See https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/copy/copy.go#L192 requires to have value `sig` instead of `sign`. Also aligned the option docs order to align with the order of the example. https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/copy.go#L40 Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
…sigstore#3969) * chore(deps): bump the actions group across 1 directory with 5 updates Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `5.1.0` | `5.2.0` | | [actions/cache](https://github.com/actions/cache) | `4.1.2` | `4.2.0` | | [sigstore/sigstore-conformance](https://github.com/sigstore/sigstore-conformance) | `0.0.11` | `0.0.14` | | [mikefarah/yq](https://github.com/mikefarah/yq) | `4.44.5` | `4.44.6` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.0.7` | `5.1.1` | Updates `actions/setup-go` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@41dfa10...3041bf5) Updates `actions/cache` from 4.1.2 to 4.2.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6849a64...1bd1e32) Updates `sigstore/sigstore-conformance` from 0.0.11 to 0.0.14 - [Release notes](https://github.com/sigstore/sigstore-conformance/releases) - [Commits](sigstore/sigstore-conformance@ee4de0e...b0635d4) Updates `mikefarah/yq` from 4.44.5 to 4.44.6 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@bc5b54c...4839dbb) Updates `codecov/codecov-action` from 5.0.7 to 5.1.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@015f24e...7f8b4b4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: sigstore/sigstore-conformance dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: mikefarah/yq dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> * revert upgrade for sigstore-conformance Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: cpanato <ctadeu@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato <ctadeu@gmail.com>
…e#4067) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.1 to 1.9.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.8.1...v1.9.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…igstore#4070) Bumps the actions group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `golangci/golangci-lint-action` from 6.3.2 to 6.5.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@051d919...2226d7c) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This allows users to implement their own KMS providers as separate programs. See the sigstore/sigstore repo for more information. Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
Signed-off-by: Daniel Haus <dhaus@redhat.com> Signed-off-by: Tomasz Janiszewski <tomek@redhat.com> Co-authored-by: Daniel Haus <dhaus@redhat.com>
Bumps [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) from 0.122.0 to 0.123.0. - [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags) - [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.122.0...v0.123.0) --- updated-dependencies: - dependency-name: gitlab.com/gitlab-org/api/client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…sigstore#4066) Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.91.0 to 3.92.1. - [Release notes](https://github.com/buildkite/agent/releases) - [Changelog](https://github.com/buildkite/agent/blob/main/CHANGELOG.md) - [Commits](buildkite/agent@v3.91.0...v3.92.1) --- updated-dependencies: - dependency-name: github.com/buildkite/agent/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…igstore#4074) Bumps the gomod group with 4 updates in the / directory: [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore), [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore), [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) and [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore). Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.12 to 1.8.15 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.12...v1.8.15) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.12 to 1.8.15 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.12...v1.8.15) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.12 to 1.8.15 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.12...v1.8.15) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.12 to 1.8.15 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.12...v1.8.15) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v2.4.3
osmman
approved these changes
Mar 18, 2025
osmman
requested changes
Mar 18, 2025
There was a problem hiding this comment.
You have to upgrade builder container image to go 1.23
Line 2 in ea63e31
osmman
reviewed
Mar 18, 2025
| @@ -1,5 +1,5 @@ | |||
| # Build stage | |||
There was a problem hiding this comment.
use newer version sha256:44fd8f88f3b6463cda15571260f9ca3a0b78d3c8c8827a338e04ab3a23581a88, I hope that it will solve problem with discovered CVE by EC
|
/retest |
|
/retest |
1 similar comment
|
/retest |
|
This one is seemingly good to now |
|
/lgtm |
osmman
approved these changes
Mar 21, 2025
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: osmman, tommyd450 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update to v2.4.3, let me know if anything is missing here, I cant remember the last time I had to do this.