diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8741a10d96d..1e2602b2e93 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -33,8 +33,8 @@ jobs: - name: Install cosign # Use commit hash here to avoid a re-tagging attack, as this is a third-party action - # Commit d58896d6a1865668819e1d91763c7751a165e159 = tag v3.9.2 - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 + # Commit d7543c93d881b35a8faa02e8e3605f69b7a1ce62 = tag v3.10.0 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 - name: Install syft # Use commit hash here to avoid a re-tagging attack, as this is a third-party action diff --git a/go.mod b/go.mod index bea9cb47f0e..3888c942954 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/nats-io/nkeys v0.4.11 github.com/nats-io/nuid v1.0.1 go.uber.org/automaxprocs v1.6.0 - golang.org/x/crypto v0.41.0 + golang.org/x/crypto v0.42.0 golang.org/x/sys v0.36.0 golang.org/x/time v0.13.0 ) diff --git a/go.sum b/go.sum index 2026909bcb1..d0adb2c0cb1 100644 --- a/go.sum +++ b/go.sum @@ -24,8 +24,8 @@ github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMT github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI= +golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=