Bump cosign, fix breakage #718

imjasonh · 2022-05-31T15:54:31Z

$ go get -u github.com/sigstore/cosign
go get -u github.com/sigstore/cosign@latest
go: downloading github.com/sigstore/cosign v1.8.0
go: upgraded github.com/sigstore/cosign v1.3.2-0.20211120003522-90e2dcfe7b92 => v1.8.0
$ go get ./...
$ go mod tidy
$ go mod vendor
$ go build ./...
# github.com/google/ko/pkg/build
pkg/build/gobuild.go:351:20: undefined: types.CycloneDXMediaType

The const got renamed some time between 1.3.1 and 1.8.0: https://pkg.go.dev/github.com/sigstore/[email protected]/pkg/types

Fixes #713

Notably, some time between 1.3.1 and 1.8.0, the vendored cosign dependency seems to have grown by ~180k lines... 😒

imjasonh · 2022-05-31T21:06:43Z

Superceded by #667 which bumps even more deps.

imjasonh requested a review from mattmoor May 31, 2022 15:54

imjasonh mentioned this pull request May 31, 2022

Fails when upgrading to 1.18 #713

Closed

imjasonh changed the title ~~Bump cosign~~ Bump cosign, fix breakage May 31, 2022

Bump cosign dep, fix breakage

4cf000c

imjasonh force-pushed the bump-cosign branch from 5ae7a3a to 4cf000c Compare May 31, 2022 17:20

imjasonh closed this May 31, 2022

imjasonh mentioned this pull request Jun 7, 2022

Signing built images #357

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump cosign, fix breakage #718

Bump cosign, fix breakage #718

imjasonh commented May 31, 2022 •

edited

Loading

imjasonh commented May 31, 2022

Bump cosign, fix breakage #718

Bump cosign, fix breakage #718

Conversation

imjasonh commented May 31, 2022 • edited Loading

imjasonh commented May 31, 2022

imjasonh commented May 31, 2022 •

edited

Loading