From 36b10d94cceea538f32e1a805f1fce0eb370af9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Jul 2026 13:45:47 +0000 Subject: [PATCH] [release-v0.37.x] bump github.com/sigstore/sigstore Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.10.3 to 1.10.8. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.10.3...v1.10.8) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 22 +- go.sum | 48 +- .../aws/aws-sdk-go-v2/config/CHANGELOG.md | 4 + .../config/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/credentials/CHANGELOG.md | 4 + .../credentials/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/service/sso/CHANGELOG.md | 4 + .../service/sso/go_module_metadata.go | 2 +- .../sso/internal/endpoints/endpoints.go | 3 + .../letsencrypt/boulder/core/challenges.go | 19 - .../letsencrypt/boulder/core/objects.go | 15 - .../letsencrypt/boulder/probs/probs.go | 13 - .../cjson/canonicaljson.go | 1 - .../go-securesystemslib/dsse/envelope.go | 28 +- .../go-securesystemslib/dsse/sign.go | 2 +- .../go-securesystemslib/dsse/verify.go | 30 +- .../signerverifier/ecdsa.go | 7 +- .../signerverifier/ed25519.go | 7 +- .../go-securesystemslib/signerverifier/rsa.go | 7 +- .../sigstore/pkg/cryptoutils/privatekey.go | 34 + .../sigstore/pkg/oauth/interactive.go | 51 +- .../sigstore/sigstore/pkg/oauthflow/device.go | 7 +- .../sigstore/pkg/oauthflow/interactive.go | 1 + .../pkg/signature/algorithm_registry.go | 4 +- .../sigstore/pkg/signature/dsse/dsse.go | 36 +- .../sigstore/pkg/signature/dsse/multidsse.go | 55 +- .../sigstore/pkg/signature/dsse/options.go | 53 + .../kms/cliplugin/encoding/options.go | 45 +- .../sigstore/pkg/signature/message.go | 8 +- .../sigstore/pkg/signature/payload/payload.go | 6 +- .../sigstore/sigstore/pkg/signature/util.go | 4 +- .../sigstore/sigstore/pkg/tuf/client.go | 8 +- vendor/go.opentelemetry.io/otel/.golangci.yml | 4 + vendor/go.opentelemetry.io/otel/CHANGELOG.md | 40 +- .../go.opentelemetry.io/otel/CONTRIBUTING.md | 6 +- .../otel/attribute/internal/attribute.go | 12 +- .../go.opentelemetry.io/otel/attribute/set.go | 2 +- .../otel/attribute/value.go | 3 +- .../otel/baggage/baggage.go | 4 +- .../otel/dependencies.Dockerfile | 2 +- .../otel/internal/global/instruments.go | 56 + .../otel/internal/global/meter.go | 28 +- .../otel/metric/asyncfloat64.go | 6 +- .../otel/metric/asyncint64.go | 6 +- .../go.opentelemetry.io/otel/metric/meter.go | 6 +- .../otel/metric/noop/noop.go | 24 + .../otel/metric/syncfloat64.go | 24 + .../otel/metric/syncint64.go | 24 + .../metric/exemplar/fixed_size_reservoir.go | 172 +- .../metric/exemplar/histogram_reservoir.go | 9 +- .../otel/sdk/metric/exemplar/storage.go | 53 +- .../otel/sdk/metric/instrument.go | 3 - .../metric/internal/aggregate/aggregate.go | 14 +- .../sdk/metric/internal/aggregate/atomic.go | 91 + .../aggregate/exponential_histogram.go | 25 +- .../metric/internal/aggregate/histogram.go | 393 +- .../metric/internal/aggregate/lastvalue.go | 230 +- .../otel/sdk/metric/internal/aggregate/sum.go | 12 +- .../metric/internal/observ/instrumentation.go | 4 +- .../otel/sdk/metric/internal/x/README.md | 100 - .../otel/sdk/metric/internal/x/x.go | 65 - .../otel/sdk/metric/periodic_reader.go | 2 +- .../otel/sdk/metric/pipeline.go | 16 +- .../otel/sdk/metric/version.go | 2 +- .../otel/sdk/resource/builtin.go | 2 +- .../otel/sdk/resource/container.go | 2 +- .../otel/sdk/resource/env.go | 2 +- .../otel/sdk/resource/host_id.go | 9 +- .../otel/sdk/resource/os.go | 2 +- .../otel/sdk/resource/process.go | 2 +- .../go.opentelemetry.io/otel/sdk/version.go | 2 +- .../otel/semconv/v1.39.0/MIGRATION.md | 78 + .../otel/semconv/v1.39.0/README.md | 3 + .../otel/semconv/v1.39.0/attribute_group.go | 16239 ++++++++++++++++ .../otel/semconv/v1.39.0/doc.go | 9 + .../otel/semconv/v1.39.0/error_type.go | 56 + .../otel/semconv/v1.39.0/exception.go | 9 + .../{v1.37.0 => v1.39.0}/otelconv/metric.go | 52 +- .../otel/semconv/v1.39.0/schema.go | 9 + vendor/go.opentelemetry.io/otel/trace/auto.go | 2 +- vendor/go.opentelemetry.io/otel/version.go | 2 +- vendor/go.opentelemetry.io/otel/versions.yaml | 9 +- vendor/modules.txt | 28 +- 83 files changed, 17654 insertions(+), 833 deletions(-) create mode 100644 vendor/github.com/sigstore/sigstore/pkg/signature/dsse/options.go delete mode 100644 vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/README.md delete mode 100644 vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/x.