Bump the all group across 1 directory with 19 updates

[dependabot]

Bumps the all group with 12 updates in the /acceptance directory:

Package	From	To
cuelang.org/go	0.11.1	0.12.0
github.com/enterprise-contract/enterprise-contract-controller/api	0.1.79	0.1.83
github.com/evanphx/json-patch/v5	5.9.0	5.9.11
github.com/gkampitakis/go-snaps	0.5.7	0.5.11
github.com/go-git/go-billy/v5	5.6.0	5.6.2
github.com/go-git/go-git/v5	5.13.0	5.14.0
github.com/google/go-containerregistry	0.20.2	0.20.3
github.com/otiai10/copy	1.14.0	1.14.1
github.com/sigstore/cosign/v2	2.4.1	2.4.3
github.com/tektoncd/pipeline	0.66.0	0.69.0
github.com/testcontainers/testcontainers-go	0.34.0	0.35.0
sigs.k8s.io/kustomize/api	0.18.0	0.19.0

Updates cuelang.org/go from 0.11.1 to 0.12.0

Updates github.com/enterprise-contract/enterprise-contract-controller/api from 0.1.79 to 0.1.83

Release notes

Sourced from github.com/enterprise-contract/enterprise-contract-controller/api's releases.

API Release api/v0.1.83

What's Changed

• Bump actions/setup-go from 5.2.0 to 5.3.0 by @​dependabot in enterprise-contract/enterprise-contract-controller#470

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.82...api/v0.1.83

API Release api/v0.1.82

What's Changed

• Bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​dependabot in enterprise-contract/enterprise-contract-controller#480

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.81...api/v0.1.82

API Release api/v0.1.81

What's Changed

• Bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​dependabot in enterprise-contract/enterprise-contract-controller#482
• Bump github/codeql-action from 3.28.1 to 3.28.10 by @​dependabot in enterprise-contract/enterprise-contract-controller#481

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.80...api/v0.1.81

API Release api/v0.1.80

What's Changed

• Bump codecov/codecov-action from 5.1.2 to 5.4.0 by @​dependabot in enterprise-contract/enterprise-contract-controller#485

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.79...api/v0.1.80

Commits

• 6f293a9 Merge pull request #470 from enterprise-contract/dependabot/github_actions/ac...
• 3bbb0b4 Merge pull request #480 from enterprise-contract/dependabot/github_actions/ac...
• c84deab Merge pull request #481 from enterprise-contract/dependabot/github_actions/gi...
• 0a8bb0c Merge pull request #482 from enterprise-contract/dependabot/github_actions/os...
• cb28e70 Merge pull request #485 from enterprise-contract/dependabot/github_actions/co...
• 0c1d3d1 Bump codecov/codecov-action from 5.1.2 to 5.4.0
• 2b7b058 Bump ossf/scorecard-action from 2.4.0 to 2.4.1
• 7b68a28 Bump github/codeql-action from 3.28.1 to 3.28.10
• 64d8c5f Bump actions/upload-artifact from 4.6.0 to 4.6.1
• 79e1e1f Bump actions/setup-go from 5.2.0 to 5.3.0
• See full diff in compare view

Updates github.com/evanphx/json-patch/v5 from 5.9.0 to 5.9.11

Release notes

Sourced from github.com/evanphx/json-patch/v5's releases.

v5.9.11

What's Changed

• Export errBadJSONDoc and errBadJSONPatch errors by @​skitt in evanphx/json-patch#209

Full Changelog: evanphx/json-patch@v5.9.10...v5.9.11

v5.9.10

What's Changed

• Drop the reference to gopkg.in for v5 by @​skitt in evanphx/json-patch#203
• remove unmaintained errors pkg(github.com/pkg/errors) by @​koba1t in evanphx/json-patch#206

New Contributors

• @​skitt made their first contribution in evanphx/json-patch#203
• @​koba1t made their first contribution in evanphx/json-patch#206

Full Changelog: evanphx/json-patch@v5.9.0...v5.9.10

Commits

• 84a4bb1 Merge pull request #209 from skitt/export-errs-v5
• 7a7a88a Export errBadJSONDoc and errBadJSONPatch errors
• bd18525 Upgrade go-flags
• 42f26cb Fix spacing
• 0a3482b Merge pull request #206 from koba1t/remove_unmaintained_error_pkg
• 106306d remove unmaintained errors pkg
• e7cfbbb Merge pull request #203 from skitt/drop-gopkgin-v5
• 61e1ad7 Drop the reference to gopkg.in for v5
• See full diff in compare view

