From 69cb3eef1342553244494dd96c416be75347180f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 08:12:53 -0500 Subject: [PATCH 01/12] chore(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3 (#60) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.53.0 to 1.56.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.53.0...v1.56.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 21 +++++++++++---------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 76b61d6d..16747c0a 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 go.step.sm/crypto v0.25.0 golang.org/x/sys v0.13.0 - google.golang.org/grpc v1.53.0 + google.golang.org/grpc v1.56.3 gopkg.in/square/go-jose.v2 v2.6.0 k8s.io/apimachinery v0.26.1 ) @@ -51,7 +51,7 @@ require ( github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/zclconf/go-cty v1.12.1 // indirect golang.org/x/mod v0.8.0 // indirect - golang.org/x/oauth2 v0.5.0 // indirect + golang.org/x/oauth2 v0.7.0 // indirect golang.org/x/tools v0.6.0 // indirect google.golang.org/appengine v1.6.7 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -72,7 +72,7 @@ require ( github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/gobwas/glob v0.2.3 - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/imdario/mergo v0.3.13 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect @@ -91,8 +91,8 @@ require ( golang.org/x/net v0.17.0 // indirect golang.org/x/term v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect - google.golang.org/genproto v0.0.0-20230222225845-10f96fb3dbec // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect + google.golang.org/protobuf v1.30.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 10aa8b70..fe9673cd 100644 --- a/go.sum +++ b/go.sum @@ -81,13 +81,14 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= +github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/google/flatbuffers v2.0.8+incompatible h1:ivUb1cGomAB101ZM1T0nOiWz9pSrTMoa9+EiY7igmkM= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= @@ -266,8 +267,8 @@ golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= -golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s= -golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= +golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -327,15 +328,15 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20230222225845-10f96fb3dbec h1:6rwgChOSUfpzJF2/KnLgo+gMaxGpujStSkPWrbhXArU= -google.golang.org/genproto v0.0.0-20230222225845-10f96fb3dbec/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= -google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= -google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= +google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 5c92286e8591848f8debfa235e966a734869797e Mon Sep 17 00:00:00 2001 From: John Kjell Date: Mon, 6 Nov 2023 13:00:54 -0600 Subject: [PATCH 02/12] Add maintainers file (#64) Signed-off-by: John Kjell --- MAINTAINERS.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 MAINTAINERS.md diff --git a/MAINTAINERS.md b/MAINTAINERS.md new file mode 100644 index 00000000..7c46c8b9 --- /dev/null +++ b/MAINTAINERS.md @@ -0,0 +1,8 @@ +# Maintainers + +| Name | GitHub | +|----------------------------|-----------------| +| Cole Kennedy (TestifySec) | [@colek42](https://github.com/colek42) | +| John Kjell (TestifySec) | [@jkjell](https://github.com/jkjell) | +| Mikhail Swift (TestifySec) | [@mikhailswift](https://github.com/mikhailswift) | +| Aditya Sirish (NYU) | [@adityasaky](https://github.com/adityasaky) | \ No newline at end of file From 08d1c3798948e2a81c5aa3a3ff38cc8ca3ec06e8 Mon Sep 17 00:00:00 2001 From: John Kjell Date: Wed, 15 Nov 2023 10:37:32 -0600 Subject: [PATCH 03/12] Add dependabot config, reusable witness workflow, and update pipeline Signed-off-by: John Kjell --- .github/dependabot.yml | 28 ++++++++++++ .github/workflows/release.yml | 69 +++++++++++------------------- .github/workflows/witness.yml | 80 +++++++++++++++++++++++++++++++++++ 3 files changed, 133 insertions(+), 44 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/witness.