From 656e6d88715ccbd9c1a525476d8a343493dd45d4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Feb 2025 09:44:19 +0800
Subject: [PATCH 01/35] build(deps): Bump ossf/scorecard-action from 2.4.0 to
 2.4.1 (#1191)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)
from 2.4.0 to 2.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>This update bumps the Scorecard version to the v5.1.1 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.0">v5.1.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.1">v5.1.1</a>
release notes.</li>
<li>Publishing results now uses half the API quota as before. The exact
savings depends on the repository in question.
<ul>
<li>use Scorecard library entrypoint instead of Cobra hooking by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1423">ossf/scorecard-action#1423</a></li>
</ul>
</li>
<li>Some errors were made into annotations to make them more visible
<ul>
<li>Make default branch error more prominent by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a></li>
</ul>
</li>
<li>There is now an optional <code>file_mode</code> input which controls
how repository files are fetched from GitHub. The default is
<code>archive</code>, but <code>git</code> produces the most accurate
results for repositories with <code>.gitattributes</code> files at the
cost of analysis speed.
<ul>
<li>add input for specifying <code>--file-mode</code> by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1509">ossf/scorecard-action#1509</a></li>
</ul>
</li>
<li>The underlying container for the action is now <a
href="https://github.com/ossf/scorecard-action/pkgs/container/scorecard-action">hosted
on GitHub Container Registry</a>. There should be no functional changes.
<ul>
<li>:seedling: publish docker images to GitHub Container Registry by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1453">ossf/scorecard-action#1453</a></li>
</ul>
</li>
</ul>
<h3>Docs</h3>
<ul>
<li>Installation docs update by <a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a>
<strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1">https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/f49aabe0b5af0936a0987cfb85d86b75731b0186"><code>f49aabe</code></a>
bump docker to ghcr v2.4.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1478">#1478</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/30a595ba8670f7bd5e2d33119dfeeb6ab2f64991"><code>30a595b</code></a>
:seedling: Bump github.com/sigstore/cosign/v2 from 2.4.2 to 2.4.3 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1515">#1515</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/69ae593b7addfd5241b46c43c7ed6abbd7203d55"><code>69ae593</code></a>
omit vcs info from build (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1514">#1514</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/6a62a1cbf28018bd61197d0c2852b94b046fe1a4"><code>6a62a1c</code></a>
add input for specifying <code>--file-mode</code> (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1509">#1509</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/2722664778d49161a69d42f8e82e15ed38fea8d1"><code>2722664</code></a>
:seedling: Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1510">#1510</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/ae0ef3171a81cb48c3fdaaf34cba323d0c51fefb"><code>ae0ef31</code></a>
:seedling: Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1512">#1512</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/3676bbc29082184ac34a84d1573c0419f81c4a68"><code>3676bbc</code></a>
:seedling: Bump golang from 1.23.6 to 1.24.0 in the docker-images group
(<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1513">#1513</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/ae7548a0ff1b94dda3a89eeda8f59c031874f035"><code>ae7548a</code></a>
Limit codeQL push trigger to main branch (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1507">#1507</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/9165624e75f0c73d13a9db2d4d920bcc5fc3a801"><code>9165624</code></a>
upgrade scorecard to v5.1.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1508">#1508</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/620fd28d6b2ba01c1d70cf63dfb4bdf868e19d6f"><code>620fd28</code></a>
:seedling: Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1505">#1505</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.4.0&new-version=2.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/scorecard.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 7ce7bfac5..41615d010 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -46,7 +46,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # tag=v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # tag=v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif

From bf07f1a1f4cb55e77b7fb5904a67f808e72f6aca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Feb 2025 09:45:22 +0800
Subject: [PATCH 02/35] build(deps): Bump github/codeql-action from 3.28.9 to
 3.28.10 (#1189)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.9 to 3.28.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.10</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.10/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.1 - 10 Jan 2025</h2>
<ul>
<li>CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see <a
href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/">this
changelog post</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2677">#2677</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d"><code>b56ba49</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2778">#2778</a>
from github/update-v3.28.10-9856c48b1</li>
<li><a
href="https://github.com/github/codeql-action/commit/60c9c77c33f2cd66390a3778d54de88b735b2526"><code>60c9c77</code></a>
Update changelog for v3.28.10</li>
<li><a
href="https://github.com/github/codeql-action/commit/9856c48b1a54789454314b4c32ef2354fe213208"><code>9856c48</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2773">#2773</a>
from github/redsun82/rust</li>
<li><a
href="https://github.com/github/codeql-action/commit/9572e09da430b4c71f7488e4195b4ca6ce1c6ef0"><code>9572e09</code></a>
Rust: fix log string</li>
<li><a
href="https://github.com/github/codeql-action/commit/1a529366ac3620317d953e2d4018eafa7459cb1c"><code>1a52936</code></a>
Rust: special case default setup</li>
<li><a
href="https://github.com/github/codeql-action/commit/cf7e90952bcceaebd4a548c2809ea6a5d461a1bc"><code>cf7e909</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2772">#2772</a>
from github/update-bundle/codeql-bundle-v2.20.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/b7006aab6d38638d18e38a27c18f67138529c2f8"><code>b7006aa</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.20.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/cfedae723eaced5e13052b529375e7b00d49a9cd"><code>cfedae7</code></a>
Rust: throw configuration errors if requested and not correctly
enabled</li>
<li><a
href="https://github.com/github/codeql-action/commit/3971ed2a74ede0669fa7f4f5af4292030280dbfd"><code>3971ed2</code></a>
Merge branch 'main' into redsun82/rust</li>
<li><a
href="https://github.com/github/codeql-action/commit/d38c6e60dfb0232f85e388dd416559ed07da5f3a"><code>d38c6e6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2775">#2775</a>
from github/angelapwen/bump-octokit</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0...b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.9&new-version=3.28.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/codeql.yml    | 4 ++--
 .github/workflows/scorecard.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 1cff301fb..f12d47e35 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -49,8 +49,8 @@ jobs:
           go-version: ${{ matrix.go-version }}
           check-latest: true
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
         with:
           languages: go
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 41615d010..85cfa0467 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -61,6 +61,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
         with:
           sarif_file: results.sarif

From fb3d417453fed2cb150df3d5b591daf8f288256e Mon Sep 17 00:00:00 2001
From: Junjie Gao <junjiegao@microsoft.com>
Date: Thu, 6 Mar 2025 13:54:14 +0800
Subject: [PATCH 03/35] fix: notify context cancellation when SIGINT is
 received (#1198)

When a process is killed with a SIGINT system call (Ctrl+c), start a
context cancellation for a graceful shutdown.

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 cmd/notation/main.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cmd/notation/main.go b/cmd/notation/main.go
index 712668a9f..ca5299423 100644
--- a/cmd/notation/main.go
+++ b/cmd/notation/main.go
@@ -14,7 +14,9 @@
 package main
 
 import (
+	"context"
 	"os"
+	"os/signal"
 
 	"github.com/notaryproject/notation-go/dir"
 	"github.com/notaryproject/notation/cmd/notation/cert"
@@ -63,7 +65,10 @@ func main() {
 		versionCommand(),
 		inspectCommand(nil),
 	)
-	if err := cmd.Execute(); err != nil {
+
+	ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt)
+	defer cancel()
+	if err := cmd.ExecuteContext(ctx); err != nil {
 		os.Exit(1)
 	}
 }

From 72c58b088819049213302825081daf40eb5c459c Mon Sep 17 00:00:00 2001
From: Junjie Gao <junjiegao@microsoft.com>
Date: Thu, 6 Mar 2025 13:57:06 +0800
Subject: [PATCH 04/35] fix: goreleaser deprecated options (#1201)

Release pipeline with **warnings**:
https://github.com/notaryproject/notation/actions/runs/13489436510/job/37685202798

Fix:
- locked goreleaser version to v2
- added configuration `version: 2`:
https://goreleaser.com/errors/version/?h=configuration+version#unsupported-configuration-version
- updated deprecated
- `format` option: https://goreleaser.com/deprecations/#archivesformat
- `overrides.format` option:
https://goreleaser.com/deprecations/#archivesformat_overridesformat

Test:
- tested release pipeline in forked repo

---------

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/release-github.yml | 2 +-
 .goreleaser.yml                      | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release-github.yml b/.github/workflows/release-github.yml
index 35df27825..8b805f5ce 100644
--- a/.github/workflows/release-github.yml
+++ b/.github/workflows/release-github.yml
@@ -49,7 +49,7 @@ jobs:
         uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
         with:
           distribution: goreleaser
-          version: latest
+          version: v2
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 86dbc2453..219e26cab 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -11,6 +11,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+version: 2
 builds:
   - main: ./cmd/notation
     id: notation
@@ -37,10 +38,10 @@ builds:
     ldflags:
       - -s -w -X {{.ModulePath}}/internal/version.Version={{.Version}} -X {{.ModulePath}}/internal/version.GitCommit={{.FullCommit}} -X {{.ModulePath}}/internal/version.BuildMetadata=
 archives:
-  - format: tar.gz
+  - formats: [ 'tar.gz' ]
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [ 'zip' ]
     files:
       - LICENSE
 release:

From 6e0104b06057004680abee59120fee62e38882db Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:07:48 +0800
Subject: [PATCH 05/35] build(deps): Bump actions/upload-artifact from 4.6.0 to
 4.6.1 (#1190)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/scorecard.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 85cfa0467..e95e820f2 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -54,7 +54,7 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # tag=v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # tag=v4.6.1
         with:
           name: SARIF file
           path: results.sarif

From 585cf6a0088eb900e4282a8571d64cf12ff20542 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:08:26 +0800
Subject: [PATCH 06/35] build(deps): Bump actions/cache from 4.2.0 to 4.2.2
 (#1199)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0960a6c7e..03e2fa6d6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -38,7 +38,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Cache Go modules
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         id: go-mod-cache
         with:
           path: ~/go/pkg/mod

From 75fc338ea4355727a377d5ab3ec92bf97147591d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:09:53 +0800
Subject: [PATCH 07/35] build(deps): Bump codecov/codecov-action from 5.3.1 to
 5.4.0 (#1200)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 03e2fa6d6..64c1e41fb 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -59,6 +59,6 @@ jobs:
             make e2e-covdata
           fi
       - name: Upload coverage to codecov.io
-        uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1
+        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

From ee4918b261ac2feacfb4aaffc3ed390d064ebd2a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:10:31 +0800
Subject: [PATCH 08/35] build(deps): Bump github/codeql-action from 3.28.10 to
 3.28.11 (#1207)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/codeql.yml    | 4 ++--
 .github/workflows/scorecard.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index f12d47e35..1c9d512ff 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -49,8 +49,8 @@ jobs:
           go-version: ${{ matrix.go-version }}
           check-latest: true
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
         with:
           languages: go
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index e95e820f2..f3d4fa7c7 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -61,6 +61,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
         with:
           sarif_file: results.sarif

From 1b9b7462e7bda74831d6500cddf3c4722f88bb51 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:11:58 +0800
Subject: [PATCH 09/35] build(deps): Bump golang.org/x/term from 0.29.0 to
 0.30.0 (#1209)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 5b37c5b79..f4073933d 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
-	golang.org/x/term v0.29.0
+	golang.org/x/term v0.30.0
 	oras.land/oras-go/v2 v2.5.0
 )
 
@@ -29,5 +29,5 @@ require (
 	golang.org/x/crypto v0.33.0 // indirect
 	golang.org/x/mod v0.23.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 43c63a466..00d998450 100644
--- a/go.sum
+++ b/go.sum
@@ -121,8 +121,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -132,8 +132,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
-golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=

From e5fa441b0e284ce44f741351b812a55fe69c56bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:12:57 +0800
Subject: [PATCH 10/35] build(deps): Bump github.com/onsi/ginkgo/v2 from 2.22.2
 to 2.23.0 in /test/e2e (#1211)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 test/e2e/go.mod |  6 +++---
 test/e2e/go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index b8d0a1ed5..53dbb3cb7 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -5,7 +5,7 @@ go 1.23
 require (
 	github.com/notaryproject/notation-core-go v1.2.0
 	github.com/notaryproject/notation-go v1.3.1
-	github.com/onsi/ginkgo/v2 v2.22.2
+	github.com/onsi/ginkgo/v2 v2.23.0
 	github.com/onsi/gomega v1.36.2
 	github.com/opencontainers/image-spec v1.1.0
 	oras.land/oras-go/v2 v2.5.0
@@ -22,11 +22,11 @@ require (
 	github.com/veraison/go-cose v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	golang.org/x/crypto v0.33.0 // indirect
-	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/net v0.35.0 // indirect
 	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
 	golang.org/x/text v0.22.0 // indirect
-	golang.org/x/tools v0.28.0 // indirect
+	golang.org/x/tools v0.30.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index c8ae423b6..b41904ceb 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -16,8 +16,8 @@ github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAy
 github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
 github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1SDX8YNv4Dg4=
 github.com/notaryproject/tspclient-go v1.0.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
-github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU=
-github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk=
+github.com/onsi/ginkgo/v2 v2.23.0 h1:FA1xjp8ieYDzlgS5ABTpdUDB7wtngggONc8a7ku2NqQ=
+github.com/onsi/ginkgo/v2 v2.23.0/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
 github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
 github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -34,16 +34,16 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
 golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
 golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
 golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
-golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
-golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
+golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
+golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
 google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
 google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=

From 6d23fd042c67252c2f4fe9095deb440852ca42d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:44:34 +0800
Subject: [PATCH 11/35] build(deps): Bump github.com/opencontainers/image-spec
 from 1.1.0 to 1.1.1 (#1208)

Bumps
[github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec)
from 1.1.0 to 1.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/opencontainers/image-spec/releases">github.com/opencontainers/image-spec's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.1</h2>
<p>Vote Passed <code>[+5 -0 nv1]</code> - <a
href="https://groups.google.com/a/opencontainers.org/g/dev/c/T-olx0jdT18">https://groups.google.com/a/opencontainers.org/g/dev/c/T-olx0jdT18</a>
<strong>Release PR</strong> : <a
href="https://redirect.github.com/opencontainers/image-spec/pull/1247">opencontainers/image-spec#1247</a>
<strong>Full Changelog</strong>: <a
href="https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1">https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/opencontainers/image-spec/commit/147f9c13cedb47a0c4d9a11a222961073d585877"><code>147f9c1</code></a>
Release v1.1.1</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/fbb4662eb53b80bd38f7597406cf1211317768f0"><code>fbb4662</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1238">#1238</a>
from mkenigs/wording-nit</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/81e457e1db4ee2f924f357264bbe5c0daa029fcd"><code>81e457e</code></a>
Fix grammar nit</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/92353b0bee778725c617e7d57317b568a7796bd0"><code>92353b0</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1225">#1225</a>
from sudo-bmitch/pr-doc-go-version</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/1a0b9f98c1c11718d80223fbf089d2aa37077c84"><code>1a0b9f9</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1230">#1230</a>
from sudo-bmitch/pr-layout-extensibility</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/f2726353bb5752468e8458583cbd4084815f9c72"><code>f272635</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1228">#1228</a>
from sudo-bmitch/pr-mixed-digest-algo</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/e0462ab8067a57f91114dc2bab4dacebce1c3f26"><code>e0462ab</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1229">#1229</a>
from tianon/setup-go</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/cf536e39757294783fa346666fb2b2bb0d50cb58"><code>cf536e3</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1227">#1227</a>
from sudo-bmitch/pr-rm-project-doc</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/60acaacb8003bff5882298333a4a017d6aedcd6a"><code>60acaac</code></a>
Document extensibility of the image layout</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/4dcf9627be8cc874a43b2fa5ede5549136b37fb2"><code>4dcf962</code></a>
Document Go version policy</li>
<li>Additional commits viewable in <a
href="https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/opencontainers/image-spec&package-manager=go_modules&previous-version=1.1.0&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f4073933d..0883c8abe 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/notaryproject/notation-go v1.3.1
 	github.com/notaryproject/tspclient-go v1.0.0
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.1.0
+	github.com/opencontainers/image-spec v1.1.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
diff --git a/go.sum b/go.sum
index 00d998450..b3c06dd0c 100644
--- a/go.sum
+++ b/go.sum
@@ -48,8 +48,8 @@ github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1
 github.com/notaryproject/tspclient-go v1.0.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
-github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
+github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=

From d453b6ae0a94180714f6b05f9c0c3c9e468d35a0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 09:45:01 +0800
Subject: [PATCH 12/35] build(deps): Bump github.com/opencontainers/image-spec
 from 1.1.0 to 1.1.1 in /test/e2e (#1210)

Bumps
[github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec)
from 1.1.0 to 1.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/opencontainers/image-spec/releases">github.com/opencontainers/image-spec's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.1</h2>
<p>Vote Passed <code>[+5 -0 nv1]</code> - <a
href="https://groups.google.com/a/opencontainers.org/g/dev/c/T-olx0jdT18">https://groups.google.com/a/opencontainers.org/g/dev/c/T-olx0jdT18</a>
<strong>Release PR</strong> : <a
href="https://redirect.github.com/opencontainers/image-spec/pull/1247">opencontainers/image-spec#1247</a>
<strong>Full Changelog</strong>: <a
href="https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1">https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/opencontainers/image-spec/commit/147f9c13cedb47a0c4d9a11a222961073d585877"><code>147f9c1</code></a>
Release v1.1.1</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/fbb4662eb53b80bd38f7597406cf1211317768f0"><code>fbb4662</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1238">#1238</a>
from mkenigs/wording-nit</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/81e457e1db4ee2f924f357264bbe5c0daa029fcd"><code>81e457e</code></a>
Fix grammar nit</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/92353b0bee778725c617e7d57317b568a7796bd0"><code>92353b0</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1225">#1225</a>
from sudo-bmitch/pr-doc-go-version</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/1a0b9f98c1c11718d80223fbf089d2aa37077c84"><code>1a0b9f9</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1230">#1230</a>
from sudo-bmitch/pr-layout-extensibility</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/f2726353bb5752468e8458583cbd4084815f9c72"><code>f272635</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1228">#1228</a>
from sudo-bmitch/pr-mixed-digest-algo</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/e0462ab8067a57f91114dc2bab4dacebce1c3f26"><code>e0462ab</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1229">#1229</a>
from tianon/setup-go</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/cf536e39757294783fa346666fb2b2bb0d50cb58"><code>cf536e3</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/image-spec/issues/1227">#1227</a>
from sudo-bmitch/pr-rm-project-doc</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/60acaacb8003bff5882298333a4a017d6aedcd6a"><code>60acaac</code></a>
Document extensibility of the image layout</li>
<li><a
href="https://github.com/opencontainers/image-spec/commit/4dcf9627be8cc874a43b2fa5ede5549136b37fb2"><code>4dcf962</code></a>
Document Go version policy</li>
<li>Additional commits viewable in <a
href="https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/opencontainers/image-spec&package-manager=go_modules&previous-version=1.1.0&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 test/e2e/go.mod | 2 +-
 test/e2e/go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index 53dbb3cb7..af4f09969 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/notaryproject/notation-go v1.3.1
 	github.com/onsi/ginkgo/v2 v2.23.0
 	github.com/onsi/gomega v1.36.2
-	github.com/opencontainers/image-spec v1.1.0
+	github.com/opencontainers/image-spec v1.1.1
 	oras.land/oras-go/v2 v2.5.0
 )
 
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index b41904ceb..a3a7ff78d 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -22,8 +22,8 @@ github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
 github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
-github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
+github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=

From 56d56a1707600f00f7ba98057e03308fdfee053c Mon Sep 17 00:00:00 2001
From: Patrick Zheng <patrickzheng@microsoft.com>
Date: Fri, 14 Mar 2025 15:56:38 +0800
Subject: [PATCH 13/35] fix: fix main function (#1223)

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 cmd/notation/main.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cmd/notation/main.go b/cmd/notation/main.go
index ca5299423..395f0c201 100644
--- a/cmd/notation/main.go
+++ b/cmd/notation/main.go
@@ -25,7 +25,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func main() {
+func run() error {
 	cmd := &cobra.Command{
 		Use:          "notation",
 		Short:        "Notation - a tool to sign and verify artifacts",
@@ -68,7 +68,11 @@ func main() {
 
 	ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt)
 	defer cancel()
-	if err := cmd.ExecuteContext(ctx); err != nil {
+	return cmd.ExecuteContext(ctx)
+}
+
+func main() {
+	if err := run(); err != nil {
 		os.Exit(1)
 	}
 }

From e28f460e560ea8cb3abe2e1a3a8142ba47f9f48d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Mar 2025 10:23:28 +0800
Subject: [PATCH 14/35] build(deps): Bump golang.org/x/net from 0.35.0 to
 0.36.0 in /test/e2e (#1220)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.35.0 to
0.36.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1"><code>85d1d54</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/net/commit/cde1dda944dcf6350753df966bb5bda87a544842"><code>cde1dda</code></a>
proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts</li>
<li><a
href="https://github.com/golang/net/commit/fe7f0391aa994a401c82d829183c1efab7a64df4"><code>fe7f039</code></a>
publicsuffix: spruce up code gen and speed up PublicSuffix</li>
<li><a
href="https://github.com/golang/net/commit/459513d1f8abff01b4854c93ff0bff7e87985a0a"><code>459513d</code></a>
internal/http3: move more common stream processing to genericConn</li>
<li><a
href="https://github.com/golang/net/commit/aad0180cad195ab7bcd14347e7ab51bece53f61d"><code>aad0180</code></a>
http2: fix flakiness from t.Log when GOOS=js</li>
<li><a
href="https://github.com/golang/net/commit/b73e5746f64471c22097f07593643a743e7cfb0f"><code>b73e574</code></a>
http2: don't log expected errors from writing invalid trailers</li>
<li><a
href="https://github.com/golang/net/commit/5f45c776a9c4d415cbe67d6c22c06fd704f8c9f1"><code>5f45c77</code></a>
internal/http3: make read-data tests usable for server handlers</li>
<li><a
href="https://github.com/golang/net/commit/43c2540165a4d1bc9a81e06a86eb1e22ece64145"><code>43c2540</code></a>
http2, internal/httpcommon: reject userinfo in :authority</li>
<li><a
href="https://github.com/golang/net/commit/1d78a085008d9fedfe3f303591058325f99727d7"><code>1d78a08</code></a>
http2, internal/httpcommon: factor out server header logic for
h2/h3</li>
<li><a
href="https://github.com/golang/net/commit/0d7dc54a591c12b4bd03bcd745024178d03d9218"><code>0d7dc54</code></a>
quic: add Conn.ConnectionState</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.35.0...v0.36.0">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.35.0&new-version=0.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/notaryproject/notation/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 go.mod          | 2 +-
 go.sum          | 2 --
 test/e2e/go.mod | 4 ++--
 test/e2e/go.sum | 7 +++++++
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 0883c8abe..4bac13956 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/notaryproject/notation
 
-go 1.23
+go 1.23.0
 
 require (
 	github.com/notaryproject/notation-core-go v1.2.0
diff --git a/go.sum b/go.sum
index b3c06dd0c..555f0ddd5 100644
--- a/go.sum
+++ b/go.sum
@@ -12,8 +12,6 @@ github.com/go-asn1-ber/asn1-ber v1.5.7 h1:DTX+lbVTWaTw1hQ+PbZPlnDZPEIs0SS/GCZAl5
 github.com/go-asn1-ber/asn1-ber v1.5.7/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.10 h1:ot/iwPOhfpNVgB1o+AVXljizWZ9JTp7YF5oeyONmcJU=
 github.com/go-ldap/ldap/v3 v3.4.10/go.mod h1:JXh4Uxgi40P6E9rdsYqpUtbW46D9UTjJ9QSwGRznplY=
-github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
-github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
 github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index af4f09969..aaaf3e2b0 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -21,8 +21,8 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/veraison/go-cose v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/crypto v0.33.0 // indirect
-	golang.org/x/net v0.35.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
+	golang.org/x/net v0.36.0 // indirect
 	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
 	golang.org/x/text v0.22.0 // indirect
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index a3a7ff78d..3f8573bd1 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -32,10 +32,17 @@ github.com/veraison/go-cose v1.3.0 h1:2/H5w8kdSpQJyVtIhx8gmwPJ2uSz1PkyWFx0idbd7r
 github.com/veraison/go-cose v1.3.0/go.mod h1:df09OV91aHoQWLmy1KsDdYiagtXgyAwAl8vFeFn1gMc=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+<<<<<<< HEAD
 golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
 golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
 golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
 golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+=======
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
+golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
+>>>>>>> 3810ef3 (build(deps): Bump golang.org/x/net from 0.35.0 to 0.36.0 in /test/e2e (#1220))
 golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
 golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=

From 147f39baf63b1939c2e36feade857ee1af68edb0 Mon Sep 17 00:00:00 2001
From: Junjie Gao <junjiegao@microsoft.com>
Date: Tue, 25 Mar 2025 08:23:01 +0800
Subject: [PATCH 15/35] fix: plugin error message (#1217)

Examples:

**When putting an arbitrary file into the plugin folder:**
Before:
```
NAME                   DESCRIPTION   VERSION   CAPABILITIES   ERROR
azure-trustedsigning                           []             fork/exec /home/jj/.config/notation/plugins/azure-trustedsigning/notation-azure-trustedsigning: exec format error
```

After
```
NAME                   DESCRIPTION   VERSION   CAPABILITIES   ERROR
azure-trustedsigning                           []             plugin executable file `notation-azure-trustedsigning` is not executable. Use `notation plugin install` command to install the plugin. Please ensure that the plugin executable file is compatible with linux/amd64
```