Updates github.com/gkampitakis/go-snaps from 0.5.7 to 0.5.11

Release notes

Sourced from github.com/gkampitakis/go-snaps's releases.

v0.5.11

What's Changed

• feat: add json format config by @​kitimark in gkampitakis/go-snaps#121

New Contributors

• @​kitimark made their first contribution in gkampitakis/go-snaps#121

Full Changelog: gkampitakis/go-snaps@v0.5.10...v0.5.11

v0.5.10

What's Changed

• fix: handle builds with trimpath enabled by @​gkampitakis in gkampitakis/go-snaps#120

Full Changelog: gkampitakis/go-snaps@v0.5.9...v0.5.10

v0.5.9

What's Changed

• fix: snaps.Update should apply and on snapshot create by @​gkampitakis in gkampitakis/go-snaps#119

Full Changelog: gkampitakis/go-snaps@v0.5.8...v0.5.9

Kudos to @​orloffv for this issue gkampitakis/go-snaps#116

v0.5.8

What's Changed

• feat: implement matchYAML by @​gkampitakis in gkampitakis/go-snaps#114
• feat: implement matchStandaloneJSON by @​gkampitakis in gkampitakis/go-snaps#113

Full Changelog: gkampitakis/go-snaps@v0.5.7...v0.5.8

Commits

• e004bc1 feat: add json format config (#121)
• 8740883 fix: handle builds with trimpath enabled (#120)
• 00f3055 fix: snaps.Update should apply and on snapshot create (#119)
• 560fde0 feat: implement matchStandaloneJSON (#113)
• f81115d feat: implement matchYAML (#114)
• See full diff in compare view

Updates github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.2

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.6.2

What's Changed

• Enable the iofs adapter to also return other interfaces from io/fs by @​JAORMX in go-git/go-billy#102
• build: Bump dependencies by @​pjbgf in go-git/go-billy#103

New Contributors

• @​JAORMX made their first contribution in go-git/go-billy#102

Full Changelog: go-git/go-billy@v5.6.1...v5.6.2

v5.6.1

What's Changed

• build: bump github/codeql-action from 3.26.11 to 3.27.0 by @​dependabot in go-git/go-billy#88
• build: bump github/codeql-action from 3.27.0 to 3.27.1 by @​dependabot in go-git/go-billy#89
• build: bump github/codeql-action from 3.27.1 to 3.27.4 by @​dependabot in go-git/go-billy#90
• build: bump github/codeql-action from 3.27.4 to 3.27.5 by @​dependabot in go-git/go-billy#91
• Bump dependencies and build housekeeping by @​pjbgf in go-git/go-billy#95

Full Changelog: go-git/go-billy@v5.6.0...v5.6.1

Commits

• 9f8b16d Merge pull request #103 from pjbgf/bump-deps
• 783f58c build: Bump dependencies
• 0009381 Merge pull request #102 from JAORMX/iofs-extra-interfaces-v5
• 21beb15 Enable the iofs adapter to also return other interfaces from io/fs
• a6c6b50 Merge pull request #95 from pjbgf/pre-release
• f4615d3 build: Remove test_js workflow
• ae8b61b build: Bump workflows Go versions
• b412339 build: Align dependabot settings with go-git
• d982317 build: Bump Go to 1.21 and dependencies
• 9ca623c Merge pull request #91 from go-git/dependabot/github_actions/github/codeql-ac...
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.13.0 to 5.14.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.14.0

