Use cosign V2 in Zarf #2019
Comments
|
Thanks for the issue - we are tracking this but haven't completed the migration (yet) - there are still some examples and docs that need to be updated (despite |
5 tasks
Noxsios
pushed a commit
that referenced
this issue
Sep 21, 2023
#2023) ## Description This updates Zarf to cosign v2 and is more clear about sget deprecations. ## Related Issue Fixes #2019 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Details
We use zarf as a lib in our project and we also have an automatic dependency update system running daily on our side. The dependency update broke because Zarf relies on the github.com/sigstore/[email protected] which depends on [email protected].
The latest version for go-securesystemslib is v0.7.0. The latest version of github.com/sigstore/cosign that is v2.2.0, depend on the [email protected].
Expected result
I wat from Zarf to upgrade cosign from v1.13.1 to v.2.2.0.
The text was updated successfully, but these errors were encountered: