Update to v1.6.6 #229

tommyd450 · 2025-03-18T15:43:29Z

No description provided.

Bumps golang from `adee809` to `a7f2fc9`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.53.0 to 0.54.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.53.0...v0.54.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.199.0 to 0.200.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.199.0...v0.200.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the all group with 7 updates: | Package | From | To | | --- | --- | --- | | [chainguard.dev/sdk](https://github.com/chainguard-dev/sdk) | `0.1.27` | `0.1.28` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.20.4` | `1.20.5` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.9` | `1.8.10` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.9` | `1.8.10` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.9` | `1.8.10` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.9` | `1.8.10` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.9` | `1.8.10` | Updates `chainguard.dev/sdk` from 0.1.27 to 0.1.28 - [Release notes](https://github.com/chainguard-dev/sdk/releases) - [Commits](chainguard-dev/sdk@v0.1.27...v0.1.28) Updates `github.com/prometheus/client_golang` from 1.20.4 to 1.20.5 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.20.4...v1.20.5) Updates `github.com/sigstore/sigstore` from 1.8.9 to 1.8.10 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.9...v1.8.10) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.9 to 1.8.10 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.9...v1.8.10) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.9 to 1.8.10 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.9...v1.8.10) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.9 to 1.8.10 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.9...v1.8.10) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.9 to 1.8.10 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.9...v1.8.10) --- updated-dependencies: - dependency-name: chainguard.dev/sdk dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps golang from `a7f2fc9` to `ad5c126`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.200.0 to 0.201.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.200.0...v0.201.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the all group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-go](https://github.com/actions/setup-go) and [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf). Updates `actions/checkout` from 4.2.1 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@eef6144...11bd719) Updates `actions/setup-go` from 5.0.2 to 5.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0a12ed9...41dfa10) Updates `protocolbuffers/protobuf` from 28.2 to 28.3 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](protocolbuffers/protobuf@v28.2...v28.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: protocolbuffers/protobuf dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the all group with 4 updates: [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go), [github.com/prometheus/common](https://github.com/prometheus/common), [google.golang.org/api](https://github.com/googleapis/google-api-go-client) and [google.golang.org/genproto/googleapis/api](https://github.com/googleapis/go-genproto). Updates `cloud.google.com/go/security` from 1.18.1 to 1.18.2 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@kms/v1.18.1...kms/v1.18.2) Updates `github.com/prometheus/common` from 0.60.0 to 0.60.1 - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md) - [Commits](prometheus/common@v0.60.0...v0.60.1) Updates `google.golang.org/api` from 0.201.0 to 0.203.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.201.0...v0.203.0) Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20240930140551-af27646dc61f to 0.0.0-20241007155032-5fefd90f89a9 - [Commits](https://github.com/googleapis/go-genproto/commits) --- updated-dependencies: - dependency-name: cloud.google.com/go/security dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/genproto/googleapis/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Support for model hub identity provider Signed-off-by: Hayden B <hblauzvern@google.com>

…igstore#1852)

…igstore#1857) Bumps [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) from 2.22.0 to 2.23.0. - [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases) - [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml) - [Commits](grpc-ecosystem/grpc-gateway@v2.22.0...v2.23.0) --- updated-dependencies: - dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…igstore#1854) Bumps the all group with 1 update: [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go). Updates `github.com/google/certificate-transparency-go` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/google/certificate-transparency-go/releases) - [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md) - [Commits](google/certificate-transparency-go@v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: github.com/google/certificate-transparency-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@b9fd7d1...5c47607) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…store#1871)

…igstore#1872) Bumps [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) from 2.23.0 to 2.24.0. - [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases) - [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml) - [Commits](grpc-ecosystem/grpc-gateway@v2.23.0...v2.24.0) --- updated-dependencies: - dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.206.0 to 0.209.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.206.0...v0.209.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

sigstore#1876)

* Bump protocolbuffers/protobuf from 28.3 to 29.0 Bumps [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf) from 28.3 to 29.0. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](protocolbuffers/protobuf@v28.3...v29.0) --- updated-dependencies: - dependency-name: protocolbuffers/protobuf dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update main.yml Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.68.1 to 1.69.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.68.1...v1.69.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…1890) Bumps the all group with 1 update: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/setup-go` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@41dfa10...3041bf5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…igstore#1894) Bumps the all group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/grpc` from 1.69.0 to 1.69.2 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.69.0...v1.69.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.211.0 to 0.214.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.211.0...v0.214.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…igstore#1896) Bumps [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) from 2.24.0 to 2.25.1. - [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases) - [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml) - [Commits](grpc-ecosystem/grpc-gateway@v2.24.0...v2.25.1) --- updated-dependencies: - dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

sigstore#1901)

…oup (sigstore#1904)

Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.8.5 to 0.9.0. - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](kubernetes-sigs/release-utils@v0.8.5...v0.9.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the all group with 6 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | google.golang.org/protobuf | `1.36.1` | `1.36.2` | Updates `github.com/sigstore/sigstore` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `google.golang.org/protobuf` from 1.36.1 to 1.36.2 --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* relax go.mod Signed-off-by: cpanato <ctadeu@gmail.com> * simplify GOVERSION extraction and updates Signed-off-by: cpanato <ctadeu@gmail.com> * sync Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: cpanato <ctadeu@gmail.com>

* cleanup some zizmor-flagged issues in actions Signed-off-by: Bob Callaway <bcallaway@google.com> * revert gomod changes, address review comments Signed-off-by: Bob Callaway <bcallaway@google.com> * fix whitespace Signed-off-by: Bob Callaway <bcallaway@google.com> --------- Signed-off-by: Bob Callaway <bcallaway@google.com>

) * ciprovider: support claim values that are not strings The default behaviour of %v is fine in most cases: > bool: %t > int, int8 etc.: %d > uint, uint8 etc.: %d, %#x if printed with %#v > float32, complex64, etc: %g > string: %s > chan: %p > pointer: %p However Buildkite's build_number claim is an int in the JSON, but comes through as a Float64 and we need to render it into a string value as a regular int. Claim values that are floats with a fractional part will also be converted to a string, but their fractional part will be retained. This isn't required for Buildkite OIDC tokens, but feels like the least-surprising behaviour for future travelers. Signed-off-by: James Healy <james@buildkite.com> * Configure additional certificate extensions for Buildkite The Buildkite Issuer was added in sigstore#890, prior to the efforts to standardise certificate extensions for CI providers, and sigstore#1074 calls for the Buildkite issuer to be updated to use the new extensions (where applicable). This is an early attempt to make those changes. I initially started these in sigstore#1307, however is is a new swing at it using the new CIProvider issuer (see sigstore#1729 and sigstore#1743). I've added the extensions that make the most sense in a Buildkite context, like RunInvocationURI, RunnerEnvironment and SourceRepositoryDigest. Many of the other extensions don't apply because we're not a code host as well, or need further discussion. I have not added tests yet. This is my first contribution to fulcio and I'm keen to confirm I'm heading in the right direction before adding tests. However, I have tested this locally with a Buildkite agent and OIDC token, and the certificate was issued as expected. I started a local fulcio like this: $ go run main.go serve --port 5555 --ca ephemeralca --ct-log-url="" --config-path config/identity/config.yaml ... and signed git commits with gitsign. The relevant bits of the certificates look like: git cat-file commit HEAD | sed -n '/-BEGIN/, /-END/p' | sed 's/^ //g' | sed 's/gpgsig //g' | sed 's/SIGNED MESSAGE/PKCS7/g' | openssl pkcs7 -print -print_certs -text ... X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: Code Signing X509v3 Subject Key Identifier: 36:D2:99:B9:BA:98:4B:3A:77:51:DC:08:05:83:12:9A:F4:EE:41:E5 X509v3 Authority Key Identifier: D2:41:21:29:23:AD:E9:27:69:6F:DB:85:6D:1B:3F:7E:A9:55:F3:02 X509v3 Subject Alternative Name: critical URI:https://buildkite.com/yob-opensource/oidc-signing-experiment 1.3.6.1.4.1.57264.1.1: https://agent.buildkite.com 1.3.6.1.4.1.57264.1.8: ..https://agent.buildkite.com 1.3.6.1.4.1.57264.1.11: ..self-hosted 1.3.6.1.4.1.57264.1.13: .(078a6dd4a32fa40592c21a40aedaf27105503140 1.3.6.1.4.1.57264.1.20: ..ui 1.3.6.1.4.1.57264.1.21: .khttps://buildkite.com/yob-opensource/oidc-signing-experiment/builds/52#01943a38-f93e-4355-abe8-90a30369c270 Signed-off-by: James Healy <james@buildkite.com> --------- Signed-off-by: James Healy <james@buildkite.com>