**When the plugin name is not followed the plugin spec:**
Before
```
NAME                   DESCRIPTION   VERSION   CAPABILITIES   ERROR
azure-trustedsigning                           []             plugin executable file is either not found or inaccessible: stat /home/jj/.config/notation/plugins/azure-trustedsigning/notation-azure-trustedsigning: no such file or directory
```

After
```
NAME                   DESCRIPTION   VERSION   CAPABILITIES   ERROR
azure-trustedsigning                           []             plugin executable file `notation-azure-trustedsigning` not found. Use `notation plugin install` command to install the plugin. Each plugin executable must be placed in the $PLUGIN_DIRECTORY/{plugin-name} directory, with the executable named as 'notation-{plugin-name}''
```

**When the notation plugin executable file is not executable:**
Before/After are the same
```
NAME                   DESCRIPTION   VERSION   CAPABILITIES   ERROR
azure-trustedsigning                           []             fork/exec /home/jj/.config/notation/plugins/azure-trustedsigning/notation-azure-trustedsigning: permission denied
```

**When using an AMR64 arch of plugin file on an AMD64 machine:**
Before:
```
NAME                   DESCRIPTION   VERSION   CAPABILITIES   ERROR
azure-trustedsigning                           []             fork/exec /home/jj/.config/notation/plugins/azure-trustedsigning/notation-azure-trustedsigning: exec format error
```

After:
```
NAME                   DESCRIPTION   VERSION   CAPABILITIES   ERROR
azure-trustedsigning                           []             plugin file `notation-azure-trustedsigning` is not executable. Use `notation plugin install` command to install the plugin. Please ensure that the plugin executable file is compatible with linux/amd64
```

Resolves #704

---------

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 cmd/notation/plugin/list.go   | 35 +++++++++++++++++++++++++++---
 go.mod                        |  2 +-
 go.sum                        |  5 +++++
 test/e2e/suite/plugin/list.go | 40 +++++++++++++++++++++++++++++++++++
 4 files changed, 78 insertions(+), 4 deletions(-)

diff --git a/cmd/notation/plugin/list.go b/cmd/notation/plugin/list.go
index bfc3ebffe..95ddbd1bb 100644
--- a/cmd/notation/plugin/list.go
+++ b/cmd/notation/plugin/list.go
@@ -16,12 +16,16 @@ package plugin
 import (
 	"errors"
 	"fmt"
+	"io/fs"
 	"os"
+	"runtime"
+	"syscall"
 	"text/tabwriter"
 
 	"github.com/notaryproject/notation-go/dir"
 	"github.com/notaryproject/notation-go/plugin"
 	"github.com/notaryproject/notation-go/plugin/proto"
+	pluginFramework "github.com/notaryproject/notation-plugin-framework-go/plugin"
 	"github.com/spf13/cobra"
 )
 
@@ -58,8 +62,8 @@ func listPlugins(command *cobra.Command) error {
 
 	var pl plugin.Plugin
 	var resp *proto.GetMetadataResponse
-	for _, n := range pluginNames {
-		pl, err = mgr.Get(command.Context(), n)
+	for _, pluginName := range pluginNames {
+		pl, err = mgr.Get(command.Context(), pluginName)
 		metaData := &proto.GetMetadataResponse{}
 		if err == nil {
 			resp, err = pl.GetMetadata(command.Context(), &proto.GetMetadataRequest{})
@@ -68,7 +72,32 @@ func listPlugins(command *cobra.Command) error {
 			}
 		}
 		fmt.Fprintf(tw, "%s\t%s\t%s\t%v\t%v\t\n",
-			n, metaData.Description, metaData.Version, metaData.Capabilities, err)
+			pluginName, metaData.Description, metaData.Version, metaData.Capabilities, userFriendlyError(pluginName, err))
 	}
 	return tw.Flush()
 }
+
+// userFriendlyError optimizes the error message for the user.
+func userFriendlyError(pluginName string, err error) error {
+	if err == nil {
+		return nil
+	}
+	var pathError *fs.PathError
+	if errors.As(err, &pathError) {
+		pluginFileName := pluginFramework.BinaryPrefix + pluginName
+		if runtime.GOOS == "windows" {
+			pluginFileName += ".exe"
+		}
+
+		// for plugin does not exist
+		if errors.Is(pathError, fs.ErrNotExist) {
+			return fmt.Errorf("plugin executable file `%s` not found. Use `notation plugin install` command to install the plugin", pluginFileName)
+		}
+
+		// for plugin is not executable
+		if pathError.Err == syscall.ENOEXEC {
+			return fmt.Errorf("plugin file `%s` is not executable. Use `notation plugin install` command to install the plugin. Please ensure that the plugin executable file is compatible with %s/%s", pluginFileName, runtime.GOOS, runtime.GOARCH)
+		}
+	}
+	return err
+}
diff --git a/go.mod b/go.mod
index 4bac13956..dae53a6ff 100644
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,7 @@ go 1.23.0
 require (
 	github.com/notaryproject/notation-core-go v1.2.0
 	github.com/notaryproject/notation-go v1.3.1
+  github.com/notaryproject/notation-plugin-framework-go v1.0.0
 	github.com/notaryproject/tspclient-go v1.0.0
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
@@ -23,7 +24,6 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/notaryproject/notation-plugin-framework-go v1.0.0 // indirect
 	github.com/veraison/go-cose v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	golang.org/x/crypto v0.33.0 // indirect
diff --git a/go.sum b/go.sum
index 555f0ddd5..89281e265 100644
--- a/go.sum
+++ b/go.sum
@@ -38,8 +38,13 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/notaryproject/notation-core-go v1.2.0 h1:WElMG9X0YXJhBd0A4VOxLNalTLrTjvqtIAj7JHr5X08=
 github.com/notaryproject/notation-core-go v1.2.0/go.mod h1:+y3L1dOs2/ZwJIU5Imo7BBvZ/M3CFjXkydGGdK09EtA=
+<<<<<<< HEAD
 github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAylOKoFjTd6o=
 github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
+=======
+github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604 h1:uw65pHgN+NXAqHssmlRJUkcl515AQgMIOdC6tbBHHXE=
+github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604/go.mod h1:NXYZyzIawUSyv+C0Gs8bBYJ1q8a1gy78GEss8fPNZmY=
+>>>>>>> b7a2f0c (fix: plugin error message (#1217))
 github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
 github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics=
 github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1SDX8YNv4Dg4=
diff --git a/test/e2e/suite/plugin/list.go b/test/e2e/suite/plugin/list.go
index fb6931553..3a202a0f9 100644
--- a/test/e2e/suite/plugin/list.go
+++ b/test/e2e/suite/plugin/list.go
@@ -14,6 +14,9 @@
 package plugin
 
 import (
+	"os"
+	"runtime"
+
 	. "github.com/notaryproject/notation/test/e2e/internal/notation"
 	"github.com/notaryproject/notation/test/e2e/internal/utils"
 	. "github.com/onsi/ginkgo/v2"
@@ -37,4 +40,41 @@ var _ = Describe("notation plugin list", func() {
 				MatchKeyWords("ERROR", "<nil>")
 		})
 	})
+
+	It("missing plugin binary", func() {
+		Host(nil, func(notation *utils.ExecOpts, _ *Artifact, vhost *utils.VirtualHost) {
+			// create azure-kv plugin directory
+			pluginDir := vhost.AbsolutePath(NotationDirName, "plugins", "azure-kv")
+			if err := os.MkdirAll(pluginDir, os.ModePerm); err != nil {
+				Fail(err.Error())
+			}
+
+			notation.Exec("plugin", "list").
+				MatchKeyWords("azure-kv").
+				MatchKeyWords("not found")
+		})
+	})
+
+	It("with invalid binary file", func() {
+		Host(nil, func(notation *utils.ExecOpts, _ *Artifact, vhost *utils.VirtualHost) {
+			// create azure-kv plugin directory
+			pluginDir := vhost.AbsolutePath(NotationDirName, "plugins", "azure-kv")
+			if err := os.MkdirAll(pluginDir, os.ModePerm); err != nil {
+				Fail(err.Error())
+			}
+
+			// create invalid plugin binary
+			invalidPluginBinary := vhost.AbsolutePath(NotationDirName, "plugins", "azure-kv", "notation-azure-kv")
+			if runtime.GOOS == "windows" {
+				invalidPluginBinary += ".exe"
+			}
+			if err := os.WriteFile(invalidPluginBinary, []byte("invalid"), 0755); err != nil {
+				Fail(err.Error())
+			}
+
+			notation.Exec("plugin", "list").
+				MatchKeyWords("azure-kv").
+				MatchKeyWords("not executable")
+		})
+	})
 })

From a9e6e1c0952363ce2971efd5c7968d629488f74b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Mar 2025 09:41:31 +0800
Subject: [PATCH 16/35] build(deps): Bump actions/upload-artifact from 4.6.1 to
 4.6.2 (#1237)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4.6.1 to 4.6.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.6.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.3.2 package &amp; prepare for new
upload-artifact release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02"><code>ea165f8</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/685">#685</a>
from salmanmkc/salmanmkc/3-new-upload-artifacts-release</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/08396203c179e13c71b9754ce3472ed71842eec0"><code>0839620</code></a>
Prepare for new release of actions/upload-artifact with new toolkit
cache ver...</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.6.1&new-version=4.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/scorecard.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index f3d4fa7c7..9180a6a38 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -54,7 +54,7 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # tag=v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # tag=v4.6.2
         with:
           name: SARIF file
           path: results.sarif

From fb8cc8b01f0f2bd9a7847b07908822cc1d5f943f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Mar 2025 09:42:12 +0800
Subject: [PATCH 17/35] build(deps): Bump actions/cache from 4.2.2 to 4.2.3
 (#1236)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [actions/cache](https://github.com/actions/cache) from 4.2.2 to
4.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use <code>@​actions/cache</code> 4.0.3 package &amp;
prepare for new release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a>
(SAS tokens for cache entries are now masked in debug logs)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.2.2...v4.2.3">https://github.com/actions/cache/compare/v4.2.2...v4.2.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.2.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in
debug logs for cache entries)</li>
</ul>
<h3>4.2.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.2</li>
</ul>
<h3>4.2.1</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.1</li>
</ul>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up
for improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<h3>4.1.2</h3>
<ul>
<li>Add GitHub Enterprise Cloud instances hostname filters to inform API
endpoint choices - <a
href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li>
<li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a
href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li>
</ul>
<h3>4.1.1</h3>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output - <a
href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li>
</ul>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<h3>4.0.2</h3>
<ul>
<li>Fixed restore <code>fail-on-cache-miss</code> not working.</li>
</ul>
<h3>4.0.1</h3>
<ul>
<li>Updated <code>isGhes</code> check</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/5a3ec84eff668545956fd18022155c47e93e2684"><code>5a3ec84</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1577">#1577</a>
from salmanmkc/salmanmkc/4-test</li>
<li><a
href="https://github.com/actions/cache/commit/7de21022a7b6824c106a9847befcbd8154b45b6a"><code>7de2102</code></a>
Update releases.md</li>
<li><a
href="https://github.com/actions/cache/commit/76d40dd347779762a1c829bbeeda5da4d81ca8c1"><code>76d40dd</code></a>
Update to use the latest version of the cache package to obfuscate the
SAS</li>
<li><a
href="https://github.com/actions/cache/commit/76dd5eb692f606c28d4b7a4ea7cfdffc926ba06a"><code>76dd5eb</code></a>
update cache with main</li>
<li><a
href="https://github.com/actions/cache/commit/8c80c27c5e4498d5675b05fb1eff96a56c593b06"><code>8c80c27</code></a>
new package</li>
<li><a
href="https://github.com/actions/cache/commit/45cfd0e7fffd1869ea4d5bfb54a464d825c1f742"><code>45cfd0e</code></a>
updates</li>
<li><a
href="https://github.com/actions/cache/commit/edd449b9cf39c2a20dc7c3d505ff6dc193c48a02"><code>edd449b</code></a>
updated cache with latest changes</li>
<li><a
href="https://github.com/actions/cache/commit/0576707e373f92196b81695442ed3f80c347f9c7"><code>0576707</code></a>
latest test before pr</li>
<li><a
href="https://github.com/actions/cache/commit/3105dc9754dd9cd935ffcf45c091ed2cadbf42b9"><code>3105dc9</code></a>
update</li>
<li><a
href="https://github.com/actions/cache/commit/9450d42d15022999ad2fa60a8b91f01fc92a0563"><code>9450d42</code></a>
mask</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/d4323d4df104b026a6aa633fdb11d772146be0bf...5a3ec84eff668545956fd18022155c47e93e2684">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.2.2&new-version=4.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 64c1e41fb..6cf5110f8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -38,7 +38,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Cache Go modules
-        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         id: go-mod-cache
         with:
           path: ~/go/pkg/mod

