Update all dependencies
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| registry1.dso.mil/ironbank/opensource/python | ironbank-base | patch |
v3.11.6 -> v3.11.7
|
| registry1.dso.mil/ironbank/opensource/python | final | patch |
v3.11.6 -> v3.11.7
|
| sigstore/cosign | ironbank-github | patch |
v2.2.1 -> v2.2.2
|
| trufflesecurity/trufflehog | ironbank-github | patch |
v3.63.1 -> v3.63.3
|
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the logs for more information.
Release Notes
sigstore/cosign
v2.2.2
v2.2.2 adds a new container with a shell, gcr.io/projectsigstore/cosign:vx.y.z-dev, in addition to the existing
container gcr.io/projectsigstore/cosign:vx.y.z without a shell.
For private deployments, we have also added an alias for --insecure-skip-log, --private-infrastructure.
Bug Fixes
- chore(deps): bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#3411) which fixes a bug with using Azure KMS
- Don't require CT log keys if using a key/sk (#3415)
- Fix copy without any flag set (#3409)
- Update cosign generate cmd to not include newline (#3393)
- Fix idempotency error with signing (#3371)
Features
- Add
--yesflagcosign import-key-pairto skip the overwrite confirmation. (#3383) - Use the timeout flag value in verify* commands. (#3391)
- add --private-infrastructure flag (#3369)
Container Updates
- Bump builder image to use go1.21.4 and add new cosign image tags with shell (#3373)
Documentation
- Update SBOM_SPEC.md (#3358)
Contributors
- Carlos Tadeu Panato Junior
- Dylan Richardson
- Hayden B
- Lily Sturmann
- Nikos Fotiou
- Yonghe Zhao
trufflesecurity/trufflehog
v3.63.3
What's Changed
- Use forked sevenzip by @bill-rich in https://github.com/trufflesecurity/trufflehog/pull/2180
- fixing how to rotate URL by @dylanTruffle in https://github.com/trufflesecurity/trufflehog/pull/2183
- [fixup] - Skip trying to determine MIME type for directories by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2178
- [feat] - Remove go-git dependency by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2174
- remove unnecessary Git cmd check by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2175
- [chore] - use https for verification endpoints by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2185
- allow targets for the source manager by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2182
- Deprecate some detectors by @dustin-decker in https://github.com/trufflesecurity/trufflehog/pull/2186
- [chore] - update regex by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2184
- [chore] - Compile regex once by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2176
- Remove Java archives from ignored extensions by @rosecodym in https://github.com/trufflesecurity/trufflehog/pull/2188
- [chore] - Refactor common code into a separate function by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2179
- [feat] - add metrics for gitlab by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2190
- [bug] - move logic to main Chunks method by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2194
- [fixup] - skip files in the archive handler by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2195
- Check private keys concurrently by @rgmz in https://github.com/trufflesecurity/trufflehog/pull/2139
- Propagate TruffleHog context to handlers by @rgmz in https://github.com/trufflesecurity/trufflehog/pull/2191
- [bug] - close file after reading by @ahrav in https://github.com/trufflesecurity/trufflehog/pull/2203
- Use bad json in slackwebhooks by @rosecodym in https://github.com/trufflesecurity/trufflehog/pull/2193
- Add disk buffer tempfile cleanup by @codevbus in https://github.com/trufflesecurity/trufflehog/pull/2130
- [chore] Remove omitempty tags on JobProgressMetrics and UnitMetrics by @mcastorina in https://github.com/trufflesecurity/trufflehog/pull/2204
