diff --git a/.golangci.yml b/.golangci.yml index f6b550d9520..d317f4c7041 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -83,6 +83,34 @@ linters: path: pkg/cosign/verify_bundle_test.go # NewEntry used for Rekor v1, will update to NewTlogEntry for Rekor v2 support text: SA1019 + # in-toto-golang v0.11.0 deprecated the legacy Statement/StatementHeader/ + # Subject/ProvenancePredicate types in favor of the protobuf-generated + # in_toto Attestation Framework v1 API. Migrating the attestation code is a + # separate effort; suppress the deprecation lint until then. + - linters: + - staticcheck + path: pkg/cosign/attestation/attestation.go + text: SA1019 + - linters: + - staticcheck + path: pkg/cosign/fetch.go + text: SA1019 + - linters: + - staticcheck + path: pkg/cosign/verifiers.go + text: SA1019 + - linters: + - staticcheck + path: pkg/policy/attestation + text: SA1019 + - linters: + - staticcheck + path: cmd/cosign/cli/attest/attest_blob_test.go + text: SA1019 + - linters: + - staticcheck + path: cmd/cosign/cli/verify/verify.go + text: SA1019 paths: - third_party$ - builtin$ diff --git a/Dockerfile b/Dockerfile index 97d18f41e63..9e508105daf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,4 +15,4 @@ # This is used to we scrap the go version and use in CI to get the latest go version # and we use dependabot to keep the go version up to date -FROM golang:1.26.3 +FROM golang:1.26.4 diff --git a/go.mod b/go.mod index 42421f84988..e70b4271b54 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sigstore/cosign/v2 -go 1.26.3 +go 1.26.4 require ( cuelang.org/go v0.14.1 diff --git a/test/fakeoidc/go.mod b/test/fakeoidc/go.mod index a55950336a7..2f850da4f51 100644 --- a/test/fakeoidc/go.mod +++ b/test/fakeoidc/go.mod @@ -1,6 +1,6 @@ module github.com/sigstore/cosign/test/fakeoidc -go 1.26.3 +go 1.26.4 require github.com/go-jose/go-jose/v4 v4.0.5