From 453ce4a4260596eb6bb3edf5f0760faaa4bc9688 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Mar 2025 09:42:41 +0800
Subject: [PATCH 18/35] build(deps): Bump github/codeql-action from 3.28.11 to
 3.28.12 (#1235)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.11 to 3.28.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.12</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.12/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/5f8171a638ada777af81d42b55959a643bb29017"><code>5f8171a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2814">#2814</a>
from github/update-v3.28.12-6349095d1</li>
<li><a
href="https://github.com/github/codeql-action/commit/bb59f7707d836b040802dbdf2ad1a16482d319da"><code>bb59f77</code></a>
Update changelog for v3.28.12</li>
<li><a
href="https://github.com/github/codeql-action/commit/6349095d19ec30397ffb02a63b7aa4f867deb563"><code>6349095</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2810">#2810</a>
from github/update-bundle/codeql-bundle-v2.20.7</li>
<li><a
href="https://github.com/github/codeql-action/commit/d7d03fda1241f6b0b3fae460c9f19c6e887158ad"><code>d7d03fd</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/4e3a5342c5e8e627915b9a29b363f49da8c4a32e"><code>4e3a534</code></a>
Update default bundle to codeql-bundle-v2.20.7</li>
<li><a
href="https://github.com/github/codeql-action/commit/55f023701cfc1e7d11ef2ae0c5ec3193dae4fce4"><code>55f0237</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2802">#2802</a>
from github/mbg/dependency-caching/java-buildless</li>
<li><a
href="https://github.com/github/codeql-action/commit/6a151cd77488e58567da1dcf953e7aeeaca4950c"><code>6a151cd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2811">#2811</a>
from github/dependabot/github_actions/actions-c2c311...</li>
<li><a
href="https://github.com/github/codeql-action/commit/7866bcdb1b15b5d5cba0021b87f36d9f6d977156"><code>7866bcd</code></a>
Manually bump workflow to match autogenerated file</li>
<li><a
href="https://github.com/github/codeql-action/commit/611289e0b0ce1f6fc14820f1b72edaed2de4ba2c"><code>611289e</code></a>
build(deps): bump ruby/setup-ruby in the actions group</li>
<li><a
href="https://github.com/github/codeql-action/commit/4c409a5b664afa7d5b12cd8487e310f286487472"><code>4c409a5</code></a>
Remove temporary dependency directory in <code>analyze</code> post
action</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/6bb031afdd8eb862ea3fc1848194185e076637e5...5f8171a638ada777af81d42b55959a643bb29017">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.11&new-version=3.28.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/codeql.yml    | 4 ++--
 .github/workflows/scorecard.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 1c9d512ff..bacfa759d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -49,8 +49,8 @@ jobs:
           go-version: ${{ matrix.go-version }}
           check-latest: true
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/init@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
         with:
           languages: go
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/analyze@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 9180a6a38..b26136a7e 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -61,6 +61,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
+        uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
         with:
           sarif_file: results.sarif

From 18c44336b75009a25351efbc7f741a9b850cc307 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Mar 2025 09:43:21 +0800
Subject: [PATCH 19/35] build(deps): Bump actions/setup-go from 5.3.0 to 5.4.0
 (#1234)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.3.0
to 5.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v5.4.0</h2>
<h2>What's Changed</h2>
<h3>Dependency updates :</h3>
<ul>
<li>Upgrade semver from 7.6.0 to 7.6.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/535">actions/setup-go#535</a></li>
<li>Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/536">actions/setup-go#536</a></li>
<li>Upgrade <code>@​action/cache</code> from 4.0.0 to 4.0.2 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/568">actions/setup-go#568</a></li>
<li>Upgrade undici from 5.28.4 to 5.28.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/541">actions/setup-go#541</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/568">actions/setup-go#568</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v5.4.0">https://github.com/actions/setup-go/compare/v5...v5.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-go/commit/0aaccfd150d50ccaeb58ebd88d36e91967a5f35b"><code>0aaccfd</code></a>
Bump undici from 5.28.4 to 5.28.5 (<a
href="https://redirect.github.com/actions/setup-go/issues/541">#541</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/c4c114188661c0fa735e5b938764519fc6e8efa9"><code>c4c1141</code></a>
upgrade actions/cache to 4.0.2 (<a
href="https://redirect.github.com/actions/setup-go/issues/568">#568</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/5a083d0e9a84784eb32078397cf5459adecb4c40"><code>5a083d0</code></a>
Bump eslint-config-prettier from 8.10.0 to 10.0.1 (<a
href="https://redirect.github.com/actions/setup-go/issues/536">#536</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/1d82324e5352acd1afdae34b93def4fabce6599f"><code>1d82324</code></a>
Bump semver from 7.6.0 to 7.6.3 (<a
href="https://redirect.github.com/actions/setup-go/issues/535">#535</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-go/compare/f111f3307d8850f501ac008e886eec1fd1932a34...0aaccfd150d50ccaeb58ebd88d36e91967a5f35b">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5.3.0&new-version=5.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/build.yml          | 2 +-
 .github/workflows/codeql.yml         | 2 +-
 .github/workflows/release-github.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6cf5110f8..7e6ec8782 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -31,7 +31,7 @@ jobs:
       fail-fast: true
     steps:
       - name: Set up Go ${{ matrix.go-version }}
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: ${{ matrix.go-version }}
           check-latest: true
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index bacfa759d..93a25bbc7 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -44,7 +44,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Go ${{ matrix.go-version }} environment
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: ${{ matrix.go-version }}
           check-latest: true
diff --git a/.github/workflows/release-github.yml b/.github/workflows/release-github.yml
index 8b805f5ce..5351a242e 100644
--- a/.github/workflows/release-github.yml
+++ b/.github/workflows/release-github.yml
@@ -33,7 +33,7 @@ jobs:
       fail-fast: true
     steps:
       - name: Set up Go ${{ matrix.go-version }}
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: ${{ matrix.go-version }}
           check-latest: true

From e77f50df1cb2253fa47af7537d7e655232731c61 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Mar 2025 09:45:42 +0800
Subject: [PATCH 20/35] build(deps): Bump github.com/golang-jwt/jwt/v4 from
 4.5.1 to 4.5.2 in /test/e2e/plugin (#1230)

Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt)
from 4.5.1 to 4.5.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang-jwt/jwt/releases">github.com/golang-jwt/jwt/v4's
releases</a>.</em></p>
<blockquote>
<h2>v4.5.2</h2>
<p>See <a
href="https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp">https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp</a></p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2">https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84"><code>2f0e9ad</code></a>
Backporting 0951d18 to v4</li>
<li>See full diff in <a
href="https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/golang-jwt/jwt/v4&package-manager=go_modules&previous-version=4.5.1&new-version=4.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/notaryproject/notation/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 test/e2e/plugin/go.mod | 2 +-
 test/e2e/plugin/go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/e2e/plugin/go.mod b/test/e2e/plugin/go.mod
index b5fc961d7..24a218b48 100644
--- a/test/e2e/plugin/go.mod
+++ b/test/e2e/plugin/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
 	github.com/go-ldap/ldap/v3 v3.4.10 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/notaryproject/tspclient-go v1.0.0 // indirect
diff --git a/test/e2e/plugin/go.sum b/test/e2e/plugin/go.sum
index a76d57ed3..9bef4c963 100644
--- a/test/e2e/plugin/go.sum
+++ b/test/e2e/plugin/go.sum
@@ -14,8 +14,8 @@ github.com/go-ldap/ldap/v3 v3.4.10 h1:ot/iwPOhfpNVgB1o+AVXljizWZ9JTp7YF5oeyONmcJ
 github.com/go-ldap/ldap/v3 v3.4.10/go.mod h1:JXh4Uxgi40P6E9rdsYqpUtbW46D9UTjJ9QSwGRznplY=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
-github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=

From dba39a0188137cd68451a338cc80ebb4c16bb91b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Mar 2025 09:46:48 +0800
Subject: [PATCH 21/35] build(deps): Bump github.com/onsi/gomega from 1.36.2 to
 1.36.3 in /test/e2e (#1233)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from
1.36.2 to 1.36.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/onsi/gomega/releases">github.com/onsi/gomega's
releases</a>.</em></p>
<blockquote>
<h2>v1.36.3</h2>
<h2>1.36.3</h2>
<h3>Maintenance</h3>
<ul>
<li>bump all the things [adb8b49]</li>
<li>chore: replace <code>interface{}</code> with <code>any</code>
[7613216]</li>
<li>Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (<a
href="https://redirect.github.com/onsi/gomega/issues/822">#822</a>)
[9fe5259]</li>
<li>remove spurious &quot;toolchain&quot; from go.mod (<a
href="https://redirect.github.com/onsi/gomega/issues/819">#819</a>)
[a0e85b9]</li>
<li>Bump golang.org/x/net from 0.33.0 to 0.35.0 (<a
href="https://redirect.github.com/onsi/gomega/issues/823">#823</a>)
[604a8b1]</li>
<li>Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/772">#772</a>)
[36fbc84]</li>
<li>Bump github-pages from 231 to 232 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/778">#778</a>)
[ced70d7]</li>
<li>Bump rexml from 3.2.6 to 3.3.9 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/788">#788</a>)
[c8b4a07]</li>
<li>Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (<a
href="https://redirect.github.com/onsi/gomega/issues/812">#812</a>)
[06431b9]</li>
<li>Bump webrick from 1.8.1 to 1.9.1 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/800">#800</a>)
[b55a92d]</li>
<li>Fix typos (<a
href="https://redirect.github.com/onsi/gomega/issues/813">#813</a>)
[a1d518b]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/onsi/gomega/blob/master/CHANGELOG.md">github.com/onsi/gomega's
changelog</a>.</em></p>
<blockquote>
<h2>1.36.3</h2>
<h3>Maintenance</h3>
<ul>
<li>bump all the things [adb8b49]</li>
<li>chore: replace <code>interface{}</code> with <code>any</code>
[7613216]</li>
<li>Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (<a
href="https://redirect.github.com/onsi/gomega/issues/822">#822</a>)
[9fe5259]</li>
<li>remove spurious &quot;toolchain&quot; from go.mod (<a
href="https://redirect.github.com/onsi/gomega/issues/819">#819</a>)
[a0e85b9]</li>
<li>Bump golang.org/x/net from 0.33.0 to 0.35.0 (<a
href="https://redirect.github.com/onsi/gomega/issues/823">#823</a>)
[604a8b1]</li>
<li>Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/772">#772</a>)
[36fbc84]</li>
<li>Bump github-pages from 231 to 232 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/778">#778</a>)
[ced70d7]</li>
<li>Bump rexml from 3.2.6 to 3.3.9 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/788">#788</a>)
[c8b4a07]</li>
<li>Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (<a
href="https://redirect.github.com/onsi/gomega/issues/812">#812</a>)
[06431b9]</li>
<li>Bump webrick from 1.8.1 to 1.9.1 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/800">#800</a>)
[b55a92d]</li>
<li>Fix typos (<a
href="https://redirect.github.com/onsi/gomega/issues/813">#813</a>)
[a1d518b]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/onsi/gomega/commit/225114336a6717596c44d6b175e826b2f3d4c147"><code>2251143</code></a>
v1.36.3</li>
<li><a
href="https://github.com/onsi/gomega/commit/adb8b4976faa398931a6fb1c5fe17eda7dbe72c7"><code>adb8b49</code></a>
bump all the things</li>
<li><a
href="https://github.com/onsi/gomega/commit/76132163ee4176163a07cef6fedafb19a8a347a8"><code>7613216</code></a>
chore: replace <code>interface{}</code> with <code>any</code></li>
<li><a
href="https://github.com/onsi/gomega/commit/9fe5259f96673cbc44a2984e9a003a5fd2cb7d3a"><code>9fe5259</code></a>
Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (<a
href="https://redirect.github.com/onsi/gomega/issues/822">#822</a>)</li>
<li><a
href="https://github.com/onsi/gomega/commit/a0e85b953834893bcfac18266026076947b38d99"><code>a0e85b9</code></a>
remove spurious &quot;toolchain&quot; from go.mod (<a
href="https://redirect.github.com/onsi/gomega/issues/819">#819</a>)</li>
<li><a
href="https://github.com/onsi/gomega/commit/604a8b1b7b1e9a9876efc90546428594d84289d9"><code>604a8b1</code></a>
Bump golang.org/x/net from 0.33.0 to 0.35.0 (<a
href="https://redirect.github.com/onsi/gomega/issues/823">#823</a>)</li>
<li><a
href="https://github.com/onsi/gomega/commit/36fbc8471a1a2391d40b9b8e561e014b3771255c"><code>36fbc84</code></a>
Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/772">#772</a>)</li>
<li><a
href="https://github.com/onsi/gomega/commit/ced70d75ba48c03934c265b05e31441d728d285b"><code>ced70d7</code></a>
Bump github-pages from 231 to 232 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/778">#778</a>)</li>
<li><a
href="https://github.com/onsi/gomega/commit/c8b4a0765a95c35530e91c773e62db6596e309b6"><code>c8b4a07</code></a>
Bump rexml from 3.2.6 to 3.3.9 in /docs (<a
href="https://redirect.github.com/onsi/gomega/issues/788">#788</a>)</li>
<li><a
href="https://github.com/onsi/gomega/commit/06431b928f0d0dfc1b92f4ecfef5c15dfd2d1ce7"><code>06431b9</code></a>
Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (<a
href="https://redirect.github.com/onsi/gomega/issues/812">#812</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/onsi/gomega/compare/v1.36.2...v1.36.3">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/onsi/gomega&package-manager=go_modules&previous-version=1.36.2&new-version=1.36.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 test/e2e/go.mod | 18 +++++++++---------
 test/e2e/go.sum | 43 ++++++++++++++++++-------------------------
 2 files changed, 27 insertions(+), 34 deletions(-)

diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index aaaf3e2b0..b4381340e 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -1,12 +1,12 @@
 module github.com/notaryproject/notation/test/e2e
 