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.39.0/MIGRATION.md create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.39.0/README.md create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.39.0/attribute_group.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.39.0/doc.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.39.0/error_type.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.39.0/exception.go rename vendor/go.opentelemetry.io/otel/semconv/{v1.37.0 => v1.39.0}/otelconv/metric.go (96%) create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.39.0/schema.go diff --git a/go.mod b/go.mod index c7de1e0ee3..3229bd3a65 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/mitchellh/go-homedir v1.1.0 github.com/pkg/errors v0.9.1 github.com/sigstore/cosign/v2 v2.6.3 - github.com/sigstore/sigstore v1.10.3 + github.com/sigstore/sigstore v1.10.8 github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 github.com/tektoncd/chains v0.20.2-0.20260203100940-9343090e50f3 @@ -97,8 +97,8 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.55.8 // indirect github.com/aws/aws-sdk-go-v2 v1.41.0 // indirect - github.com/aws/aws-sdk-go-v2/config v1.32.5 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.19.5 // indirect + github.com/aws/aws-sdk-go-v2/config v1.32.6 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.6 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect @@ -109,7 +109,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect github.com/aws/aws-sdk-go-v2/service/kms v1.49.1 // indirect github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect github.com/aws/smithy-go v1.24.0 // indirect @@ -234,7 +234,7 @@ require ( github.com/klauspost/compress v1.18.4 // indirect github.com/ktr0731/go-ansisgr v0.1.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect - github.com/letsencrypt/boulder v0.20251110.0 // indirect + github.com/letsencrypt/boulder v0.20260309.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/lucasb-eyer/go-colorful v1.3.0 // indirect github.com/mattn/go-colorable v0.1.14 // indirect @@ -274,7 +274,7 @@ require ( github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sagikazarmark/locafero v0.11.0 // indirect github.com/sassoftware/relic v7.2.1+incompatible // indirect - github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect + github.com/secure-systems-lab/go-securesystemslib v0.11.0 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/sigstore/fulcio v1.8.4 // indirect github.com/sigstore/protobuf-specs v0.5.0 // indirect @@ -318,11 +318,11 @@ require ( go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect - go.opentelemetry.io/otel v1.39.0 // indirect - go.opentelemetry.io/otel/metric v1.39.0 // indirect - go.opentelemetry.io/otel/sdk v1.39.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.39.0 // indirect - go.opentelemetry.io/otel/trace v1.39.0 // indirect + go.opentelemetry.io/otel v1.40.0 // indirect + go.opentelemetry.io/otel/metric v1.40.0 // indirect + go.opentelemetry.io/otel/sdk v1.40.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect + go.opentelemetry.io/otel/trace v1.40.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect diff --git a/go.sum b/go.sum index c94ee8a49e..bd618170b9 100644 --- a/go.sum +++ b/go.sum @@ -88,8 +88,8 @@ contrib.go.opencensus.io/exporter/zipkin v0.1.2/go.mod h1:mP5xM3rrgOjpn79MM8fZbj dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= -filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +filippo.io/edwards25519 v1.1.1 h1:YpjwWWlNmGIDyXOn8zLzqiD+9TyIlPhGFG96P39uBpw= +filippo.io/edwards25519 v1.1.1/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/ActiveState/vt10x v1.3.1 h1:7qi8BGXUEBghzBxfXSY0J77etO+L95PZQlwD7ay2mn0= github.com/ActiveState/vt10x v1.3.1/go.mod