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..8d2b1f50 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,28 @@ +version: 2 + +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "chore" + + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "chore" + ignore: + - dependency-name: "*" + update-types: + - "version-update:semver-major" + - "version-update:semver-minor" + + - package-ecosystem: docker + directory: / + schedule: + interval: daily + commit-message: + prefix: "chore" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cb95c7b1..2861efc3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,49 +18,30 @@ permissions: name: release on: [push, pull_request] jobs: - test: - strategy: - matrix: - go-version: [ 1.19.x ] - os: [ ubuntu-latest ] - runs-on: ${{ matrix.os }} - steps: - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: ${{ matrix.go-version }} - - name: Checkout code - uses: actions/checkout@v2 - - uses: actions/cache@v2 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - name: Format Unix - run: test -z $(go fmt ./...) - - name: Install GoKart - run: go install github.com/praetorian-inc/gokart@latest + fmt: + uses: ./.github/workflows/witness.yml + with: + pull_request: ${{ github.event_name == 'pull_request' }} + step: fmt + attestations: "git github environment" + command: go fmt ./... - - name: Static Analysis - uses: testifysec/witness-run-action@40aa4ef36fc431a37de7c3faebcb66513c03b934 - with: - step: static-analysis - attestations: "github sarif" - command: gokart scan . -o sarif-results.json -s + sast: + needs: [fmt] + uses: ./.github/workflows/witness.yml + with: + pull_request: ${{ github.event_name == 'pull_request' }} + step: sast + attestations: "git github environment" + command: go vet ./... - - name: Test - uses: testifysec/witness-run-action@40aa4ef36fc431a37de7c3faebcb66513c03b934 - with: - step: "test" - attestations: "github" - command: go test -v -coverprofile=profile.cov -covermode=atomic ./... - - - name: Send coverage - env: - COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - GO111MODULE=off go get github.com/mattn/goveralls - $(go env GOPATH)/bin/goveralls -coverprofile=profile.cov -service=github + unit-test: + needs: [fmt] + uses: ./.github/workflows/witness.yml + with: + pull_request: ${{ github.event_name == 'pull_request' }} + step: unit-test + attestations: "git github environment" + command: go test -v -coverprofile=profile.cov -covermode=atomic ./... + artifact-upload-name: profile.cov + artifact-upload-path: profile.cov diff --git a/.github/workflows/witness.yml b/.github/workflows/witness.yml new file mode 100644 index 00000000..3a21372e --- /dev/null +++ b/.github/workflows/witness.yml @@ -0,0 +1,80 @@ +# Copyright 2023 The Witness Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +on: + workflow_call: + inputs: + pull_request: + required: true + type: boolean + artifact-download: + required: false + type: string + artifact-upload-name: + required: false + type: string + artifact-upload-path: + required: false + type: string + pre-command: + required: false + type: string + command: + required: true + type: string + step: + required: true + type: string + attestations: + required: true + type: string + +jobs: + witness: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 + with: + go-version: 1.21.x + + - if: ${{ inputs.artifact-download != '' }} + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.artifact-download }} + path: /tmp + + - if: ${{ inputs.pre-command != '' && inputs.pull_request == false }} + uses: testifysec/witness-run-action@40aa4ef36fc431a37de7c3faebcb66513c03b934 + with: + step: pre-${{ inputs.step }} + attestations: ${{ inputs.attestations }} + command: /bin/sh -c "${{ inputs.pre-command }}" + - if: ${{ inputs.pre-command != '' && inputs.pull_request == true }} + run: ${{ inputs.pre-command }} + + - if: ${{ inputs.pull_request == false }} + uses: testifysec/witness-run-action@40aa4ef36fc431a37de7c3faebcb66513c03b934 + with: + step: ${{ inputs.step }} + attestations: ${{ inputs.attestations }} + command: /bin/sh -c "${{ inputs.command }}" + - if: ${{ inputs.pull_request == true }} + run: ${{ inputs.command }} + + - if: ${{ inputs.artifact-upload-path != '' && inputs.artifact-upload-name != ''}} + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.artifact-upload-name }} + path: ${{ inputs.artifact-upload-path }} From c487391b3d244207a481f04f6906d8432bc99ba4 Mon Sep 17 00:00:00 2001 From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 25 Oct 2023 07:10:31 -0500 Subject: [PATCH 04/12] Changed to pointer receiver when both were mixed - Changed to pointer receiver when both were mixed. - https://go.dev/doc/faq#methods_on_values_or_pointers Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- attestation/material/material.go | 6 +++--- attestation/product/product.go | 6 +++--- cryptoutil/digestset.go | 12 ++++++------ registry/option.go | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/attestation/material/material.go b/attestation/material/material.go index 801289ac..84394d33 100644 --- a/attestation/material/material.go +++ b/attestation/material/material.go @@ -47,15 +47,15 @@ type Attestor struct { materials map[string]cryptoutil.DigestSet } -func (a Attestor) Name() string { +func (a *Attestor) Name() string { return Name } -func (a Attestor) Type() string { +func (a *Attestor) Type() string { return Type } -func (rc *Attestor) RunType() attestation.RunType { +func (a *Attestor) RunType() attestation.RunType { return RunType } diff --git a/attestation/product/product.go b/attestation/product/product.go index 81a9a7da..3ef24571 100644 --- a/attestation/product/product.go +++ b/attestation/product/product.go @@ -125,15 +125,15 @@ func fromDigestMap(digestMap map[string]cryptoutil.DigestSet) map[string]attesta return products } -func (a Attestor) Name() string { +func (a *Attestor) Name() string { return Name } -func (a Attestor) Type() string { +func (a *Attestor) Type() string { return Type } -func (rc *Attestor) RunType() attestation.RunType { +func (a *Attestor) RunType() attestation.RunType { return RunType } diff --git a/cryptoutil/digestset.go b/cryptoutil/digestset.go index d97ef70a..4c70eddd 100644 --- a/cryptoutil/digestset.go +++ b/cryptoutil/digestset.go @@ -114,9 +114,9 @@ func (first DigestSet) Equal(second DigestSet) bool { return hasMatchingDigest } -func (ds DigestSet) ToNameMap() (map[string]string, error) { +func (first DigestSet) ToNameMap() (map[string]string, error) { nameMap := make(map[string]string) - for hash, digest := range ds { + for hash, digest := range first { name, ok := hashNames[hash] if !ok { return nameMap, ErrUnsupportedHash(hash.String()) @@ -190,8 +190,8 @@ func CalculateDigestSetFromFile(path string, hashes []crypto.Hash) (DigestSet, e return CalculateDigestSet(file, hashes) } -func (ds DigestSet) MarshalJSON() ([]byte, error) { - nameMap, err := ds.ToNameMap() +func (first DigestSet) MarshalJSON() ([]byte, error) { + nameMap, err := first.ToNameMap() if err != nil { return nil, err } @@ -199,7 +199,7 @@ func (ds DigestSet) MarshalJSON() ([]byte, error) { return json.Marshal(nameMap) } -func (ds *DigestSet) UnmarshalJSON(data []byte) error { +func (first *DigestSet) UnmarshalJSON(data []byte) error { nameMap := make(map[string]string) err := json.Unmarshal(data, &nameMap) if err != nil { @@ -211,7 +211,7 @@ func (ds *DigestSet) UnmarshalJSON(data []byte) error { return err } - *ds = newDs + *first = newDs return nil } diff --git a/registry/option.go b/registry/option.go index 71ba1669..28591008 100644 --- a/registry/option.go +++ b/registry/option.go @@ -37,7 +37,7 @@ type ConfigOption[T any, TOption Option] struct { setter func(T, TOption) (T, error) } -func (co ConfigOption[T, TOption]) Name() string { +func (co *ConfigOption[T, TOption]) Name() string { if len(co.prefix) == 0 { return co.name } @@ -49,15 +49,15 @@ func (co *ConfigOption[T, TOption]) SetPrefix(prefix string) { co.prefix = prefix } -func (co ConfigOption[T, TOption]) DefaultVal() TOption { +func (co *ConfigOption[T, TOption]) DefaultVal() TOption { return co.defaultVal } -func (co ConfigOption[T, TOption]) Description() string { +func (co *ConfigOption[T, TOption]) Description() string { return co.description } -func (co ConfigOption[T, TOption]) Setter() func(T, TOption) (T, error) { +func (co *ConfigOption[T, TOption]) Setter() func(T, TOption) (T, error) { return co.setter } From 78ca94550afc6b37c344d24c1df7004c6609c8c2 Mon Sep 17 00:00:00 2001 From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 25 Oct 2023 12:03:43 -0500 Subject: [PATCH 05/12] Improve DigestSet logic and JSON marshalling - Change the signature of `Equal()` and `ToNameMap()` functions to accept a pointer Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- attestation/product/product_test.go | 3 ++- cryptoutil/digestset.go | 16 ++++++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/attestation/product/product_test.go b/attestation/product/product_test.go index ece998d9..76502b74 100644 --- a/attestation/product/product_test.go +++ b/attestation/product/product_test.go @@ -36,7 +36,8 @@ func TestFromDigestMap(t *testing.T) { testDigestSet["test"] = testDigest result := fromDigestMap(testDigestSet) assert.Len(t, result, 1) - assert.True(t, result["test"].Digest.Equal(testDigest)) + digest := result["test"].Digest + assert.True(t, digest.Equal(testDigest)) } func TestAttestorName(t *testing.T) { diff --git a/cryptoutil/digestset.go b/cryptoutil/digestset.go index 4c70eddd..ec291da4 100644 --- a/cryptoutil/digestset.go +++ b/cryptoutil/digestset.go @@ -96,9 +96,9 @@ func HashFromString(name string) (crypto.Hash, error) { // Equal returns true if every digest for hash functions both artifacts have in common are equal. // If the two artifacts don't have any digests from common hash functions, equal will return false. // If any digest from common hash functions differ between the two artifacts, equal will return false. -func (first DigestSet) Equal(second DigestSet) bool { +func (ds *DigestSet) Equal(second DigestSet) bool { hasMatchingDigest := false - for hash, digest := range first { + for hash, digest := range *ds { otherDigest, ok := second[hash] if !ok { continue @@ -114,9 +114,9 @@ func (first DigestSet) Equal(second DigestSet) bool { return hasMatchingDigest } -func (first DigestSet) ToNameMap() (map[string]string, error) { +func (ds *DigestSet) ToNameMap() (map[string]string, error) { nameMap := make(map[string]string) - for hash, digest := range first { + for hash, digest := range *ds { name, ok := hashNames[hash] if !ok { return nameMap, ErrUnsupportedHash(hash.String()) @@ -190,8 +190,8 @@ func CalculateDigestSetFromFile(path string, hashes []crypto.Hash) (DigestSet, e return CalculateDigestSet(file, hashes) } -func (first DigestSet) MarshalJSON() ([]byte, error) { - nameMap, err := first.ToNameMap() +func (ds DigestSet) MarshalJSON() ([]byte, error) { + nameMap, err := ds.ToNameMap() if err != nil { return nil, err } @@ -199,7 +199,7 @@ func (first DigestSet) MarshalJSON() ([]byte, error) { return json.Marshal(nameMap) } -func (first *DigestSet) UnmarshalJSON(data []byte) error { +func (ds *DigestSet) UnmarshalJSON(data []byte) error { nameMap := make(map[string]string) err := json.Unmarshal(data, &nameMap) if err != nil { @@ -211,7 +211,7 @@ func (first *DigestSet) UnmarshalJSON(data []byte) error { return err } - *first = newDs + *ds = newDs return nil } From 46ff4120861ecbc1f3ca0cbdbc5dad85333250e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 16:55:19 +0000 Subject: [PATCH 06/12] chore: bump actions/checkout from 2 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/verify-licence.