-go 1.23
+go 1.23.0
 
 require (
 	github.com/notaryproject/notation-core-go v1.2.0
 	github.com/notaryproject/notation-go v1.3.1
-	github.com/onsi/ginkgo/v2 v2.23.0
-	github.com/onsi/gomega v1.36.2
+	github.com/onsi/ginkgo/v2 v2.23.3
+	github.com/onsi/gomega v1.36.3
 	github.com/opencontainers/image-spec v1.1.1
 	oras.land/oras-go/v2 v2.5.0
 )
@@ -15,17 +15,17 @@ require (
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
 	github.com/notaryproject/tspclient-go v1.0.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/veraison/go-cose v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/crypto v0.35.0 // indirect
-	golang.org/x/net v0.36.0 // indirect
-	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
+	golang.org/x/net v0.37.0 // indirect
+	golang.org/x/sync v0.12.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/tools v0.30.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index 3f8573bd1..0bf7b62d7 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -6,8 +6,8 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
 github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/notaryproject/notation-core-go v1.2.0 h1:WElMG9X0YXJhBd0A4VOxLNalTLrTjvqtIAj7JHr5X08=
@@ -16,10 +16,10 @@ github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAy
 github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
 github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1SDX8YNv4Dg4=
 github.com/notaryproject/tspclient-go v1.0.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
-github.com/onsi/ginkgo/v2 v2.23.0 h1:FA1xjp8ieYDzlgS5ABTpdUDB7wtngggONc8a7ku2NqQ=
-github.com/onsi/ginkgo/v2 v2.23.0/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
-github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
-github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
+github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
+github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
+github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
+github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -32,27 +32,20 @@ github.com/veraison/go-cose v1.3.0 h1:2/H5w8kdSpQJyVtIhx8gmwPJ2uSz1PkyWFx0idbd7r
 github.com/veraison/go-cose v1.3.0/go.mod h1:df09OV91aHoQWLmy1KsDdYiagtXgyAwAl8vFeFn1gMc=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
-<<<<<<< HEAD
-golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
-golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
-golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
-golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
-=======
-golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
-golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
-golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
-golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
->>>>>>> 3810ef3 (build(deps): Bump golang.org/x/net from 0.35.0 to 0.36.0 in /test/e2e (#1220))
-golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
-golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
 golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
-google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
-google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

From b89a1e4a10713a01cdb5703ccbb6f6638d11d82c Mon Sep 17 00:00:00 2001
From: Patrick Zheng <patrickzheng@microsoft.com>
Date: Tue, 25 Mar 2025 15:51:46 +0800
Subject: [PATCH 22/35] fix: quick fix on notation cert command help page
 (#1238)

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 cmd/notation/cert/add.go         |  2 +-
 cmd/notation/cert/delete.go      |  2 +-
 cmd/notation/cert/list.go        |  2 +-
 cmd/notation/cert/show.go        |  2 +-
 specs/commandline/certificate.md | 30 ++++++++++++++++++------------
 5 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/cmd/notation/cert/add.go b/cmd/notation/cert/add.go
index c4d489d31..ce4f4f00c 100644
--- a/cmd/notation/cert/add.go
+++ b/cmd/notation/cert/add.go
@@ -56,7 +56,7 @@ Example - Add a certificate to the "tsa" type of a named store "timestamp":
 			return addCerts(opts)
 		},
 	}
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	command.MarkFlagRequired("type")
 	command.MarkFlagRequired("store")
diff --git a/cmd/notation/cert/delete.go b/cmd/notation/cert/delete.go
index 044f240c0..2849d4906 100644
--- a/cmd/notation/cert/delete.go
+++ b/cmd/notation/cert/delete.go
@@ -67,7 +67,7 @@ Example - Delete certificate "wabbit-networks-timestamp.pem" with "tsa" type fro
 			return deleteCerts(opts)
 		},
 	}
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	command.Flags().BoolVarP(&opts.all, "all", "a", false, "delete all certificates in the named store")
 	command.Flags().BoolVarP(&opts.confirmed, "yes", "y", false, "do not prompt for confirmation")
diff --git a/cmd/notation/cert/list.go b/cmd/notation/cert/list.go
index 6321ff7b8..aeb145979 100644
--- a/cmd/notation/cert/list.go
+++ b/cmd/notation/cert/list.go
@@ -63,7 +63,7 @@ Example - List all certificate files from trust store of type "tsa"
 		},
 	}
 	opts.LoggingFlagOpts.ApplyFlags(command.Flags())
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	return command
 }
diff --git a/cmd/notation/cert/show.go b/cmd/notation/cert/show.go
index cc0ff1464..92f606e23 100644
--- a/cmd/notation/cert/show.go
+++ b/cmd/notation/cert/show.go
@@ -66,7 +66,7 @@ Example - Show details of certificate "wabbit-networks-timestamp.pem" with type
 		},
 	}
 	opts.LoggingFlagOpts.ApplyFlags(command.Flags())
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	command.MarkFlagRequired("type")
 	command.MarkFlagRequired("store")
diff --git a/specs/commandline/certificate.md b/specs/commandline/certificate.md
index 2822d79e0..2d5167f4e 100644
--- a/specs/commandline/certificate.md
+++ b/specs/commandline/certificate.md
@@ -4,10 +4,11 @@
 
 Use ```notation certificate``` command to add/list/delete certificates in notation's trust store. Updating an existing certificate is not allowed since the thumbprint will be inconsistent, which results in a new certificate.
 
-The trust store is in the format of a directory in the filesystem as`x509/<type>/<name>/*.crt|*.cer|*.pem`. Currently two types of trust store are supported:
+The trust store is in the format of a directory in the filesystem as`x509/<type>/<name>/*.crt|*.cer|*.pem`. Currently three types of trust store are supported:
 
-* `Certificate Authority`: The directory name is `ca`.
+* `Certificate Authority`: The directory name is `ca`
 * `Signing Authority`: The directory name is `signingAuthority`
+* `Timestamping Authority`: The directory name is `tsa`
 
 There could be more trust store types introduced in the future.
 
@@ -26,9 +27,13 @@ $XDG_CONFIG_HOME/notation/truststore
         /signingAuthority
             /wabbit-networks
                 cert3.crt
+
+        /tsa
+            /trusted-tsa
+                tsa.crt
 ```
 
-In this example, there are two certificates stored in trust store named `acme-rockets` of type `ca`. There is one certificate stored in trust store named `wabbit-networks` of type `signingAuthority`.
+In this example, there are two certificates stored in trust store named `acme-rockets` of type `ca`. There is one certificate stored in trust store named `wabbit-networks` of type `signingAuthority`. And there is one certificate stored in trust store named `trusted-tsa` of type `tsa`.
 
 ## Outline
 
@@ -65,7 +70,7 @@ Usage:
 Flags:
   -h, --help           help for add
   -s, --store string   specify named store
-  -t, --type string    specify trust store type, options: ca, signingAuthority
+  -t, --type string    specify trust store type, options: ca, signingAuthority, tsa
 ```
 
 ### notation certificate list
@@ -83,7 +88,7 @@ Flags:
   -d, --debug          debug mode
   -h, --help           help for list
   -s, --store string   specify named store
-  -t, --type string    specify trust store type, options: ca, signingAuthority
+  -t, --type string    specify trust store type, options: ca, signingAuthority, tsa
   -v, --verbose        verbose mode
 ```
 
@@ -99,7 +104,7 @@ Flags:
   -d, --debug          debug mode
   -h, --help           help for show
   -s, --store string   specify named store
-  -t, --type string    specify trust store type, options: ca, signingAuthority
+  -t, --type string    specify trust store type, options: ca, signingAuthority, tsa
   -v, --verbose        verbose mode
 ```
 
@@ -115,7 +120,7 @@ Flags:
   -a, --all            delete all certificates in the named store
   -h, --help           help for delete
   -s, --store string   specify named store
-  -t, --type string    specify trust store type, options: ca, signingAuthority
+  -t, --type string    specify trust store type, options: ca, signingAuthority, tsa
   -y, --yes            do not prompt for confirmation
 ```
 
@@ -155,11 +160,12 @@ Upon successful listing, all the certificate files in the trust store are printe
 
 An example of the output:
 ```
-STORE TYPE         STORE NAME   CERTIFICATE   
-ca                 myStore1     cert1.pem    
-ca                 myStore2     cert2.crt       
-signingAuthority   myStore1     cert3.crt    
+STORE TYPE         STORE NAME   CERTIFICATE
+ca                 myStore1     cert1.pem
+ca                 myStore2     cert2.crt
+signingAuthority   myStore1     cert3.crt
 signingAuthority   myStore2     cert4.pem
+tsa                myTSA        tsa.crt
 ```
 ### List all certificate files of a certain named store
 
@@ -219,7 +225,7 @@ notation certificate delete --type <type> --store <name> <cert_fileName>
 A prompt is displayed, asking the user to confirm the deletion. Upon successful deletion, the specific certificate is deleted from the trust store named `<name>` of type `<type>`. The output message is printed out as following:
 