h1:8wJKd36c9NmCfGyPyOJmkvyIMvbUPfHkfdS8zZlK19s= github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjqpY4C7H15HjRPEenkS4SAn3Jy2eRRjkjZbGR30TOg= @@ -241,10 +241,10 @@ github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk= github.com/aws/aws-sdk-go-v2 v1.41.0 h1:tNvqh1s+v0vFYdA1xq0aOJH+Y5cRyZ5upu6roPgPKd4= github.com/aws/aws-sdk-go-v2 v1.41.0/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0= -github.com/aws/aws-sdk-go-v2/config v1.32.5 h1:pz3duhAfUgnxbtVhIK39PGF/AHYyrzGEyRD9Og0QrE8= -github.com/aws/aws-sdk-go-v2/config v1.32.5/go.mod h1:xmDjzSUs/d0BB7ClzYPAZMmgQdrodNjPPhd6bGASwoE= -github.com/aws/aws-sdk-go-v2/credentials v1.19.5 h1:xMo63RlqP3ZZydpJDMBsH9uJ10hgHYfQFIk1cHDXrR4= -github.com/aws/aws-sdk-go-v2/credentials v1.19.5/go.mod h1:hhbH6oRcou+LpXfA/0vPElh/e0M3aFeOblE1sssAAEk= +github.com/aws/aws-sdk-go-v2/config v1.32.6 h1:hFLBGUKjmLAekvi1evLi5hVvFQtSo3GYwi+Bx4lpJf8= +github.com/aws/aws-sdk-go-v2/config v1.32.6/go.mod h1:lcUL/gcd8WyjCrMnxez5OXkO3/rwcNmvfno62tnXNcI= +github.com/aws/aws-sdk-go-v2/credentials v1.19.6 h1:F9vWao2TwjV2MyiyVS+duza0NIRtAslgLUM0vTA1ZaE= +github.com/aws/aws-sdk-go-v2/credentials v1.19.6/go.mod h1:SgHzKjEVsdQr6Opor0ihgWtkWdfRAIwxYzSJ8O85VHY= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 h1:80+uETIWS1BqjnN9uJ0dBUaETh+P1XwFy5vwHwK5r9k= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16/go.mod h1:wOOsYuxYuB/7FlnVtzeBYRcjSRtQpAW0hCP7tIULMwo= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 h1:rgGwPzb82iBYSvHMHXc8h9mRoOUBZIGFgKb9qniaZZc= @@ -265,8 +265,8 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.49.1 h1:U0asSZ3ifpuIehDPkRI2rxHbmFUM github.com/aws/aws-sdk-go-v2/service/kms v1.49.1/go.mod h1:NZo9WJqQ0sxQ1Yqu1IwCHQFQunTms2MlVgejg16S1rY= github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 h1:HpI7aMmJ+mm1wkSHIA2t5EaFFv5EFYXePW30p1EIrbQ= github.com/aws/aws-sdk-go-v2/service/signin v1.0.4/go.mod h1:C5RdGMYGlfM0gYq/tifqgn4EbyX99V15P2V3R+VHbQU= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 h1:eYnlt6QxnFINKzwxP5/Ucs1vkG7VT3Iezmvfgc2waUw= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.7/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 h1:aM/Q24rIlS3bRAhTyFurowU8A0SMyGDtEOY/l/s/1Uw= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.8/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 h1:AHDr0DaHIAo8c9t1emrzAlVDFp+iMMKnPdYy6XO4MCE= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12/go.mod h1:GQ73XawFFiWxyWXMHWfhiomvP3tXtdNar/fi8z18sx0= github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 h1:SciGFVNZ4mHdm7gpD1dgZYnCuVdX1s+lFTg4+4DOy70= @@ -956,8 +956,8 @@ github.com/ktr0731/go-fuzzyfinder v0.9.0 h1:JV8S118RABzRl3Lh/RsPhXReJWc2q0rbuipz github.com/ktr0731/go-fuzzyfinder v0.9.0/go.mod h1:uybx+5PZFCgMCSDHJDQ9M3nNKx/vccPmGffsXPn2ad8= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/letsencrypt/boulder v0.20251110.0 h1:J8MnKICeilO91dyQ2n5eBbab24neHzUpYMUIOdOtbjc= -github.com/letsencrypt/boulder v0.20251110.0/go.mod h1:ogKCJQwll82m7OVHWyTuf8eeFCjuzdRQlgnZcCl0V+8= +github.com/letsencrypt/boulder v0.20260309.0 h1:kZynrxK3QfqLGx6hhoz+Rfs3hgltJs1p9Mp+4+VwnY0= +github.com/letsencrypt/boulder v0.20260309.0/go.mod h1:yG8lj8pNPZ8taq3oNdTpfBS+eC74IaEuiewqzVpXiWE= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lightstep/tracecontext.go v0.0.0-20181129014701-1757c391b1ac/go.mod h1:Frd2bnT3w5FB5q49ENTfVlztJES+1k/7lyWX2+9gq/M= @@ -1180,8 +1180,8 @@ github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/secure-systems-lab/go-securesystemslib v0.9.1 h1:nZZaNz4DiERIQguNy0cL5qTdn9lR8XKHf4RUyG1Sx3g= -github.com/secure-systems-lab/go-securesystemslib v0.9.1/go.mod h1:np53YzT0zXGMv6x4iEWc9Z59uR+x+ndLwCLqPYpLXVU= +github.com/secure-systems-lab/go-securesystemslib v0.11.0 h1:iuCR9kcMFD4QurdKrGvPLoKZLv9YvwPYVr0473BdtFs= +github.com/secure-systems-lab/go-securesystemslib v0.11.0/go.mod h1:+PMOTjUGwHj2vcZ+TFKlb1tXRbrdWE1LYDT5i9JC80Q= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI= @@ -1201,8 +1201,8 @@ github.com/sigstore/rekor v1.5.0 h1:rL7SghHd5HLCtsCrxw0yQg+NczGvM75EjSPPWuGjaiQ= github.com/sigstore/rekor v1.5.0/go.mod