- Fix azurestorage detector by @0x1 in https://github.com/trufflesecurity/trufflehog/pull/2207
- fix and refactor browserstack detector by @0x1 in https://github.com/trufflesecurity/trufflehog/pull/2208
- [chore] Remove unnecessary string conversion in tefter detector by @mcastorina in https://github.com/trufflesecurity/trufflehog/pull/2209
- Update metabase verification to check for a valid JSON response by @mcastorina in https://github.com/trufflesecurity/trufflehog/pull/2210
Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.2...v3.63.3
v3.63.2
Changelog
-
11394ea[thog-1548] add auto redaction for verification errors (#2106) -
692582ffix(deps): update module github.com/google/go-github/v42 to v57 (#2172) -
16cf858chore(deps): update google-github-actions/auth action to v2 (#2171) -
13da76dskip files we can't scan (#2170) -
dbfd9a7fix(deps): update module google.golang.org/api to v0.152.0 (#2169) -
996a11d[chore] - remove deprecated types (#2168) -
08b58aafix(deps): update module golang.org/x/oauth2 to v0.15.0 (#2167) -
5d00236fix(deps): update module github.com/aws/aws-sdk-go to v1.48.12 (#2166) -
83cd276fix(deps): update module github.com/xanzy/go-gitlab to v0.94.0 (#2165) -
b5b8223fix(deps): update module github.com/trufflesecurity/disk-buffer-reader to v0.2.1 (#2163) -
5d01969Ignore images and binaries (#2162) -
37d9e5e[chore] - Increase pagination limit (#2154) -
32d8150fix(deps): update module github.com/google/go-containerregistry to v0.17.0 (#2160) -
07dc123update forager types (#2159) -
1cb8538fix(deps): update module github.com/go-logr/zapr to v1.3.0 (#2158) -
fdff3b7fix(deps): update module github.com/fatih/color to v1.16.0 (#2155) -
a6685d7fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.0 (#2153) -
8065b53fix(deps): update module github.com/aws/aws-sdk-go to v1.48.11 (#2152) -
392b07ffix(deps): update module github.com/alecthomas/kingpin/v2 to v2.4.0 (#2151) -
d81b7eafix(deps): update module cloud.google.com/go/storage to v1.35.1 (#2150) -
c34efc3make empty slice delcration consistent (#2144) -
02ba66dchore(deps): update sigstore/cosign-installer action to v3.2.0 (#2149) -
239bf92fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18 (#2148) -
3c1fde1fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.5 (#2147) -
79a862afix(deps): update module github.com/go-git/go-git/v5 to v5.10.1 (#2146) -
279f915[chore] - fix error comparisons (#2142) -
f3d51d1fix(deps): update module cloud.google.com/go/secretmanager to v1.11.4 (#2145) -
ed70118fix(deps): update golang.org/x/exp digest to6522937(#2140) -
52ffab1[chore] - fix import name clashes (#2143) -
e7ccfc2fix(deps): update module github.com/google/go-github/v42 to v56 (#2049) -
a367f9cFix azure panic when invalid URL is constructed (#2137) -
8880c2efixup cleantemp (#2136) -
e498c80Fix nil pointer dereference when checking if a unit IsFinished (#2135) -
7ecd43a[chore] Minor cleanup of source_manager.go (#2134) -
363ccabSimplify temp dir cleaning (#2133) -
ede0c39Add new auth method to source (#2132) -
d552222add extradata nil check and use make (#2129) -
1759f09added ci scanning info to readme (#2126) -
78219a2Call Finish in SourceManager after the semaphore is released (#2121) -
024aa05chore(github): add a newline between titles and bodies (#2124) -
1f502fdfeat(github): scan issue & pr titles (#1899) -
0e6e1dcuse camelcase var names (#2123) -
7d10e25Remove unused functions (#2122) -
a7a9e18[chore] - update readme help flags (#2120) -
11df3dcfeat(signing): Sign checksum (#1894) -
a7d330aimport missing detectors (#2119) -
75e869fFix forks and repos counter, add metric for orgs enumerated (#2118) -
62c628ffeat(telegram): add username to extradata (#2100) -
9e88cdfadd extra data to github detector (#1909) -
cd9c1aefixed gist direct link generation (#2115)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Edited by renovate