 ```text
-Successfully deleted <cert_fileName> from the trust store. 
+Successfully deleted <cert_fileName> from the trust store.
 ```
 
 If users execute the deletion without specifying required flags using `notation cert delete <cert_fileName>`, the deletion fails and the error output message is printed out as follows:

From 8e83de2ea0ce5af93e532f723542f57e2dc8528a Mon Sep 17 00:00:00 2001
From: 7h3-3mp7y-m4n <115151332+7h3-3mp7y-m4n@users.noreply.github.com>
Date: Thu, 27 Mar 2025 08:17:58 +0530
Subject: [PATCH 23/35] docs: add contributing guide link to README.md (#1225)

Signed-off-by: 7h3-3mp7y-m4n <emailtorash@gmail.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index c50e9f564..411437c8f 100644
--- a/README.md
+++ b/README.md
@@ -37,6 +37,7 @@ Notary Project is a [CNCF Incubating project](https://www.cncf.io/projects/notar
 - [Build Notation from source code](/building.md)
 - [Governance for Notary Project](https://github.com/notaryproject/.github/blob/master/GOVERNANCE.md)
 - [Maintainers and reviewers list](https://github.com/notaryproject/notation/blob/main/CODEOWNERS)
+- [Contributing Guide](https://github.com/notaryproject/.github/blob/main/CONTRIBUTING.md)
 - Regular conversations for Notary Project occur on the [Cloud Native Computing Slack](https://slack.cncf.io/) **notary-project** channel.
 
 ### Notary Project Community Meeting

From 31e4c3c3724797f9112326c8d9df24e742bf0971 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Apr 2025 14:36:58 +0800
Subject: [PATCH 24/35] build(deps): Bump goreleaser/goreleaser-action from
 6.2.1 to 6.3.0 (#1246)

Bumps
[goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action)
from 6.2.1 to 6.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/goreleaser-action/releases">goreleaser/goreleaser-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.0</h2>
<ul>
<li>Bump undici from 5.28.3 to 5.28.5 in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/488">goreleaser/goreleaser-action#488</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v6.2.1...v6.3.0">https://github.com/goreleaser/goreleaser-action/compare/v6.2.1...v6.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/9c156ee8a17a598857849441385a2041ef570552"><code>9c156ee</code></a>
ci: update bake-action to v6 (<a
href="https://redirect.github.com/goreleaser/goreleaser-action/issues/493">#493</a>)</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/73c477b761d5297c48d48a8b24794d7c6c0ffd3c"><code>73c477b</code></a>
chore(deps): bump undici from 5.28.3 to 5.28.5 (<a
href="https://redirect.github.com/goreleaser/goreleaser-action/issues/488">#488</a>)</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/19c00a97d67392d1893d10aa43b8a71f51715cf9"><code>19c00a9</code></a>
chore(deps): bump codecov/codecov-action from 4 to 5 (<a
href="https://redirect.github.com/goreleaser/goreleaser-action/issues/481">#481</a>)</li>
<li>See full diff in <a
href="https://github.com/goreleaser/goreleaser-action/compare/90a3faa9d0182683851fbfa97ca1a2cb983bfca3...9c156ee8a17a598857849441385a2041ef570552">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=goreleaser/goreleaser-action&package-manager=github_actions&previous-version=6.2.1&new-version=6.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/release-github.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-github.yml b/.github/workflows/release-github.yml
index 5351a242e..502e07945 100644
--- a/.github/workflows/release-github.yml
+++ b/.github/workflows/release-github.yml
@@ -46,7 +46,7 @@ jobs:
           pre_tag=`git tag --sort=-creatordate --list 'v*' | grep -v dev | head -2 | tail -1`
           echo "GORELEASER_PREVIOUS_TAG=$pre_tag" >> $GITHUB_ENV
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
+        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
         with:
           distribution: goreleaser
           version: v2

From b31db0dad9fa63aa2b4f9cf6416de65b5b18fdf8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Apr 2025 14:37:26 +0800
Subject: [PATCH 25/35] build(deps): Bump github/codeql-action from 3.28.12 to
 3.28.13 (#1245)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.12 to 3.28.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.13</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.13/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/1b549b9259bda1cb5ddde3b41741a82a2d15a841"><code>1b549b9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2819">#2819</a>
from github/update-v3.28.13-e0ea14102</li>
<li><a
href="https://github.com/github/codeql-action/commit/82630c85f38b5b7c2c9cc279f06af77a080fba19"><code>82630c8</code></a>
Update changelog for v3.28.13</li>
<li><a
href="https://github.com/github/codeql-action/commit/e0ea141027937784e3c10ed1679e503fcc2245bc"><code>e0ea141</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2818">#2818</a>
from github/cklin/empty-pr-diff-range</li>
<li><a
href="https://github.com/github/codeql-action/commit/b361a915088c90790a0c458a63a4b63108a9ab0a"><code>b361a91</code></a>
Diff-informed analysis: fix empty PR handling</li>
<li><a
href="https://github.com/github/codeql-action/commit/bd1d9ab4eda903e1b5caa241368836575c6c476b"><code>bd1d9ab</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2816">#2816</a>
from github/cklin/overlay-file-list</li>
<li><a
href="https://github.com/github/codeql-action/commit/b98ae6ca52694a727f4a03c9bf7a52df66492f23"><code>b98ae6c</code></a>
Add overlay-database-utils tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/9825184a0aec625d59c8e5bcc122734a77e38e7b"><code>9825184</code></a>
Add getFileOidsUnderPath() tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/ac67cffe5c20e84b598930c8453336a7404b2786"><code>ac67cff</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2817">#2817</a>
from github/cklin/default-setup-diff-informed</li>
<li><a
href="https://github.com/github/codeql-action/commit/9c674ba4f548f8b6a6f1a7990756e80453894f56"><code>9c674ba</code></a>
build: refresh js files</li>
<li><a
href="https://github.com/github/codeql-action/commit/d109dd5d333ab79c34032e0443e15643c347e966"><code>d109dd5</code></a>
Detect PR branches for Default Setup</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/5f8171a638ada777af81d42b55959a643bb29017...1b549b9259bda1cb5ddde3b41741a82a2d15a841">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.12&new-version=3.28.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/codeql.yml    | 4 ++--
 .github/workflows/scorecard.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 93a25bbc7..7e37cc381 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -49,8 +49,8 @@ jobs:
           go-version: ${{ matrix.go-version }}
           check-latest: true
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
+        uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
         with:
           languages: go
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
+        uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index b26136a7e..f16a5655b 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -61,6 +61,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
         with:
           sarif_file: results.sarif

From 1ff788e20e08abc6328799cf71c5402627ea94ae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Apr 2025 16:31:40 +0800
Subject: [PATCH 26/35] build(deps): Bump github.com/onsi/gomega from 1.36.3 to
 1.37.0 in /test/e2e (#1253)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from
1.36.3 to 1.37.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/onsi/gomega/releases">github.com/onsi/gomega's
releases</a>.</em></p>
<blockquote>
<h2>v1.37.0</h2>
<h2>1.37.0</h2>
<h3>Features</h3>
<ul>
<li>add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/onsi/gomega/blob/master/CHANGELOG.md">github.com/onsi/gomega's
changelog</a>.</em></p>
<blockquote>
<h2>1.37.0</h2>
<h3>Features</h3>
<ul>
<li>add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/onsi/gomega/commit/272fca36eaadaa0b1823f1bc921c064a3ed3ea64"><code>272fca3</code></a>
v1.37.0</li>
<li><a
href="https://github.com/onsi/gomega/commit/5666f9849930396120c41ef1fbb9cd7dc605bd43"><code>5666f98</code></a>
add To/ToNot/NotTo aliases for AsyncAssertion</li>
<li>See full diff in <a
href="https://github.com/onsi/gomega/compare/v1.36.3...v1.37.0">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/onsi/gomega&package-manager=go_modules&previous-version=1.36.3&new-version=1.37.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 test/e2e/go.mod | 2 +-
 test/e2e/go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index b4381340e..ec044e5b3 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/notaryproject/notation-core-go v1.2.0
 	github.com/notaryproject/notation-go v1.3.1
 	github.com/onsi/ginkgo/v2 v2.23.3
-	github.com/onsi/gomega v1.36.3
+	github.com/onsi/gomega v1.37.0
 	github.com/opencontainers/image-spec v1.1.1
 	oras.land/oras-go/v2 v2.5.0
 )
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index 0bf7b62d7..2e369d92d 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -18,8 +18,8 @@ github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1
 github.com/notaryproject/tspclient-go v1.0.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
 github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
 github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
-github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
-github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
+github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
+github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=

From e8ba10228ecacf0fdfb7dbe0d7ea88437a3692dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Apr 2025 16:33:02 +0800
Subject: [PATCH 27/35] build(deps): Bump golang.org/x/term from 0.30.0 to
 0.31.0 (#1251)

Bumps [golang.org/x/term](https://github.com/golang/term) from 0.30.0 to
0.31.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/term/commit/5d2308b09df8e012ed012f73c878253d901b7f56"><code>5d2308b</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/term/commit/e770dddbf5e3084c939760c50ca84c1adee9c4c4"><code>e770ddd</code></a>
x/term: disabling auto-completion around GetPassword()</li>
<li>See full diff in <a
href="https://github.com/golang/term/compare/v0.30.0...v0.31.0">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/term&package-manager=go_modules&previous-version=0.30.0&new-version=0.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index dae53a6ff..d998375d5 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
-	golang.org/x/term v0.30.0
+	golang.org/x/term v0.31.0
 	oras.land/oras-go/v2 v2.5.0
 )
 
@@ -29,5 +29,5 @@ require (
 	golang.org/x/crypto v0.33.0 // indirect
 	golang.org/x/mod v0.23.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 89281e265..a7fd1a327 100644
--- a/go.sum
+++ b/go.sum
@@ -124,8 +124,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -135,8 +135,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=

From 34407278020b297a081099b4fcfdf785a3d4f1f0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Apr 2025 16:33:36 +0800
Subject: [PATCH 28/35] build(deps): Bump github/codeql-action from 3.28.13 to
 3.28.14 (#1250)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.13 to 3.28.14.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.14</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.14/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2"><code>fc7e4a0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2844">#2844</a>
from github/update-v3.28.14-362ef4ce2</li>
<li><a
href="https://github.com/github/codeql-action/commit/be0175c800fe14dd962aaa2c97f55371f6f95b35"><code>be0175c</code></a>