h1:D7JoVCUkxwQOpPDNYeu+CE8zeBC18Y5uDo6tF8s2rcQ= github.com/sigstore/rekor-tiles/v2 v2.0.1 h1:1Wfz15oSRNGF5Dzb0lWn5W8+lfO50ork4PGIfEKjZeo= github.com/sigstore/rekor-tiles/v2 v2.0.1/go.mod h1:Pjsbhzj5hc3MKY8FfVTYHBUHQEnP0ozC4huatu4x7OU= -github.com/sigstore/sigstore v1.10.3 h1:s7fBYYOzW/2Vd0nND2ZdpWySb5vRF2u9eix/NZMHJm0= -github.com/sigstore/sigstore v1.10.3/go.mod h1:T26vXIkpnGEg391v3TaZ8EERcXbnjtZb/1erh5jbIQk= +github.com/sigstore/sigstore v1.10.8 h1:1Mgkxvkw4AXMfIP1DOjc6kw0GkUgA8pGVpveN/EfOq4= +github.com/sigstore/sigstore v1.10.8/go.mod h1:f9+B/4iaYimvUkySyb2mvc73n3RLqNn24grHZM/ET8M= github.com/sigstore/sigstore-go v1.1.4 h1:wTTsgCHOfqiEzVyBYA6mDczGtBkN7cM8mPpjJj5QvMg= github.com/sigstore/sigstore-go v1.1.4/go.mod h1:2U/mQOT9cjjxrtIUeKDVhL+sHBKsnWddn8URlswdBsg= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.3 h1:D/FRl5J9UYAJPGZRAJbP0dH78pfwWnKsyCSBwFBU8CI= @@ -1417,8 +1417,8 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= -go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms= +go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g= go.opentelemetry.io/otel/exporters/otlp v0.20.0 h1:PTNgq9MRmQqqJY0REVbZFvwkYOA85vbdQU/nVfxDyqg= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= @@ -1428,19 +1428,19 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.37.0 h1:6VjV6Et+1Hd2iLZEPtdV7vie80Yyqf7oikJLjQ/myi0= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.37.0/go.mod h1:u8hcp8ji5gaM/RfcOo8z9NMnf1pVLfVY7lBY2VOGuUU= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= -go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g= +go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= -go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8= +go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= -go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw= +go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= -go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= +go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw= +go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md index 0d9b296e1d..ba568ed25b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.32.6 (2025-12-16) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.32.5 (2025-12-09) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go index bb9399d5f3..effc38ea6d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go @@ -3,4 +3,4 @@ package config // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.32.5" +const goModuleVersion = "1.32.6" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md index bf3fa5a1f1..210fb2e5bd 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.19.6 (2025-12-16) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.19.5 (2025-12-09) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go index f539719414..4e620d43dd 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go @@ -3,4 +3,4 @@ package credentials // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.19.5" +const goModuleVersion = "1.19.6" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md index 4ef304c1f7..f73d6253ed 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.30.8 (2025-12-16) + +* No change notes available for this release. + # v1.30.7 (2025-12-08) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go index 7ad1390e8f..5d9e65e303 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go @@ -3,4 +3,4 @@ package sso // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.30.7" +const goModuleVersion = "1.30.8" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go index bbac359645..182423b4e6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go @@ -157,6 +157,9 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-east-1", }, }, + endpoints.EndpointKey{ + Region: "ap-east-2", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ap-northeast-1", }: endpoints.Endpoint{ diff --git a/vendor/github.com/letsencrypt/boulder/core/challenges.go b/vendor/github.com/letsencrypt/boulder/core/challenges.go index 75a20373fb..104d754a87 100644 --- a/vendor/github.com/letsencrypt/boulder/core/challenges.go +++ b/vendor/github.com/letsencrypt/boulder/core/challenges.go @@ -1,7 +1,5 @@ package core -import "fmt" - func newChallenge(challengeType AcmeChallenge, token string) Challenge { return Challenge{ Type: challengeType, @@ -29,20 +27,3 @@ func TLSALPNChallenge01(token string) Challenge { func DNSAccountChallenge01(token string) Challenge { return newChallenge(ChallengeTypeDNSAccount01, token) } - -// NewChallenge constructs a challenge of the given kind. It returns an -// error if the challenge type is unrecognized. -func NewChallenge(kind AcmeChallenge, token string) (Challenge, error) { - switch kind { - case ChallengeTypeHTTP01: - return HTTPChallenge01(token), nil - case ChallengeTypeDNS01: - return DNSChallenge01(token), nil - case ChallengeTypeTLSALPN01: - return TLSALPNChallenge01(token), nil - case ChallengeTypeDNSAccount01: - return DNSAccountChallenge01(token), nil - default: - return Challenge{}, fmt.Errorf("unrecognized challenge type %q", kind) - } -} diff --git a/vendor/github.com/letsencrypt/boulder/core/objects.go b/vendor/github.com/letsencrypt/boulder/core/objects.go index ac7a6f96b1..8f9ed49bc1 100644 --- a/vendor/github.com/letsencrypt/boulder/core/objects.go +++ b/vendor/github.com/letsencrypt/boulder/core/objects.go @@ -33,21 +33,6 @@ const ( StatusDeactivated = AcmeStatus("deactivated") // Object has been deactivated ) -// AcmeResource values identify different types of ACME resources -type AcmeResource string - -// The types of ACME resources -const ( - ResourceNewReg = AcmeResource("new-reg") - ResourceNewAuthz = AcmeResource("new-authz") - ResourceNewCert = AcmeResource("new-cert") - ResourceRevokeCert = AcmeResource("revoke-cert") - ResourceRegistration = AcmeResource("reg") - ResourceChallenge = AcmeResource("challenge") - ResourceAuthz = AcmeResource("authz") - ResourceKeyChange = AcmeResource("key-change") -) - // AcmeChallenge values identify different types of ACME challenges type AcmeChallenge string diff --git a/vendor/github.com/letsencrypt/boulder/probs/probs.go b/vendor/github.com/letsencrypt/boulder/probs/probs.go index 7ff35ca61f..fc8ba05765 100644 --- a/vendor/github.com/letsencrypt/boulder/probs/probs.go +++ b/vendor/github.com/letsencrypt/boulder/probs/probs.go @@ -312,19 +312,6 @@ func UnsupportedIdentifier(detail string, a ...any) *ProblemDetails { // Additional helper functions that return variations on MalformedProblem with // different HTTP status codes set. -// Canceled returns a ProblemDetails with a MalformedProblem and a 408 Request -// Timeout status code. -func Canceled(detail string, a ...any) *ProblemDetails { - if len(a) > 0 { - detail = fmt.Sprintf(detail, a...) - } - return &ProblemDetails{ - Type: MalformedProblem, - Detail: detail, - HTTPStatus: http.StatusRequestTimeout, - } -} - // Conflict returns a ProblemDetails with a ConflictProblem and a 409 Conflict // status code. func Conflict(detail string) *ProblemDetails { diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/cjson/canonicaljson.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/cjson/canonicaljson.go index abc860a491..a94e739f2c 100644 --- a/vendor/github.com/secure-systems-lab/go-securesystemslib/cjson/canonicaljson.go +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/cjson/canonicaljson.go @@ -96,7 +96,6 @@ func encodeCanonical(obj interface{}, result *strings.Builder) (err error) { if i < (len(mapKeys) - 1) { result.WriteString(",") } - i++ } result.WriteString("}") diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/envelope.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/envelope.go index ed223e90b5..9330576502 100644 --- a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/envelope.go +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/envelope.go @@ -1,8 +1,10 @@ package dsse import ( + "bytes" "encoding/base64" "fmt" + "strconv" ) /* @@ -38,13 +40,31 @@ type Signature struct { } /* -PAE implementes the DSSE Pre-Authentic Encoding +PAE implements the DSSE Pre-Authentic Encoding https://github.com/secure-systems-lab/dsse/blob/master/protocol.md#signature-definition */ func PAE(payloadType string, payload []byte) []byte { - return []byte(fmt.Sprintf("DSSEv1 %d %s %d %s", - len(payloadType), payloadType, - len(payload), payload)) + // Pre-size to avoid reallocation. Previously fmt.Sprintf copied payload + // into a string and []byte(...) copied it again. + const prefix = "DSSEv1 " + const sep = " " + // Max decimal digits for a non-negative int (len() result) on any + // platform: len("9223372036854775807") == 19. Grow is a hint, so a + // slight overestimate is harmless. + const maxDecimalLen = 19 + var b bytes.Buffer + b.Grow(len(prefix) + + maxDecimalLen + len(sep) + len(payloadType) + len(sep) + + maxDecimalLen + len(sep) + len(payload)) + b.WriteString(prefix) + b.WriteString(strconv.Itoa(len(payloadType))) + b.WriteByte(' ') + b.WriteString(payloadType) + b.WriteByte(' ') + b.WriteString(strconv.Itoa(len(payload))) + b.WriteByte(' ') + b.Write(payload) + return b.Bytes() } /* diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/sign.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/sign.go index 244a806774..427ef5686f 100644 --- a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/sign.go +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/sign.go @@ -47,7 +47,7 @@ algorithms to sign the data. The threshold parameter is legacy and is ignored. Deprecated: This function simply calls NewEnvelopeSigner, and that function should be preferred. */ -func NewMultiEnvelopeSigner(threshold int, p ...Signer) (*EnvelopeSigner, error) { +func NewMultiEnvelopeSigner(_ int, p ...Signer) (*EnvelopeSigner, error) { return NewEnvelopeSigner(p...) } diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/verify.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/verify.go index d04246747c..5c83d2ec02 100644 --- a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/verify.go +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/verify.go @@ -24,18 +24,26 @@ type AcceptedKey struct { } func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]AcceptedKey, error) { + keys, _, err := ev.VerifyAndDecode(ctx, e) + return keys, err +} + +// VerifyAndDecode behaves identically to Verify but also returns the decoded +// envelope payload, allowing callers who need the payload bytes (e.g., for +// hashing or further parsing) to avoid a second base64 decode. +func (ev *EnvelopeVerifier) VerifyAndDecode(ctx context.Context, e *Envelope) ([]AcceptedKey, []byte, error) { if e == nil { - return nil, errors.New("cannot verify a nil envelope") + return nil, nil, errors.New("cannot verify a nil envelope") } if len(e.Signatures) == 0 { - return nil, ErrNoSignature + return nil, nil, ErrNoSignature } // Decode payload (i.e serialized body) body, err := e.DecodeB64Payload() if err != nil { - return nil, err + return nil, nil, err } // Generate PAE(payloadtype, serialized body) paeEnc := PAE(e.PayloadType, body) @@ -43,19 +51,19 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted // If *any* signature is found to be incorrect, it is skipped var acceptedKeys []AcceptedKey usedKeyids := make(map[string]string) - unverified_providers := make([]Verifier, len(ev.providers)) - copy(unverified_providers, ev.providers) + unverifiedProviders := make([]Verifier, len(ev.providers)) + copy(unverifiedProviders, ev.providers) for _, s := range e.Signatures { sig, err := b64Decode(s.Sig) if err != nil { - return nil, err + return nil, nil, err } // Loop over the providers. // If provider and signature include key IDs but do not match skip. // If a provider recognizes the key, we exit // the loop and use the result. - providers := unverified_providers + providers := unverifiedProviders for i, v := range providers { keyID, err := v.KeyID() @@ -81,7 +89,7 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted KeyID: keyID, Sig: s, } - unverified_providers = removeIndex(providers, i) + unverifiedProviders = removeIndex(providers, i) // See https://github.com/in-toto/in-toto/pull/251 if _, ok := usedKeyids[keyID]; ok { @@ -97,14 +105,14 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted // Sanity if with some reflect magic this happens. if ev.threshold <= 0 || ev.threshold > len(ev.providers) { - return nil, errors.New("invalid threshold") + return nil, nil, errors.New("invalid threshold") } if len(usedKeyids) < ev.threshold { - return acceptedKeys, fmt.Errorf("accepted signatures do not match threshold, Found: %d, Expected %d", len(acceptedKeys), ev.threshold) + return acceptedKeys, nil, fmt.Errorf("accepted signatures do not match threshold, Found: %d, Expected %d", len(acceptedKeys), ev.threshold) } - return acceptedKeys, nil + return acceptedKeys, body, nil } func NewEnvelopeVerifier(v ...Verifier) (*EnvelopeVerifier, error) { diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/ecdsa.