What's Changed

• v5: Bump Go and dependencies to mitigate GO-2025-3487 by @​pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/[email protected] which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

v5.13.2

What's Changed

• plumbing: use the correct user agent string. Fixes #883 by @​uragirii in go-git/go-git#1364
• build: bump golang.org/x/sys from 0.28.0 to 0.29.0 in the golang-org group by @​dependabot in go-git/go-git#1365
• build: bump the golang-org group with 2 updates by @​dependabot in go-git/go-git#1367
• build: bump github.com/ProtonMail/go-crypto from 1.1.3 to 1.1.4 by @​dependabot in go-git/go-git#1368
• build: bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by @​dependabot in go-git/go-git#1378
• build: bump github/codeql-action from 3.28.0 to 3.28.1 by @​dependabot in go-git/go-git#1376
• build: bump github.com/elazarl/goproxy from 1.2.3 to 1.4.0 by @​dependabot in go-git/go-git#1377
• git: worktree, fix restoring dot slash files (backported to v5). Fixes #1176 by @​BeChris in go-git/go-git#1361
• build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2 by @​dependabot in go-git/go-git#1392
• git: worktree_status, fix adding dot slash files to working tree (backported to v5). Fixes #1150 by @​BeChris in go-git/go-git#1359
• build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5 by @​dependabot in go-git/go-git#1383

Full Changelog: go-git/go-git@v5.13.1...v5.13.2

v5.13.1

What's Changed

• build: bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 by @​dependabot in go-git/go-git#1327
• build: bump github.com/elazarl/goproxy from 1.2.1 to 1.2.2 by @​dependabot in go-git/go-git#1329
• build: bump github.com/elazarl/goproxy from 1.2.2 to 1.2.3 by @​dependabot in go-git/go-git#1340
• Revert "plumbing: transport/ssh, Add support for SSH @​cert-authority." by @​pjbgf in #1346

Full Changelog: go-git/go-git@v5.13.0...v5.13.1

Commits

• 863c621 Merge pull request #1436 from pjbgf/v5-bumps
• 2e69e81 build: Bump dependencies
• b2c1ec9 build: Bump Go versions
• 2c68247 Merge pull request #1383 from go-git/dependabot/go_modules/github.com/ProtonM...
• d462c2e Merge pull request #1359 from BeChris/issue1150-v5
• 32ac23a Merge pull request #1392 from go-git/dependabot/go_modules/github.com/pjbgf/s...
• 93e635a build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2
• b2bb975 git: worktree_status, took into account code review remarks
• 518ac88 git: worktree_status, fix adding dot slash files to working tree (backported ...
• 21b3150 build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5
• Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.2 to 0.20.3

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.3

What's Changed

• remote/transport: Make bearer transport go-routine-safe by @​2opremio in google/go-containerregistry#1806
• Expose compare package by @​jonjohnsonjr in google/go-containerregistry#2001
• fix: redact.URL uses (*URL).Redacted to omit basic-auth password by @​bmoylan in google/go-containerregistry#1947
• bump actions to latest by @​ajayk in google/go-containerregistry#2011
• don't pin chainguard-dev/actions by @​imjasonh in google/go-containerregistry#2025
• Check for 406 status code when handling referrers API endpoint response by @​malancas in google/go-containerregistry#2026
• mutate: Create a defensive annotations copy by @​jonjohnsonjr in google/go-containerregistry#2030
• Detect zstd in crane append by @​jonjohnsonjr in google/go-containerregistry#2023
• bump deps using hack/bump-deps.sh by @​imjasonh in google/go-containerregistry#2042

New Contributors

• @​bmoylan made their first contribution in google/go-containerregistry#1947
• @​ajayk made their first contribution in google/go-containerregistry#2011
• @​malancas made their first contribution in google/go-containerregistry#2026

Full Changelog: google/go-containerregistry@v0.20.2...v0.20.3

Commits

• c4dd792 bump deps using hack/bump-deps.sh (#2042)
• 6bce25e Detect zstd in crane append (#2023)
• 06dcd85 mutate: Create a defensive annotations copy (#2030)
• a9a53a8 check for 406 status code when handling referrers endpoint response (#2026)
• 4630c40 don't pin chainguard-dev/actions (#2025)
• 808e354 bump actions to latest (#2011)
• a07d1ca fix: redact.URL uses (*URL).Redacted to omit basic-auth password (#1947)
• 00f182b Expose compare package (#2001)
• b8e87ed remote/transport: Make bearer transport go-routine-safe (#1806)
• See full diff in compare view