Update changelog for v3.28.14</li>
<li><a
href="https://github.com/github/codeql-action/commit/362ef4ce205154842cd1d34794abd82bb8f12cd5"><code>362ef4c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2838">#2838</a>
from github/update-bundle/codeql-bundle-v2.21.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/2b85c00718b8a4d8e9928961ea3cf0437450e643"><code>2b85c00</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.21.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/41aa4376380d34f89f93b8f2f92bb9d3b5723154"><code>41aa437</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2841">#2841</a>
from github/angelapwen/log-init-post-telemetry</li>
<li><a
href="https://github.com/github/codeql-action/commit/92864f48b0dea860caaa9bba99727700e0b4fd3d"><code>92864f4</code></a>
Add logs around status report telemetry in <code>init-post</code>
step</li>
<li><a
href="https://github.com/github/codeql-action/commit/e13fe0dd2d51f2b63b05fee9b9cda14b2050f678"><code>e13fe0d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2833">#2833</a>
from github/NlightNFotis/reclassify_upload_sarif_issues</li>
<li><a
href="https://github.com/github/codeql-action/commit/06703ce3e5d16d2ba1159d8ef76d0bc95d3bed97"><code>06703ce</code></a>
Merge branch 'main' into
NlightNFotis/reclassify_upload_sarif_issues</li>
<li><a
href="https://github.com/github/codeql-action/commit/676a422916fb4b124d13126326cd03f440e112d6"><code>676a422</code></a>
review-comments: nest validateSariFileSchema into try-catch block to
better d...</li>
<li><a
href="https://github.com/github/codeql-action/commit/498c7f37e85d2d0fe6bac32a3c71708870a27bee"><code>498c7f3</code></a>
review-comments: unwrap error in upload-sarif-action and re-classify as
Confi...</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/1b549b9259bda1cb5ddde3b41741a82a2d15a841...fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.13&new-version=3.28.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/codeql.yml    | 4 ++--
 .github/workflows/scorecard.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 7e37cc381..7cf6f90a1 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -49,8 +49,8 @@ jobs:
           go-version: ${{ matrix.go-version }}
           check-latest: true
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+        uses: github/codeql-action/init@fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2 # v3.28.14
         with:
           languages: go
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+        uses: github/codeql-action/analyze@fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2 # v3.28.14
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index f16a5655b..e36ba92df 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -61,6 +61,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+        uses: github/codeql-action/upload-sarif@fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2 # v3.28.14
         with:
           sarif_file: results.sarif

From 6bb6985645cc3789755a11a7b21e29005420e26f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Apr 2025 10:13:02 +0800
Subject: [PATCH 29/35] build(deps): Bump github/codeql-action from 3.28.14 to
 3.28.15 (#1257)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.14 to 3.28.15.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.15</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.15/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li>
</ul>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/45775bd8235c68ba998cffa5171334d58593da47"><code>45775bd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2854">#2854</a>
from github/update-v3.28.15-a35ae8c38</li>
<li><a
href="https://github.com/github/codeql-action/commit/dd78aab4078b17a672a66d6a80a990beb672ede1"><code>dd78aab</code></a>
Update CHANGELOG.md with bug fix details</li>
<li><a
href="https://github.com/github/codeql-action/commit/e40af591743761de70080085b4e6ce37f7f6e657"><code>e40af59</code></a>
Update changelog for v3.28.15</li>
<li><a
href="https://github.com/github/codeql-action/commit/a35ae8c380fa35365cd546f9a397a46f60dd82cf"><code>a35ae8c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2843">#2843</a>
from github/cklin/diff-informed-compat</li>
<li><a
href="https://github.com/github/codeql-action/commit/bb59df6c174a91d88eec1c48f2ab0ef7b5f96e99"><code>bb59df6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2842">#2842</a>
from github/henrymercer/zip64</li>
<li><a
href="https://github.com/github/codeql-action/commit/4b508f59648bef88ef72c74f1ffff531fda55ea8"><code>4b508f5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2845">#2845</a>
from github/mergeback/v3.28.14-to-main-fc7e4a0f</li>
<li><a
href="https://github.com/github/codeql-action/commit/ca00afb5f1457cf1c85da6cda07d73e720ff061a"><code>ca00afb</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/2969c78ce0262bf75658058604498d2b4bdb0b9b"><code>2969c78</code></a>
Update changelog and version after v3.28.14</li>
<li><a
href="https://github.com/github/codeql-action/commit/a8be43c24e13329b9e2174ec1941e06e03636dcc"><code>a8be43c</code></a>
Don't throw error for ENOENT</li>
<li><a
href="https://github.com/github/codeql-action/commit/94102d99b09e7d264feadfa60efe4c3f0912c7ce"><code>94102d9</code></a>
Set checkPresence in diff-range data extension</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2...45775bd8235c68ba998cffa5171334d58593da47">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.14&new-version=3.28.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/codeql.yml    | 4 ++--
 .github/workflows/scorecard.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 7cf6f90a1..07ba6433f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -49,8 +49,8 @@ jobs:
           go-version: ${{ matrix.go-version }}
           check-latest: true
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2 # v3.28.14
+        uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
         with:
           languages: go
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2 # v3.28.14
+        uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index e36ba92df..53022d38e 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -61,6 +61,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2 # v3.28.14
+        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
         with:
           sarif_file: results.sarif

From fe84fd638e196811f5efdbdb1e5a2f87388590e3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Apr 2025 10:14:02 +0800
Subject: [PATCH 30/35] build(deps): Bump github.com/onsi/ginkgo/v2 from 2.23.3
 to 2.23.4 in /test/e2e (#1252)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from
2.23.3 to 2.23.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/onsi/ginkgo/releases">github.com/onsi/ginkgo/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.23.4</h2>
<h2>2.23.4</h2>
<p>Prior to this release Ginkgo would compute the incorrect number of
available CPUs when running with <code>-p</code> in a linux container.
Thanks to <a href="https://github.com/emirot"><code>@​emirot</code></a>
for the fix!</p>
<h3>Features</h3>
<ul>
<li>Add automaxprocs for using CPUQuota [2b9c428]</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>clarify gotchas about -vet flag [1f59d07]</li>
</ul>
<h3>Maintenance</h3>
<ul>
<li>bump dependencies [2d134d5]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md">github.com/onsi/ginkgo/v2's
changelog</a>.</em></p>
<blockquote>
<h2>2.23.4</h2>
<p>Prior to this release Ginkgo would compute the incorrect number of
available CPUs when running with <code>-p</code> in a linux container.
Thanks to <a href="https://github.com/emirot"><code>@​emirot</code></a>
for the fix!</p>
<h3>Features</h3>
<ul>
<li>Add automaxprocs for using CPUQuota [2b9c428]</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>clarify gotchas about -vet flag [1f59d07]</li>
</ul>
<h3>Maintenance</h3>
<ul>
<li>bump dependencies [2d134d5]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/onsi/ginkgo/commit/229c981695287ab276697dd0742193b16d0c41bc"><code>229c981</code></a>
v2.23.4</li>
<li><a
href="https://github.com/onsi/ginkgo/commit/2d134d5a00082cffef4c0154eb712d8327843255"><code>2d134d5</code></a>
bump dependencies</li>
<li><a
href="https://github.com/onsi/ginkgo/commit/2b9c428b6a2163982925b0ad6c34033804d92c6f"><code>2b9c428</code></a>
Add automaxprocs for using CPUQuota</li>
<li><a
href="https://github.com/onsi/ginkgo/commit/31137deb8a5d908435ceba986ca3952aad501580"><code>31137de</code></a>
Revert &quot;Add automaxprocs to automatically match the linux container
CPU Quota&quot;</li>
<li><a
href="https://github.com/onsi/ginkgo/commit/91b11b8b8165fba757fc296d23c71fdf7e9f4005"><code>91b11b8</code></a>
Add automaxprocs to automatically match the linux container CPU
Quota</li>
<li><a
href="https://github.com/onsi/ginkgo/commit/cdfddb645cdc9da226fa795560e7caea076d3a0e"><code>cdfddb6</code></a>
maybe escape quotes when you put them in a quoted string.</li>
<li><a
href="https://github.com/onsi/ginkgo/commit/1f59d0771133cb4c70349ee9290668c3d23b40d2"><code>1f59d07</code></a>
clarify gotchas about -vet flag</li>
<li><a
href="https://github.com/onsi/ginkgo/commit/7ab7d10a554fd2949638cbdb45ad7811a1f6c13a"><code>7ab7d10</code></a>
bump all the things</li>
<li>See full diff in <a
href="https://github.com/onsi/ginkgo/compare/v2.23.3...v2.23.4">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/onsi/ginkgo/v2&package-manager=go_modules&previous-version=2.23.3&new-version=2.23.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 test/e2e/go.mod | 12 +++++++++---
 test/e2e/go.sum | 32 +++++++++++++++++++++++++++-----
 2 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index ec044e5b3..10f452f3e 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -5,7 +5,7 @@ go 1.23.0
 require (
 	github.com/notaryproject/notation-core-go v1.2.0
 	github.com/notaryproject/notation-go v1.3.1
-	github.com/onsi/ginkgo/v2 v2.23.3
+	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
 	github.com/opencontainers/image-spec v1.1.1
 	oras.land/oras-go/v2 v2.5.0
@@ -16,17 +16,23 @@ require (
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
+<<<<<<< HEAD
 	github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
 	github.com/notaryproject/tspclient-go v1.0.0 // indirect
+=======
+	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
+	github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 // indirect
+>>>>>>> 2af2853 (build(deps): Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 in /test/e2e (#1252))
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/veraison/go-cose v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
+	go.uber.org/automaxprocs v1.6.0 // indirect
 	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/net v0.37.0 // indirect
 	golang.org/x/sync v0.12.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/tools v0.30.0 // indirect
+	golang.org/x/tools v0.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index 2e369d92d..e5ff9ced4 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -8,6 +8,7 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+<<<<<<< HEAD
 github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
 github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/notaryproject/notation-core-go v1.2.0 h1:WElMG9X0YXJhBd0A4VOxLNalTLrTjvqtIAj7JHr5X08=
@@ -18,6 +19,22 @@ github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1
 github.com/notaryproject/tspclient-go v1.0.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
 github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
 github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
+=======