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/ecdsa.go index 691091af99..4227941d96 100644 --- a/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/ecdsa.go +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/ecdsa.go @@ -57,7 +57,7 @@ func NewECDSASignerVerifierFromSSLibKey(key *SSLibKey) (*ECDSASignerVerifier, er } // Sign creates a signature for `data`. -func (sv *ECDSASignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (sv *ECDSASignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { if sv.private == nil { return nil, ErrNotPrivateKey } @@ -68,7 +68,7 @@ func (sv *ECDSASignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, e } // Verify verifies the `sig` value passed in against `data`. -func (sv *ECDSASignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error { +func (sv *ECDSASignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error { hashedData := getECDSAHashedData(data, sv.curveSize) if ok := ecdsa.VerifyASN1(sv.public, hashedData, sig); !ok { @@ -93,8 +93,7 @@ func (sv *ECDSASignerVerifier) Public() crypto.PublicKey { // LoadECDSAKeyFromFile returns an SSLibKey instance for an ECDSA key stored in // a file in the custom securesystemslib format. // -// Deprecated: use LoadKey(). The custom serialization format has been -// deprecated. Use +// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use // https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py // to convert your key. func LoadECDSAKeyFromFile(path string) (*SSLibKey, error) { diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/ed25519.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/ed25519.go index d954e14b74..348351e8cd 100644 --- a/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/ed25519.go +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/ed25519.go @@ -57,7 +57,7 @@ func NewED25519SignerVerifierFromSSLibKey(key *SSLibKey) (*ED25519SignerVerifier } // Sign creates a signature for `data`. -func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (sv *ED25519SignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { if len(sv.private) == 0 { return nil, ErrNotPrivateKey } @@ -67,7 +67,7 @@ func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, } // Verify verifies the `sig` value passed in against `data`. -func (sv *ED25519SignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error { +func (sv *ED25519SignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error { if ok := ed25519.Verify(sv.public, data, sig); ok { return nil } @@ -89,8 +89,7 @@ func (sv *ED25519SignerVerifier) Public() crypto.PublicKey { // LoadED25519KeyFromFile returns an SSLibKey instance for an ED25519 key stored // in a file in the custom securesystemslib format. // -// Deprecated: use LoadKey(). The custom serialization format has been -// deprecated. Use +// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use // https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py // to convert your key. func LoadED25519KeyFromFile(path string) (*SSLibKey, error) { diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/rsa.