Updates github.com/otiai10/copy from 1.14.0 to 1.14.1

Commits

• 5ef5923 Revert "CopyMethod" since it's not ready
• 49b0b59 Merge pull request #164 from eth-p/feat-copymethod-api
• f530620 ci: Allow triggering Go workflow manually
• b4dd789 refactor: Split common code out of CopyBytes
• 9205813 feat: Add FileCopyMethod option / API
• 2f93b8f Merge pull request #159 from otiai10/dependabot/go_modules/main/golang.org/x/...
• 87072f3 Bump golang.org/x/sys from 0.23.0 to 0.24.0
• d0690cb Merge pull request #158 from otiai10/dependabot/go_modules/main/golang.org/x/...
• b87119d Bump golang.org/x/sys from 0.22.0 to 0.23.0
• 355527c Merge pull request #157 from otiai10/dependabot/go_modules/main/golang.org/x/...
• Additional commits viewable in compare view

Updates github.com/sigstore/cosign/v2 from 2.4.1 to 2.4.3

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.4.3

Features

• Bump sigstore/sigstore to support KMS plugins (#4073)
• Enable fetching signatures without remote get. (#4047)
• Feat/file flag completion improvements (#4028)
• Update builder to use go1.23.6 (#4052)

Bug Fixes

• fix parsing error in --only for cosign copy (#4049)

Cleanup

• Refactor verifyNewBundle into library function (#4013)
• fix comment typo and imports order (#4061)
• sync comment with parameter name in function signature (#4063)
• sort properly Go imports (#4071)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Dmitry Savintsev
• Hayden B
• Tomasz Janiszewski
• Ville Skyttä

v2.4.2

Features

• Updated open-policy-agent to 1.1.0 library (#4036)
  • Note that only Rego v0 policies are supported at this time
• Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
• Add support for verifying root checksum in cosign initialize (#3953)
• Detect if user supplied a valid protobuf bundle (#3931)
• Add a log message if user doesn't provide --trusted-root (#3933)
• Support mTLS towards container registry (#3922)
• Add bundle create helper command (#3901)
• Add trusted-root create helper command (#3876)

Bug Fixes

• fix: set tls config while retaining other fields from default http transport (#4007)
• policy fuzzer: ignore known panics (#3993)
• Fix for multiple WithRemote options (#3982)
• Add nightly conformance test workflow (#3979)
• Fix copy --only for signatures + update/align docs (#3904)

... (truncated)

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.4.3

Features

• Bump sigstore/sigstore to support KMS plugins (#4073)
• Enable fetching signatures without remote get. (#4047)
• Feat/file flag completion improvements (#4028)
• Update builder to use go1.23.6 (#4052)

Bug Fixes

• fix parsing error in --only for cosign copy (#4049)

Cleanup

• Refactor verifyNewBundle into library function (#4013)
• fix comment typo and imports order (#4061)
• sync comment with parameter name in function signature (#4063)
• sort properly Go imports (#4071)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Dmitry Savintsev
• Hayden B
• Tomasz Janiszewski
• Ville Skyttä

v2.4.2

Features

• Updated open-policy-agent to 1.1.0 library (#4036)
  • Note that only Rego v0 policies are supported at this time
• Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
• Add support for verifying root checksum in cosign initialize (#3953)
• Detect if user supplied a valid protobuf bundle (#3931)
• Add a log message if user doesn't provide --trusted-root (#3933)
• Support mTLS towards container registry (#3922)
• Add bundle create helper command (#3901)
• Add trusted-root create helper command (#3876)

Bug Fixes

• fix: set tls config while retaining other fields from default http transport (#4007)
• policy fuzzer: ignore known panics (#3993)
• Fix for multiple WithRemote options (#3982)
• Add nightly conformance test workflow (#3979)

... (truncated)

Commits

• 6a7abbf chore(deps): bump the gomod group across 1 directory with 4 updates (#4074)
• 0b69cc5 chore(deps): bump github.com/buildkite/agent/v3 from 3.91.0 to 3.92.1 (#4066)
• 3564b3e chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4065)
• d6aeeb2 Enable fetching signatures without remote get. (#4047)
• 26d0ee5 Bump sigstore/sigstore to support KMS plugins (#4073)
• 5181623 chore(deps): bump golangci/golangci-lint-action in the actions group (#4070)
• c1b1a78 chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#4067)
• a0b20b7 sort properly Go imports (#4071)
• b4be5f7 chore(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 (#4068)
• 01fde81 sync comment with parameter name in function signature (#4063)
• Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.3.6 to 1.3.9

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.3.9

Changelog

• f3db95b2bb18be7e1904fa25d1bcdb7d55caa73a Cache checkpoint for inactive shards (#2332)
• f875aa2d39b2bcef0e84e43a6153447bed0077f6 Support per-shard signing keys (#2330)

Thanks for all contributors!

v1.3.8

Changelog

Please see https://github.com/sigstore/rekor/blob/main/CHANGELOG.md for changes included in this release.

