From 8bedf6b4a6c5f2664f5a3e944d33e8b4afac388d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 10:52:42 +0100 Subject: [PATCH 1/3] Bump golang.org/x/sync from 0.7.0 to 0.8.0 (#50) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/sync/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6638c7d..17fe74a 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/peterbourgon/ff/v3 v3.4.0 github.com/rs/cors v1.11.0 github.com/stretchr/testify v1.9.0 - golang.org/x/sync v0.7.0 + golang.org/x/sync v0.8.0 ) require ( diff --git a/go.sum b/go.sum index bd9604c..e656c20 100644 --- a/go.sum +++ b/go.sum @@ -154,8 +154,8 @@ golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= From cb86e922336d3efc274f522c54cd547e5472899c Mon Sep 17 00:00:00 2001 From: Jeff Thompson Date: Mon, 28 Oct 2024 10:54:22 +0100 Subject: [PATCH 2/3] fix: In memory.New, add nolint for uint32 overflow (#61) Signed-off-by: Jeff Thompson --- keyring/memory/memory.go | 1 + 1 file changed, 1 insertion(+) diff --git a/keyring/memory/memory.go b/keyring/memory/memory.go index 9374c38..dfea1d7 100644 --- a/keyring/memory/memory.go +++ b/keyring/memory/memory.go @@ -22,6 +22,7 @@ func New(mnemonic string, numAccounts uint64) *Keyring { seed := bip39.NewSeed(mnemonic, "") for i := uint64(0); i < numAccounts; i++ { + //nolint:gosec // i ranges up to numAccounts which won't overflow uint32 key := generateKeyFromSeed(seed, uint32(i)) address := key.PubKey().Address() From 048dcb8eb9da65a55b97408b3aebe4bf99822797 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 10:57:05 +0100 Subject: [PATCH 3/3] Bump sigstore/cosign-installer from 3.5.0 to 3.7.0 (#57) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.5.0 to 3.7.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.5.0...v3.7.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c92397e..598c579 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -23,7 +23,7 @@ jobs: go-version: 1.21 cache: true - - uses: sigstore/cosign-installer@v3.5.0 + - uses: sigstore/cosign-installer@v3.7.0 - uses: anchore/sbom-action/download-syft@v0.17.0 - uses: docker/login-action@v3