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/rsa.go index 2abfcb27c4..8aaa531c06 100644 --- a/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/rsa.go +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/signerverifier/rsa.go @@ -59,7 +59,7 @@ func NewRSAPSSSignerVerifierFromSSLibKey(key *SSLibKey) (*RSAPSSSignerVerifier, } // Sign creates a signature for `data`. -func (sv *RSAPSSSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (sv *RSAPSSSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { if sv.private == nil { return nil, ErrNotPrivateKey } @@ -70,7 +70,7 @@ func (sv *RSAPSSSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, } // Verify verifies the `sig` value passed in against `data`. -func (sv *RSAPSSSignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error { +func (sv *RSAPSSSignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error { hashedData := hashBeforeSigning(data, sha256.New()) if err := rsa.VerifyPSS(sv.public, crypto.SHA256, hashedData, sig, &rsa.PSSOptions{SaltLength: sha256.Size, Hash: crypto.SHA256}); err != nil { @@ -95,8 +95,7 @@ func (sv *RSAPSSSignerVerifier) Public() crypto.PublicKey { // LoadRSAPSSKeyFromFile returns an SSLibKey instance for an RSA key stored in a // file. // -// Deprecated: use LoadKey(). The custom serialization format has been -// deprecated. Use +// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use // https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py // to convert your key. func LoadRSAPSSKeyFromFile(path string) (*SSLibKey, error) { diff --git a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go index 325813d692..5ecf346dbf 100644 --- a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go +++ b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go @@ -27,6 +27,7 @@ import ( "fmt" "github.com/secure-systems-lab/go-securesystemslib/encrypted" + "github.com/youmark/pkcs8" ) const ( @@ -107,6 +108,26 @@ func UnmarshalPEMToPrivateKey(pemBytes []byte, pf PassFunc) (crypto.PrivateKey, if derBlock == nil { return nil, errors.New("PEM decoding failed") } + + // Handle legacy encrypted PEM blocks + if x509.IsEncryptedPEMBlock(derBlock) { //nolint:staticcheck + if pf == nil { + return nil, errors.New("private key is encrypted, but no password function was provided") + } + password, err := pf(false) + if err != nil { + return nil, err + } + decryptedBytes, err := x509.DecryptPEMBlock(derBlock, password) //nolint:staticcheck + if err != nil { + return nil, fmt.Errorf("failed to decrypt legacy PEM block: %w", err) + } + derBlock = &pem.Block{ + Type: derBlock.Type, + Bytes: decryptedBytes, + } + } + switch derBlock.Type { case string(PrivateKeyPEMType): return x509.ParsePKCS8PrivateKey(derBlock.Bytes) @@ -114,6 +135,19 @@ func UnmarshalPEMToPrivateKey(pemBytes []byte, pf PassFunc) (crypto.PrivateKey, return x509.ParsePKCS1PrivateKey(derBlock.Bytes) case string(ECPrivateKeyPEMType): return x509.ParseECPrivateKey(derBlock.Bytes) + case "ENCRYPTED PRIVATE KEY": + if pf == nil { + return nil, errors.New("private key is encrypted, but no password function was provided") + } + password, err := pf(false) + if err != nil { + return nil, err + } + decryptedKey, err := pkcs8.ParsePKCS8PrivateKey(derBlock.Bytes, password) + if err != nil { + return nil, fmt.Errorf("failed to decrypt and parse encrypted private key: %w", err) + } + return decryptedKey, nil case string(EncryptedSigstorePrivateKeyPEMType), string(encryptedCosignPrivateKeyPEMType): derBytes := derBlock.Bytes if pf != nil { diff --git a/vendor/github.com/sigstore/sigstore/pkg/oauth/interactive.go b/vendor/github.com/sigstore/sigstore/pkg/oauth/interactive.go index d9ee1234af..1267cab4c7 100644 --- a/vendor/github.com/sigstore/sigstore/pkg/oauth/interactive.go +++ b/vendor/github.com/sigstore/sigstore/pkg/oauth/interactive.go @@ -16,15 +16,14 @@ package oauth import ( - "bytes" "fmt" - "text/template" + "strings" ) // GetInteractiveSuccessHTML is the page displayed upon success when using a web browser during an interactive Oauth token flow. // The page will close automatically if autoclose is true with the timeout specified. func GetInteractiveSuccessHTML(autoclose bool, timeout int) (string, error) { - const successTemplate = ` + const successTemplateHead = ` Sigstore Authentication @@ -66,18 +65,12 @@ func GetInteractiveSuccessHTML(autoclose bool, timeout int) (string, error) { sigstore authentication successful! - {{ if .Autoclose -}} - {{- else -}} -
- You may now close this page. -
- {{- end }}