New Contributors

• @​sgpinkus made their first contribution in sigstore/rekor#2322
• @​dnwe made their first contribution in sigstore/rekor#2325

Full Changelog: sigstore/rekor@v1.3.7...v1.3.8

v1.3.7

Changelog

Please see https://github.com/sigstore/rekor/blob/main/CHANGELOG.md for changes included in this release.

Thanks for all contributors!

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.3.9

Features

• Cache checkpoint for inactive shards (#2332)
• Support per-shard signing keys (#2330)

Contributors

• Hayden B

v1.3.8

Bug Fixes

• fix zizmor issues (#2298)
• remove unneeded value in log message (#2282)

Quality Enhancements

• chore: relax go directive to permit 1.22.x
• fetch minisign from homebrew instead of custom ppa (#2329)
• fix(ci): simplify GOVERSION extraction
• chore(deps): bump actions pins to latest
• Updates go and golangci-lint (#2302)
• update builder to use go1.23.4 (#2301)
• clean up spaces
• log request body on 500 error to aid debugging (#2283)

Contributors

• Appu Goundan
• Bob Callaway
• Carlos Tadeu Panato Junior
• Dominic Evans
• sgpinkus

v1.3.7

New Features

• log request body on 500 error to aid debugging (#2283)
• Add support for signing with Tink keyset (#2228)
• Add public key hash check in Signed Note verification (#2214)
• update Trillian TLS configuration (#2202)
• Add TLS support for Trillian server (#2164)
• Replace docker-compose with plugin if available (#2153)
• Add flags to backfill script (#2146)
• Unset DisableKeepalive for backfill HTTP client (#2137)
• Add script to delete indexes from Redis (#2120)

... (truncated)

Commits

• b67ee82 build(deps): Bump google.golang.org/grpc from 1.69.4 to 1.70.0
• 40f29ba build(deps): Bump golang from 51a6466 to 8c10f21
• 2497b42 build(deps): Bump google/cloud-sdk from 506.0.0 to 507.0.0
• ac42c19 build(deps): Bump google.golang.org/api from 0.217.0 to 0.218.0
• 10e8115 build(deps): Bump the all group with 3 updates
• 2f182a1 build(deps): Bump google.golang.org/protobuf in the all group
• f3db95b Cache checkpoint for inactive shards (#2332)
• 1cb78ca build(deps): Bump google/cloud-sdk from 505.0.0 to 506.0.0
• b68f6bb build(deps): Bump google.golang.org/api from 0.216.0 to 0.217.0
• 15c696c build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.2.0 to 2.3.0
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.9 to 1.8.15

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.15

What's Changed

• pkg/signature: fix RSA PSS 3072 key size in algorithm registry in sigstore/sigstore#1981
• check concrete type for non-nil to stop fuzzing crash in sigstore/sigstore#1983
• fix: cliplugin: return ErrorProviderNotFound when calling Get with a path in sigstore/sigstore#1982

Full Changelog: sigstore/sigstore@v1.8.14...v1.8.15

v1.8.14

What's Changed

This is the same content as v1.8.13, with a CI/CD fix.

• add initial plugin support for KMSs in sigstore/sigstore#1901
• cliplugin: add mocks and serialization testing in sigstore/sigstore#1918
• kms plugin: add SignMessage in sigstore/sigstore#1919
• cliplugin: add VerifySignature in sigstore/sigstore#1944
• cliplugin: add windows ci testing in sigstore/sigstore#1951
• Create Algorithm Registry API in sigstore/sigstore#1601
• cliplugin: add SupportedAlgorithms(), PublicKey(), and CryptoSigner(). in sigstore/sigstore#1946
• cliplugin: use caller contexts in sigstore/sigstore#1947
• cliplugin: semver, add tests for hash func encoding in sigstore/sigstore#1948
• cliplugin: lint fixes in sigstore/sigstore#1958
• cliplugin: convert module to package only in sigstore/sigstore#1956