Signed-off-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>

Bumps the all group with 3 updates: [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and google.golang.org/protobuf. Updates `github.com/google/certificate-transparency-go` from 1.3.0 to 1.3.1 - [Release notes](https://github.com/google/certificate-transparency-go/releases) - [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md) - [Commits](google/certificate-transparency-go@v1.3.0...v1.3.1) Updates `google.golang.org/grpc` from 1.69.2 to 1.69.4 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.69.2...v1.69.4) Updates `google.golang.org/protobuf` from 1.36.2 to 1.36.3 --- updated-dependencies: - dependency-name: github.com/google/certificate-transparency-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the all group with 1 update: golang. Updates `golang` from 1.23.4 to 1.23.5 --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the all group with 5 updates: | Package | From | To | | --- | --- | --- | | [ko-build/setup-ko](https://github.com/ko-build/setup-ko) | `0.7` | `0.8` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.1.1` | `5.1.2` | | [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf) | `29.1` | `29.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.1` | `6.2.0` | Updates `ko-build/setup-ko` from 0.7 to 0.8 - [Release notes](https://github.com/ko-build/setup-ko/releases) - [Commits](ko-build/setup-ko@3aebd05...d982fec) Updates `codecov/codecov-action` from 5.1.1 to 5.1.2 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@7f8b4b4...1e68e06) Updates `protocolbuffers/protobuf` from 29.1 to 29.3 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](protocolbuffers/protobuf@v29.1...v29.3) Updates `actions/upload-artifact` from 4.4.3 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b4b15b8...65c4c4a) Updates `golangci/golangci-lint-action` from 6.1.1 to 6.2.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@971e284...ec5d184) --- updated-dependencies: - dependency-name: ko-build/setup-ko dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: protocolbuffers/protobuf dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.61.0 to 0.62.0. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md) - [Commits](prometheus/common@v0.61.0...v0.62.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…1916) Bumps [github.com/tink-crypto/tink-go/v2](https://github.com/tink-crypto/tink-go) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/tink-crypto/tink-go/releases) - [Commits](tink-crypto/tink-go@v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: github.com/tink-crypto/tink-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the go_modules group with 1 update in the /hack/tools directory: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.26.0 to 0.33.0 - [Commits](golang/net@v0.26.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.56.0 to 0.57.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.56.0...v0.57.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.216.0 to 0.217.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.216.0...v0.217.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

v1.6.6

openshift-ci · 2025-03-18T15:43:35Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: tommyd450

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

dependabot bot and others added 30 commits October 14, 2024 07:30

Bump the all group with 2 updates (sigstore#1838)

ff1f9cf

Bump the all group with 2 updates (sigstore#1841)

db6ef56

Add Kaggle identity provider (sigstore#1850)

26f7f63

Support for model hub identity provider Signed-off-by: Hayden B <hblauzvern@google.com>

Bump google-github-actions/auth from 2.1.6 to 2.1.7 in the all group (s…

f337e73

…igstore#1852)

Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (sigstore#1856)

bbb355e

Bump google.golang.org/api from 0.203.0 to 0.204.0 (sigstore#1855)

3113ef2

Bump google.golang.org/api from 0.204.0 to 0.205.0 (sigstore#1862)

051f258

Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (sigstore#1861)

787500e

Bump golang from 1.23.2 to 1.23.3 in the all group (sigstore#1859)

9e65de9

Bump google.golang.org/api from 0.205.0 to 0.206.0 (sigstore#1864)

c1f1410

Bump golang from d56c3e0 to 73f06be (sigstore#1865)

40155f1

Bump the all group across 1 directory with 3 updates (sigstore#1868)

d0d6384

Bump codecov/codecov-action from 5.0.2 to 5.0.7 in the all group (sig…

e9fb3b1

…store#1871)

Bump github.com/google/certificate-transparency-go from 1.2.2 to 1.3.0 (

d68fca8

sigstore#1876)

Bump golang from 1.23.3 to 1.23.4 in the all group (sigstore#1882)

fc1cd1c

Bump the all group with 2 updates (sigstore#1877)

8a91b58

dependabot bot and others added 28 commits December 16, 2024 11:38

Bump go.step.sm/crypto from 0.55.0 to 0.56.0 (sigstore#1898)

e040cde

Bump golang from 7003184 to 7ea4c9d (sigstore#1902)

b2781e0

Bump google.golang.org/protobuf from 1.36.0 to 1.36.1 in the all group (

854cd8c

sigstore#1901)

Bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 (sigstore#1906)

1ae56fe

Bump cloud.google.com/go/security from 1.18.2 to 1.18.3 in the all gr…

1338454

…oup (sigstore#1904)

Bump google.golang.org/api from 0.214.0 to 0.216.0 (sigstore#1908)

88e8311

Relax gomod (sigstore#1909)

2affb2f

* relax go.mod Signed-off-by: cpanato <ctadeu@gmail.com> * simplify GOVERSION extraction and updates Signed-off-by: cpanato <ctadeu@gmail.com> * sync Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: cpanato <ctadeu@gmail.com>

minor linting changes to Dockerfiles (sigstore#1900)

4762d10

Signed-off-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>

config: Add IBM OIDC provider (sigstore#1892)

de90178

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Add CHANGELOG for v1.6.6, bump deps (sigstore#1920)

66a8ce7

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Merge tag 'v1.6.6'

328a341

v1.6.6

tommyd450 closed this Mar 18, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update to v1.6.6 #229

Update to v1.6.6 #229

tommyd450 commented Mar 18, 2025

openshift-ci bot commented Mar 18, 2025

Update to v1.6.6 #229

Update to v1.6.6 #229

Conversation

tommyd450 commented Mar 18, 2025

openshift-ci bot commented Mar 18, 2025