Overview
Request 1202681 accepted
- Update to version 2.57.0:
* Fixes bsc#1230183 - VUL-0: CVE-2024-45395: gh: sigstore-go: Unbounded loop over untrusted input can lead to endless data attack
* Update go-gh to use api subdomains
* Use api subdomains for commands using ghinstance package
* Add test for extension install fallback to amd64 on darwin
* Stub hasRosetta for tests
* Refactor conditions
* suppress att verify output when no tty
* add att verify test for custom OIDC issuer
* build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2
* Suggest installing Rosetta when extension installation fails due to missing `darwin-arm64` binary, but a `darwin-amd64` binary is available
* This commit introduces tenancy aware attestation policy building.
* use sigstore-go v0.6.2
* check specific err
* check err in GetLocalAttestations
* go mod tidy
* check for sigstore-go validation errs
* get latest sigstore-go commit
* handle os.PathError in GetLocalAttestations
* Move non-integration test to different test file
* print verify err
* check for os.PathError
* dont print err content
* update bundle file parsing err messages
* Expand active test cases
* Added `--active` flag to the `gh auth status` command
- Update to version 2.56.0:
* Check for nil values to prevent nil dereference panic
* build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3
* Update linux install to point to GPG troubleshoot
Request History
pdostal created request
- Update to version 2.57.0:
* Fixes bsc#1230183 - VUL-0: CVE-2024-45395: gh: sigstore-go: Unbounded loop over untrusted input can lead to endless data attack
* Update go-gh to use api subdomains
* Use api subdomains for commands using ghinstance package
* Add test for extension install fallback to amd64 on darwin
* Stub hasRosetta for tests
* Refactor conditions
* suppress att verify output when no tty
* add att verify test for custom OIDC issuer
* build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2
* Suggest installing Rosetta when extension installation fails due to missing `darwin-arm64` binary, but a `darwin-amd64` binary is available
* This commit introduces tenancy aware attestation policy building.
* use sigstore-go v0.6.2
* check specific err
* check err in GetLocalAttestations
* go mod tidy
* check for sigstore-go validation errs
* get latest sigstore-go commit
* handle os.PathError in GetLocalAttestations
* Move non-integration test to different test file
* print verify err
* check for os.PathError
* dont print err content
* update bundle file parsing err messages
* Expand active test cases
* Added `--active` flag to the `gh auth status` command
- Update to version 2.56.0:
* Check for nil values to prevent nil dereference panic
* build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3
* Update linux install to point to GPG troubleshoot
licensedigger accepted review
ok
factory-auto accepted review
Check script succeeded
maintbot accepted review
ok
maintbot approved review
ok
msmeissn moved maintenance target to openSUSE:Maintenance:18597
msmeissn accepted request
accepted request 1202681:Thanks!
For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance
