Bump github.com/veraison/go-cose from 1.0.0-rc.1 to 1.0.0 by dependabot[bot] · Pull Request #1766 · microsoft/hcsshim

dependabot · 2023-05-08T14:33:46Z

Bumps github.com/veraison/go-cose from 1.0.0-rc.1 to 1.0.0.

Release notes

Sourced from github.com/veraison/go-cose's releases.

1.0.0

📘Documentation go-cose readme

What's Changed

Sign1 by @thomas-fossati in veraison/go-cose#1

Sign1 bells and whistles by @thomas-fossati in veraison/go-cose#2

add license check by @thomas-fossati in veraison/go-cose#3

Add gluecose conformance tests by @qmuntal in veraison/go-cose#19

Fix CI and add first fuzz test by @qmuntal in veraison/go-cose#20

Add PS256 conformance tests by @qmuntal in veraison/go-cose#21

Remote Signing by @shizhMSFT in veraison/go-cose#51

add Sign1Message benchmarks by @qmuntal in veraison/go-cose#54

Mark COSE Sign as experimental by @thomas-fossati in veraison/go-cose#58

Remove design.md as remote signing has merged by @SteveLasker in veraison/go-cose#57

Documentation cleanup by @qmuntal in veraison/go-cose#61

Guard against race conditions in RegisterAlgorithm by @qmuntal in veraison/go-cose#62

Use curve modulo instead of field size to calculate ECDSA signature length by @qmuntal in veraison/go-cose#60

Fix integer range rendering by @qmuntal in veraison/go-cose#63

Update readme with release info by @SteveLasker in veraison/go-cose#65

Remove cose.Verify1 and update cose.Sign1 by @qmuntal in veraison/go-cose#67

Ensure IV and Partial IV are not both present by @qmuntal in veraison/go-cose#66

Correct README to reflect the defork from mozilla/go-cose by @yogeshbdeshpande in veraison/go-cose#69

Create Reports folder under go-cose by @yogeshbdeshpande in veraison/go-cose#70

Upload NCC Public Report by @kevin-henry-ncc in veraison/go-cose#77

Fail-safe check on RSA by @shizhMSFT in veraison/go-cose#72

Ensure critical header contains valid labels by @qmuntal in veraison/go-cose#78

Error if unprotected header contains crit param by @qmuntal in veraison/go-cose#81

Add baseline security process by @SteveLasker in veraison/go-cose#4

Improve Sign1Message.Sign1() docs by @qmuntal in veraison/go-cose#85

upload coverage to codecov.io by @qmuntal in veraison/go-cose#84

Validate generic headers by @qmuntal in veraison/go-cose#87

Increase headers type validation coverage by @qmuntal in veraison/go-cose#89

Update README.md and SECURITY.md from alpha.1 to rc.1 by @FeynmanZhou in veraison/go-cose#91

Enhance reports folder README.md and also top level README.md by @yogeshbdeshpande in veraison/go-cose#93

Upload the Trail of Bits public security assessment report by @ESultanik in veraison/go-cose#94

Add Trail of Bits Security Review by @SteveLasker in veraison/go-cose#96

refactor!: accept message content instead of digest for sign and verify by @shizhMSFT in veraison/go-cose#101

chore: upgrade ci to go 1.18 and go 1.19 by @shizhMSFT in veraison/go-cose#103

Reduce FuzzSign1 memory consumption by @qmuntal in veraison/go-cose#104

Update cose-spec from draft to RFC 9052 by @fxamacker in veraison/go-cose#109

Improve README.md examples by @qmuntal in veraison/go-cose#111

Use cbor.SortCoreDeterministic for CBOR encoding by @qmuntal in veraison/go-cose#113

fix example in the readme by @thomas-fossati in veraison/go-cose#114

Check EC point is on curve at Verifier instantiation by @thomas-fossati in veraison/go-cose#116

New Contributors

@thomas-fossati made their first contribution in veraison/go-cose#1

@SteveLasker made their first contribution in veraison/go-cose#57

@yogeshbdeshpande made their first contribution in veraison/go-cose#69

... (truncated)

Commits

527d043 Merge pull request #39 from mozilla-services/fix-verify-example
d585410 update examples in readme
f0d3d6f rm extra alg param to Signer.Verifier in verify example
bb59937 Merge pull request #37 from mozilla-services/more-cleanup
ff0b10a add test for duplicate headers in a msg Signature
deec295 add TestSignVerifyWithoutMessage
e8dbd36 add TestSignerSignErrors
542b70f more NewSigner tests
f6f30b1 NewSigner handle unsupported key types
69e95cb fix default signer key type
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Update dependencies and vendor (and update `test/go.mod`, as appropriate) for: - github.com/microsoft/pull/1758 - github.com/microsoft/pull/1759 - github.com/microsoft/pull/1760 - github.com/microsoft/pull/1761 - github.com/microsoft/pull/1762 - github.com/microsoft/pull/1763 - github.com/microsoft/pull/1764 - github.com/microsoft/pull/1765 - github.com/microsoft/pull/1766 Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>

Bumps [github.com/veraison/go-cose](https://github.com/veraison/go-cose) from 1.0.0-rc.1 to 1.0.0. - [Release notes](https://github.com/veraison/go-cose/releases) - [Commits](veraison/go-cose@v1.0.0-rc.1...v1) --- updated-dependencies: - dependency-name: github.com/veraison/go-cose dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2023-05-21T04:00:09Z

Superseded by #1786.

dependabot bot requested a review from a team as a code owner May 8, 2023 14:33

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 8, 2023

helsaawy mentioned this pull request May 8, 2023

omnibus dependency updates #1767

Merged

dependabot bot force-pushed the dependabot/go_modules/github.com/veraison/go-cose-1.0.0 branch from 900d0a9 to 8947ceb Compare May 8, 2023 17:43

dependabot bot force-pushed the dependabot/go_modules/github.com/veraison/go-cose-1.0.0 branch from 8947ceb to d0500b2 Compare May 15, 2023 20:12

dependabot bot closed this May 21, 2023

dependabot bot deleted the dependabot/go_modules/github.com/veraison/go-cose-1.0.0 branch May 21, 2023 04:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/veraison/go-cose from 1.0.0-rc.1 to 1.0.0#1766

Bump github.com/veraison/go-cose from 1.0.0-rc.1 to 1.0.0#1766
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/veraison/go-cose-1.0.0

dependabot bot commented on behalf of github May 8, 2023 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github May 21, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github May 8, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

1.0.0

What's Changed

New Contributors

Uh oh!

dependabot bot commented on behalf of github May 21, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github May 8, 2023 •

edited

Loading