v1.8.13

What's Changed

• add initial plugin support for KMSs in sigstore/sigstore#1901
• cliplugin: add mocks and serialization testing in sigstore/sigstore#1918
• kms plugin: add SignMessage in sigstore/sigstore#1919
• cliplugin: add VerifySignature in sigstore/sigstore#1944
• cliplugin: add windows ci testing in sigstore/sigstore#1951
• Create Algorithm Registry API in sigstore/sigstore#1601
• cliplugin: add SupportedAlgorithms(), PublicKey(), and CryptoSigner(). in sigstore/sigstore#1946
• cliplugin: use caller contexts in sigstore/sigstore#1947
• cliplugin: semver, add tests for hash func encoding in sigstore/sigstore#1948
• cliplugin: lint fixes in sigstore/sigstore#1958
• cliplugin: convert module to package only in sigstore/sigstore#1956

Full Changelog: sigstore/sigstore@v1.8.12...v1.8.13

v1.8.12

What's Changed

• build(deps): Bump google.golang.org/api from 0.210.0 to 0.212.0 in /pkg/signature/kms/gcp by @​dependabot in sigstore/sigstore#1912
• build(deps): Bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in /pkg/signature/kms/gcp by @​dependabot in sigstore/sigstore#1911
• build(deps): Bump actions/setup-go from 5.1.0 to 5.2.0 in the all group by @​dependabot in sigstore/sigstore#1909
• build(deps): Bump google.golang.org/api from 0.212.0 to 0.214.0 in /pkg/signature/kms/gcp by @​dependabot in sigstore/sigstore#1917

... (truncated)

Commits

• 0c5004e build(deps): Bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#1968)
• 08ccf77 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#1970)
• 9720b04 build(deps): Bump golangci/golangci-lint-action (#1984)
• ce0fa17 fix: cliplugin: return ErrorProviderNotFound when calling Get with a path (#1...
• a5ada3f check concrete type for non-nil (#1983)
• 75b85e2 pkg/signature: fix RSA PSS 3072 key size in algorithm registry (#1981)
• 351b102 export variable (#1978)
• 0a1ec6f build(deps): Bump golang.org/x/oauth2 in /pkg/signature/kms/gcp (#1973)
• a806b7e build(deps): Bump github.com/hashicorp/vault/api (#1974)
• a235f11 build(deps): Bump localstack/localstack in /test/e2e in the all group (#1965)
• Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 0.66.0 to 0.69.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.69.0 "Oriental Longhair Omnibot"

-Docs @ v0.69.0 -Examples @ v0.69.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.69.0/release.yaml
REKOR_UUID=108e9186e8c5677a83b80360985c8a19920792656acc1566def6a298da6b73bd47b42307bceab304
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.0@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Add feature flag to set readOnlyRootFilesystem for containers (#8186)

New feature flag set-security-context-read-only-root-filesystem in ConfigMap feature-flags. The new feature sets readOnlyRootFilesystem in securityContext for taskrun and affinity assistant containers.

Fixes

• 🐛 fix: Move when condition to higher priority (#8569)

... (truncated)

Changelog

Sourced from github.com/tektoncd/pipeline's changelog.

Tekton Pipeline Releases

Release Frequency

Tekton Pipelines follows the Tekton community [release policy][release-policy] as follows:

• Versions are numbered according to semantic versioning: vX.Y.Z
• A new release is produced on a monthly basis
• Four releases a year are chosen for long term support (LTS). All remaining releases are supported for approximately 1 month (until the next release is produced)
  • LTS releases take place in January, April, July and October every year
  • The first Tekton Pipelines LTS release will be v0.41.0 in October 2022
  • Releases happen towards the middle of the month, between the 13th and the 20th, depending on week-ends and readiness

Tekton Pipelines produces nightly builds, publicly available on gcr.io/tekton-nightly.

Transition Process

Before release v0.41 Tekton Pipelines has worked on the basis of an undocumented support period of four months, which will be maintained for the releases between v0.37 and v0.40.

Release Process

Tekton Pipeline releases are made of YAML manifests and container images. Manifests are published to cloud object-storage as well as [GitHub][tekton-pipeline-releases]. Container images are signed by [Sigstore][sigstore] via [Tekton Chains][tekton-chains]; signatures can be ...

Description has been truncated