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 910a7446..c28e2b5a 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -29,7 +29,7 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - uses: actions/setup-go@v3 with: go-version-file: "go.mod" diff --git a/.github/workflows/verify-licence.yml b/.github/workflows/verify-licence.yml index cd0e8ed1..e1f353ac 100644 --- a/.github/workflows/verify-licence.yml +++ b/.github/workflows/verify-licence.yml @@ -23,7 +23,7 @@ jobs: name: license boilerplate check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - uses: actions/setup-go@v2 with: go-version: '1.17.x' From 044ab9518a0a4f41aa2bce5fba878998ef78be00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 21:09:04 +0000 Subject: [PATCH 07/12] chore: bump actions/setup-go from 2 to 4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/verify-licence.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index c28e2b5a..e07b99c9 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v4 with: go-version-file: "go.mod" - name: golangci-lint diff --git a/.github/workflows/verify-licence.yml b/.github/workflows/verify-licence.yml index e1f353ac..1741fa2f 100644 --- a/.github/workflows/verify-licence.yml +++ b/.github/workflows/verify-licence.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v4 with: go-version: '1.17.x' - name: Install addlicense From c5bac1b4b060baf8eb14cfd4953ba558ce151865 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 16:56:08 +0000 Subject: [PATCH 08/12] chore: bump github.com/aws/aws-sdk-go from 1.44.207 to 1.44.334 Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.207 to 1.44.334. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.207...v1.44.334) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 16747c0a..f85602be 100644 --- a/go.mod +++ b/go.mod @@ -66,7 +66,7 @@ require ( github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect github.com/acomagu/bufpipe v1.0.3 // indirect - github.com/aws/aws-sdk-go v1.44.207 + github.com/aws/aws-sdk-go v1.44.334 github.com/emirpasic/gods v1.18.1 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-git/gcfg v1.5.0 // indirect diff --git a/go.sum b/go.sum index fe9673cd..e63cc438 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aws/aws-sdk-go v1.44.207 h1:7O0AMKxTm+/GUx6zw+3dqc+fD3tTzv8xaZPYo+ywRwE= -github.com/aws/aws-sdk-go v1.44.207/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.334 h1:h2bdbGb//fez6Sv6PaYv868s9liDeoYM6hYsAqTB4MU= +github.com/aws/aws-sdk-go v1.44.334/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= From 4273fcfa33b714c50a3e945bb847345b701b1025 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 21:17:29 +0000 Subject: [PATCH 09/12] chore: bump github.com/spiffe/go-spiffe/v2 from 2.1.2 to 2.1.6 Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.1.2 to 2.1.6. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](https://github.com/spiffe/go-spiffe/compare/v2.1.2...v2.1.6) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index f85602be..c69ebea4 100644 --- a/go.mod +++ b/go.mod @@ -11,8 +11,8 @@ require ( github.com/mattn/go-isatty v0.0.17 github.com/open-policy-agent/opa v0.49.1 github.com/owenrumney/go-sarif v1.1.1 - github.com/spiffe/go-spiffe/v2 v2.1.2 - github.com/stretchr/testify v1.8.1 + github.com/spiffe/go-spiffe/v2 v2.1.6 + github.com/stretchr/testify v1.8.2 github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 go.step.sm/crypto v0.25.0 golang.org/x/sys v0.13.0 diff --git a/go.sum b/go.sum index e63cc438..67f9fd3c 100644 --- a/go.sum +++ b/go.sum @@ -185,8 +185,8 @@ github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EE github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spiffe/go-spiffe/v2 v2.1.2 h1:nfNwopOP7q0qsWU6AUASqmbtYViwHA6vuHyAtqFJtNc= -github.com/spiffe/go-spiffe/v2 v2.1.2/go.mod h1:cbQmFrxsOpbm5tWURAYip9ZK0dOSFeoFG3/5Ub9Hvy0= +github.com/spiffe/go-spiffe/v2 v2.1.6 h1:4SdizuQieFyL9eNU+SPiCArH4kynzaKOOj0VvM8R7Xo= +github.com/spiffe/go-spiffe/v2 v2.1.6/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -197,8 +197,8 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 h1:GAUgHyg4ss2DDTIYG9RuVxap2smkAGtzpXcOvNxlLic= From e92725213d9f45cb52b15b4108d092c9f4eda228 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 21:21:55 +0000 Subject: [PATCH 10/12] chore: bump go.step.sm/crypto from 0.25.0 to 0.25.2 Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.25.0 to 0.25.2. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.25.0...v0.25.2) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c69ebea4..2344a311 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/spiffe/go-spiffe/v2 v2.1.6 github.com/stretchr/testify v1.8.2 github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 - go.step.sm/crypto v0.25.0 + go.step.sm/crypto v0.25.2 golang.org/x/sys v0.13.0 google.golang.org/grpc v1.56.3 gopkg.in/square/go-jose.v2 v2.6.0 diff --git a/go.sum b/go.sum index 67f9fd3c..ec3f958a 100644 --- a/go.sum +++ b/go.sum @@ -232,8 +232,8 @@ github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeW github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs= github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.step.sm/crypto v0.25.0 h1:a+7sKyozZH9B30s0dHluygxreUxI1NtCBEmuNXx7a4k= -go.step.sm/crypto v0.25.0/go.mod h1:kr1rzO6SzeQnLm6Zu6lNtksHZLiFe9k8LolSJNhoc94= +go.step.sm/crypto v0.25.2 h1:NgoI3bcNF0iLI+Rwq00brlJyFfMqseLOa8L8No3Daog= +go.step.sm/crypto v0.25.2/go.mod h1:4pUEuZ+4OAf2f70RgW5oRv/rJudibcAAWQg5prC3DT8= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= From 4ddd1b469ca51c98a58a7abe164f9bc13accddad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 21:26:30 +0000 Subject: [PATCH 11/12] chore: bump k8s.io/apimachinery from 0.26.1 to 0.26.10 Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.26.1 to 0.26.10. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.26.1...v0.26.10) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2344a311..c7261700 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( golang.org/x/sys v0.13.0 google.golang.org/grpc v1.56.3 gopkg.in/square/go-jose.v2 v2.6.0 - k8s.io/apimachinery v0.26.1 + k8s.io/apimachinery v0.26.10 ) require ( diff --git a/go.sum b/go.sum index ec3f958a..14cbcd87 100644 --- a/go.sum +++ b/go.sum @@ -360,8 +360,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= -k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= +k8s.io/apimachinery v0.26.10 h1:aE+J2KIbjctFqPp3Y0q4Wh2PD+l1p2g3Zp4UYjSvtGU= +k8s.io/apimachinery v0.26.10/go.mod h1:iT1ZP4JBP34wwM+ZQ8ByPEQ81u043iqAcsJYftX9amM= k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M= k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/utils v0.0.0-20230115233650-391b47cb4029 h1:L8zDtT4jrxj+TaQYD0k8KNlr556WaVQylDXswKmX+dE= From 40c7ed57c76fbf609364fc796a3772f501645c78 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 21:31:09 +0000 Subject: [PATCH 12/12] chore: bump github.com/sigstore/sigstore from 1.5.1 to 1.5.2 Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.5.1 to 1.5.2. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.5.1...v1.5.2) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index c7261700..321b5fa8 100644 --- a/go.mod +++ b/go.mod @@ -80,7 +80,7 @@ require ( github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/sergi/go-diff v1.3.1 // indirect github.com/sigstore/fulcio v1.1.0 - github.com/sigstore/sigstore v1.5.1 + github.com/sigstore/sigstore v1.5.2 github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect diff --git a/go.sum b/go.sum index 14cbcd87..83db0dcd 100644 --- a/go.sum +++ b/go.sum @@ -75,7 +75,7 @@ github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxF github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-rod/rod v0.112.3 h1:xbSaA9trZ8v/+eJRGOM6exK1RCsLPwwnzA78vpES0gk= +github.com/go-rod/rod v0.112.6 h1:zMirUmhsBeshMWyf285BD0UGtGq54HfThLDGSjcP3lU= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= @@ -175,8 +175,8 @@ github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sigstore/fulcio v1.1.0 h1:mzzJ05Ccu8Y2inyioklNvc8MpzlGHxu8YqNeTm0dHfU= github.com/sigstore/fulcio v1.1.0/go.mod h1:zv1ZQTXZbUwQdRwajlQksc34pRas+2aZYpIZoQBNev8= -github.com/sigstore/sigstore v1.5.1 h1:iUou0QJW8eQKMUkTXbFyof9ZOblDtfaW2Sn2+QI8Tcs= -github.com/sigstore/sigstore v1.5.1/go.mod h1:3i6UTWVNtFwOtbgG63FZZNID4vO9KcO8AszIJlaNI8k= +github.com/sigstore/sigstore v1.5.2 h1:rvZSPJDH2ysoc8kjW9v4nv1UX3XwSA8y4x6Dk7hA0D4= +github.com/sigstore/sigstore v1.5.2/go.mod h1:wxhp9KoaOpeb1VLKILruD283KJqPSqX+3TuBByVDZ6E= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0=