+github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
+github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/notaryproject/notation-core-go v1.2.1-0.20250325094510-4d7353253409 h1:UakQ5ASMDmDVWyRvVnl2h5ecjABvakCIJmJQgGsio/E=
+github.com/notaryproject/notation-core-go v1.2.1-0.20250325094510-4d7353253409/go.mod h1:w2jtfaWSn3w+x86o2AaWiImyXH18+u2ohLVaHW1tAs8=
+github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250325093958-3bd0ac92b2ba h1:UlkFxK3IUPoV9OHyEV6Z6qzVJSgTPavE1fwnMIc1WsI=
+github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250325093958-3bd0ac92b2ba/go.mod h1:M2qB0+yI2KlpdBo66ZfSti3jvCVYYS+jIsdaj8M2fac=
+github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 h1:Ay72jBeHKqBFk6TbJWywfwzefN3Ei7Py2OzCiWU/7nk=
+github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01/go.mod h1:3ZJPmpmdwufY23BkS+JPNktOVb5DXJ8Ik5zxvN7h670=
+github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
+github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
+>>>>>>> 2af2853 (build(deps): Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 in /test/e2e (#1252))
 github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
 github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -26,28 +43,33 @@ github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJw
 github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
+github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/veraison/go-cose v1.3.0 h1:2/H5w8kdSpQJyVtIhx8gmwPJ2uSz1PkyWFx0idbd7rk=
 github.com/veraison/go-cose v1.3.0/go.mod h1:df09OV91aHoQWLmy1KsDdYiagtXgyAwAl8vFeFn1gMc=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
+go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
 golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
 golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
-golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
-golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
+golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
+golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
 google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
 google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c=

From e0a8964e6589449f2a4af736189808cd404497f0 Mon Sep 17 00:00:00 2001
From: Junjie Gao <junjiegao@microsoft.com>
Date: Tue, 15 Apr 2025 12:58:16 +0800
Subject: [PATCH 31/35] fix: E2E test data identified as malicious file by
 antivirus software (#1255)

Fix:
- encode the original `zip_bomb.zip` file as `zip_bomb.zip.base64`, and
decode the file on the fly to avoid it being identified as a malicious
file.

---------

Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 test/e2e/suite/plugin/install.go              |  21 +++++++++++++++++-
 .../testdata/malicious-plugin/zip_bomb.zip    | Bin 42374 -> 0 bytes
 .../malicious-plugin/zip_bomb.zip.base64      |   1 +
 3 files changed, 21 insertions(+), 1 deletion(-)
 delete mode 100644 test/e2e/testdata/malicious-plugin/zip_bomb.zip
 create mode 100644 test/e2e/testdata/malicious-plugin/zip_bomb.zip.base64

diff --git a/test/e2e/suite/plugin/install.go b/test/e2e/suite/plugin/install.go
index 746babf6a..66e828522 100644
--- a/test/e2e/suite/plugin/install.go
+++ b/test/e2e/suite/plugin/install.go
@@ -14,6 +14,9 @@
 package plugin
 
 import (
+	"encoding/base64"
+	"fmt"
+	"os"
 	"path/filepath"
 
 	. "github.com/notaryproject/notation/test/e2e/internal/notation"
@@ -78,7 +81,23 @@ var _ = Describe("notation plugin install", func() {
 
 	It("with zip bomb total file size exceeds 256 MiB size limit", func() {
 		Host(nil, func(notation *utils.ExecOpts, _ *Artifact, vhost *utils.VirtualHost) {
-			notation.ExpectFailure().Exec("plugin", "install", "--file", filepath.Join(NotationE2EMaliciousPluginArchivePath, "zip_bomb.zip"), "-v").
+			encodedFilePath := filepath.Join(NotationE2EMaliciousPluginArchivePath, "zip_bomb.zip.base64")
+			encoded, err := os.ReadFile(encodedFilePath)
+			if err != nil {
+				Fail(fmt.Sprintf("failed to read file %s: %v", encodedFilePath, err))
+			}
+			// decode base64
+			decoded, err := base64.StdEncoding.DecodeString(string(encoded))
+			if err != nil {
+				Fail(fmt.Sprintf("failed to decode file %s: %v", encodedFilePath, err))
+			}
+			targetPath := vhost.AbsolutePath(NotationDirName, "zip_bomb.zip")
+			err = os.WriteFile(targetPath, decoded, 0644)
+			if err != nil {
+				Fail(fmt.Sprintf("failed to write file %s: %v", targetPath, err))
+			}
+
+			notation.ExpectFailure().Exec("plugin", "install", "--file", targetPath, "-v").
 				MatchErrContent("Error: plugin installation failed: total file size reached the 256 MiB size limit\n")
 		})
 	})
diff --git a/test/e2e/testdata/malicious-plugin/zip_bomb.zip b/test/e2e/testdata/malicious-plugin/zip_bomb.zip
deleted file mode 100644
index b4d00682f287342d9afab1d70c03075d9a48eed1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 42374
zcmeI*>35B17Y6WiM2ZqqVitAUYE2~(391z*A|WJ^Nd{96shX!!%1fODZwwVm+D56K
z)?85~rKZ+VltyZ%R9h!ngruZ3)%fmvdG58>yZ8PRp7?Ud`hCdSAFgXH&dSxNmsdqU
zi^Wpe^697^-VajZujamOu?)<Jwp!tD11!&3E<Wk=e`acnzFo$H2{lZhU{boYm=+DD
zsbSg)X3F_<y<32>8YW0EUFHUOd4nk)^7Q9vFPMtMV>)>zSuEchCRi}dk3T%W2h1wN
zgb1ci*2;c)U}hVpgJ3d_=B7*nGt@901!D`dUycJ4X_!ueSv00B<P|W@4PzI~3wQ1n
zR{>MSFkymOb723`KPOr&*9JemPdCB*(IBpy8%&{L!UeNse!-*_U^W`2yI``@?*zO9
z<~_qi2xfboq2Wnj#uz42FpIp3(gMN68m5O}j;5{e>;opiFg*oxZOo-NO5U<qY8fU<
zFgxFEz5D=}za3BS(@QY9_k$L=z??KpZ^7(tv-#WUU<wQqEtuiQ`)8+u$u&%jV0>on
zJs%9_ZNtP0=E9e)2iF3VY?wZR`S@|2_sS+%EFBFKCzzL;jfgl5rh#GN1+#XpcgSim
z_tT%=CqXb5(?j<-!Te&FM8WKIT?iWhX18II1e5*Ms_#32Sz(yIf*CPBdO;m9GYpd~
znB%R={maK&EQ1V_BAD9unhz=h)73Dkg2~&MTD%^N%`j<}rk3AH)@?m~=c8F*tY9jr
zJPZ)f<|n>01_AO6GEks^s;%tV`Bgw}joJyQe%oCobpW|E3KGz)tsSb}9A~jOHEJ)Q
zzYiv!DFo!uC|E#~CX7s31IVsXh=3wKZZ^~j$fi*T0aY7ZeOP}$R*gCeXxY`KIUN9b
z1{!zjB%t|oBK>Ova%*H4(51FnpO=k=J82Xqps-<0dmIAf)To<)wmb69eh$c?QMiCw
zO^zQm1CU*#?gHAqx!d+sKsJpc1oVCSgJ$gkSv86jP=$LbpVt878DQM0hk$CQcBpY}
z4BSbho&t*LQ|HSAfLt0y3CLbGY{#d7oEr5KP=ld|rc49m(5Sb7)^2{B+!v5tqi6w@
z9rO7r5Rgry7y<cR-&tM_kX55t0ev#N*H2eQ!=3sYcj_ac-><wKwhxe7qc{P%-}m}q
z1t6D3@d9dgrg+^HKu(Pk1oS9x+VBKG4vi88RKfdba2r5&jgkaZcT%>k3Lu+CeFd~P
zE8)T)qu@>&B@5`ok6xeh9UxCX<4!38^6h<P{W3sqjZy`a*lFRJNq}4$Nts!9`?{1q
zfSd*jlrr;_J=oR?kV7LWGaIgL=zIo{T_Y(oXFPfJCC^B>lSWczwrl%A>TW<*jik&x
z?>}_rhk!h3Pwx~cW#+^+UvHfN$gPo-nScIt#wQw(OCu>Wht9uwx;Y@HMp9-L7MD-)
z0_4z0%FG$X|MC581l&m@DKkTD4O;I2WYb8>%x7PJv1lnEt4300ZpbN%8w<#jYTQZ6
z%+<r{7DoYcYb0gnw*Nl=pcx>SMp9;$9uBx*0p!$3%FNw6_on|c9PXr%l$qa*Pingj
zkX<7wGqW;_r!59#(@4t9Ltifq9tFs%k(8O6LN*0Q0`jC7cak!*YQ;I>&jWI6BxUCO
zm~$5%4TC#rBxPppm-~158IV&WDKp>yV1DLSKn{(h%=~Lg_D2f=*)@_fGs70NWH=z3
zMp9;;xKm|pI3TM=Qf4mM-Z=0%K%QjdPEuwzJLO(-|4q1)Mp9-TC_P{KG$5BoQfB)7
zFssXEKu(RM%#1la<cs-$92!ZP+0<v!hM|D$8cCVCG-7bF9gs~UDKl>de)Vf(Kvn~_
zlQMInWlW8`L*Y(+pWdmRl$jf54{v<}kXs`uGdI<+|C<lUrID1GyPNzwD;tngBPlc6
zd^93*2q1?>Qf3aC9#EkRAiG9VW^VL3u&Dtcn?_P*hBV&T=hho=Cyk`ce5=v$w4;DL
zNyeR|%-k?JztaXlZjGeOta))rh1q~y8cCV?Nv*=0>42OXNtyXf!87|i19E62WoFm+
zPXyKlWY<W_%m%X~^2;;eP8vy>xo2UWO-BG(HIgzjeZViv)&lY*8h4U1^TeZToihQs
zHIgzj&~NU!0f1Z@Ntt<mo8ym;fSejhnc4T1$#;DLIW&?o^GHdv&3_GnJ82|kW@3E)
zk;8y&8cCTsIOQPxn-JVdBPlaSH9B4ET|k}$<4#g$`oBE=S{fj?Mp9-zDL#5O7?4XN
zDKlT+`RL=CfSejhnfXDji@Dba!<{seGP7RAgB1?~vTGz|=AJr7n!5nmG?Fqi{Z8zI
z{{XUTBxUCCuAT$QfIRWWoutg1u=&jGc7WU(NtxN?#HSB@0J$`hGV^%hFU40Ka3=!=
zNtyX?o4+P~56GdBl$k*Vhg_ckvTGz|=GX2UY3~5CX(VN4*9vhf5&>B?k}|W?iTy9N
z1>}i)dZ!>MGw)CKsr)P;w?<NCmK79?{4*Wyq>-4JIW<r21?1F7%FIET@kc%e<j_dU
z%(J8SAATE<T_Y(o?@W4UUK}8sMp9;eGcNFGYd}_wq|8hjx3_C0K%PFvoutexjkRno
z9t3yNNXpEbD{C*_1IVS3l$ot|f1dpjAg4xBW;#|xm%IhYp^=oCB^@iYjR9oWNXpE~
zehV(Q0A$lh%FJWky+&08WYtK@%<_Wkn|>b%cZxOcBxUBQPhXDM3COLHl$qn=r<dmf
za%m)GX7q2XO2+|mY9wXmOLwnt>jlW6k(8O1dqw|w36NbQDKp<~{$QXLkWC{gGvgaA
zoqAya+({!TGvB=4v;B5Jo*3g!Qf7YltN+pW0l77jGP7_?T+7jbTpCH4xvk>5(>(w=
zHIgzj(6aXU3xFINNtxMXVbp-f{ozg;NtyYm)}b%Y0kUZ%WoEbGk&6ldSq;=)%FMzl
zxxI1#d7_`*slAk$Uz|9$d;}o3Mp9<hY*_zfcR((Uq|99O^_+uE0Xa32GV?%Q>$VU2
z!JRacGILMB;}K^7*)@_fGvVr~IbQ*?X(VN4zR!Rz3jkR)k}~tvtM@*96OgC3aVIG=
z$Mg%m76!<zk(8M&T8{qEACOBUDKmqQBpke#26xg(%FM0)!J#JsIW&?o^KRYT%bNh%
zHIg!O`N*TU<^r;5BxUCGTa|J%09iGXGV`J<Cn^+>r<ZXjDKqO|Z@jM|Ah$+RW`-|L
z-F-V1?xc~FnM;d{b{+%d)JV$Ay1v=tzX0UWNXpFbd>?)`2asJODKkfPToUF0WYb8>
zO#43nnXdt|Y9wXmx;J)&*8}8<GVUa0X3OL!@BN(uchX48%!I`0xkZ3n8cCVip=4p3
zb%2~2NtwB0OP9@AfE*f0nR(m$aKS)8c8#RWe6YUsVkba0jik(cE2P?FKR{NEq|7{!
zQ8M91GTf=BaVIG=GpB89`6D2=Mp9;Wdt6j=H6WKpQf7{5>7O$bkkdfHQf6MtznRq!
zkV7LWGiNW_btwdpT_Y(oulSu`TMLj)BPla~{VnTiX<xXLMp9-z96EZz4}d&9p57@~
z%FMF-h;g3*a%&`I=89nf%ccWzX(VOlnWBuvDS(_BNtu~<c}__XAcsa$W^Q|u8CD&T
zT_Y(o-SKBzl_bHPG?Fs2flrIV{eY|*NtwB!((zU+0eK>gJ4u;2pnXpMR6uTxq|DrY
ztMj2GKrW4>%)Ay;HY5O$QzI!ex1Y-ktqRDYk(8OsN_}r!PJ}yYBxUA|rPa&bfNUB`
znOQmS*xluTtQtv~xzKOR;K_hI5yqXQ%yb2Mt%(QZ)=0|Cc?qkEUIFCNNXpC=)k}V_
z49KaGl$niudTzLs0C&<z%FK~okyF0~WY<W_%pU^^R_6h-X(VN4>w!C>CIYf*BxUA5
zO)5Q%1?1^&+)2vJ*s%-dwFKnWNXpE@&>2g-0l74iGV@mJ%<_xza3_tV%#7QaR&N&|
zhej!7d!3an7R%m%GY@+8&!`Gd^UJ(|c>(hR<^{|Pm=`cFU|ztyfO!G)0_FwG3z!!$
zFJNB4ynuND^8)4t%nO(oFfU+Uz`THY0rLXp1<VVW7cehiUckJ7c>(hR<^{|Pm=`cF
zU|ztyfO!G)0_FwG3z!!$FJNB4ynuND^8)4t%nO(oFfU+Uz`THY0rLXp1<VVW7cehi
zUckJ7c>(hR<^{|Pm=`cFU|ztyfO!G)0_FwG3z!!$FJNB4ynwnudY@j_3Vs$pc*?7_
z|9_?c%ISbD@)zM5NIBiIMcxCR?I@?Sw#Z@0%o0R7UARTQ2%haJr(?Is3*Z?{Io-WQ
z{xdv7D5n#+$REP91LbrL7kN`FY?D$>hjEdI1MfsR-N;2g47i<gI+u%l0q`)&>2fae
z&A_`+PDgZ+p8_6EIo;Dmeh+we%IUN&^2QY`mI%t}$}aM*z#}QAgS*HxfcK!BZto(`
z2Hul$I>U>6Bk(B7=^`)kW59b+PRDtX-vZv7a=O!tyuO#k5=}Xs>_z?>@EFSJdN1;H
z;IWj`Az$RPfcK%CZu%l$2Rx2)I`5182=I8y>C!Lqo4^w&r=!2f{VG~4iImg*U*sKu
zCs9tPfRXnH-j{N^3XFUv@MOyAKrr%Ez*8uvTfxW=0Z*lz&IThd1)fGZT@XfI(_8Hc
zQ%}c)(FZHf+KKK8qfb+w)f1f<M*ptzte@!GF#1)>vx1_-!{`qy&l-wu5TpM~c~(($
zju^e~GvHZA(Pd)v9hGM#MMsL!4^W=96x}OEpQ${nDLP$@ey#GXr|60?`XkD-qN0Pw
z=*yL7O+~kj(bug6o>di{IY!@EdDc~Q@fdx&@~o`r_%Zs~%CokjJILraD9`GOP9mc}
zsyyo}x{i$gmh!By=uk5H2Jq|F16X6x&1CdllxLMi=abP7QJ!@cT~bD$tvo9&I;xC5
zUwPJAbYB_$3FTRB(Wzzhca>+oMOT;6H?9Jn6&D>~MsHW1H5c7tMn6<}R$X+K8U1|a
zS$ENeX7rntXXQo5n$e$Dp0yX<ZAO1zc~)O^!WsQ@&w^+DMc16shl3Af{Y8hJ(GORi
z^%vcEM!!&b)?ak)8U0q}S%1;xXY@ZS&-#mwK%;-8JnJvI2aW!D*i;B){Y9st(MKxJ
z`irhaqaUR_>n}POjefE6tiR}XH2Q7Iv;Lwp(&&Ftp7j@9ltyo<2A=g79hXMmOnKH{
zbY~iUl=7^<=;So|vC6alqU+P>mnzTtiw;qv-=RF~FS<#M{x{`Wf6;kr^j<#TS%1-`
zYV^&OXZ=M-tI<a*&-#n*SEHYxJnJtyWsUwr<yn8xRcrLSm1q6+J{h=1?@^xh7u~u>
z|4eo8tiR~&HTqV{v;LwB*y#Hx&-#mwVWXd<JnJvIi;aGn@~pq;L^k^GlxO`#*Rs+7
zp*-s^I-HHZN)7O=zvzZG`Zmh5{-Sf*=o6G@{Y96x(N6*2j`bHE*+#!YdDdTaZyWtS
z<yn7iBGcRGuPD#@i>`2^uT~R0>n}RUjXqF$)?aj+8+~8pS%1-)ZuHZXXZ=MNyU~BD
zJnJty-i`i%@~pq;jyL*i%Cr8WliuiS)B?}?i>`a4Z?8P-FFN#%K2>?vUv%>u{S4(<
zf6@7G^q(uw`im}sqd%lP>n}PAj=oHJ)?aiV9DVKD;8}mssc`filxO`#SHscwSDy73
z9S}$FRG#%0-4aK?MtRm>bXFXFq4KQ1=)ySqo658PqGRLe>-d6a{Y7`j(Z8xZ>n}P%
zj((8xtiR|QIr>@3v;LyP<mlHc&-#mQl%xMidDdTat{nY8%Cr8W%jM|n!+#*PWBo-(
z%+bHDJnJvIXO4cb@~pq;v^o0!D$n|huAHOa2tJ7Q7acrDe_VOiUv&E%{T=05f6*Cq
z^o{C(XZ=MN(b0ERp7j?UM@RpL@~pq;PCEK|%Cr8Wlj-QcRG#-2Sx-lQN_o~_bVwcj
zzsj@zqMPdIo74r*`isu1qwl6X>o2;rj((W(tiR~!I{NpNXZ=O@*U@iLp7j@<Vn=^g
zdDdTal^y*<<yn8xfp+w^df-`q(XDp$5z4dvqO<MjM=H<yi!QjMU!*+iFFNLq{%hq~
zf6-lc^yigl{Y59<(LYh1^%q@xNB?4d@T|Y+@H_gR%Cr8W8}R7ID9`$f&cUN!qCD#_
zx(tv08|7Jl(UExczbeoAi|)mvuh0NI>n}PTkN#!lS%1+LdGx)NXZ=M7<<XB<p7j^q
zmPh}A@~pq;%sl#C%Cr8Wi}UC&f^X0Ii;mBu_ihND^%vctN8eI;)?ajz9(}CxtiR|w
zJ^G2tv;Lw(_2~1IXZ=Mt>(PI!JnJtyUyuHh@~pq;l0Ev$jli@1qNDccUs0a*7u~l<
zAFn*?FFJLPezNkczv${c`sK>A{@Usv9C|VhhHi~Tdh~APS%2NFn|pZ^csui#m1q66
zeB{wvbHUq~ui6+q>#ymzD&=N?w=y4~JnOHEuAHb)@E&6+9)JEM<yn8#zutIXL-20q
zrz+3-D|~V4?%Sy_Da`yz<yn6%EiT%547`*1{mQfcs_UCQ{tNI9=1Y`k{q>#i!_Ve`
zw=-YeA3W=?Q5~0rIl$YP4^p1>mwliA%-6tMnNLxk_1C&Lc7)dh?=cqW@&415XZ_VO
z`N?~Kr@;N0|4ez-UkQoRbBn;cnEyd})?Xb;7PeUj-pPEa@~pphZ0WK&3%rB*T1~*S
z{<`gbxL_c7JM$sRv;KOpzVu=z@HXcADbM=rt&nPy{lHt9pQ$|SuLBt+6K*8K{f%XN
zy#H$DS$}0t+t%_&@NVXRRG#%$x5q^_SA%yke?xiJUn5%j=gb7}WZv&N_`n_OuS@wi
zv-*K|FyBde)?c$1?Ya~K-p>3$<yn7S@jJh^7I+);S<18i`t`T0tEGM6{>-map7qzm
zp`#c40N&H%>3BKbzesu3UuF3b<30oLX8v#GS%0k<7O-qOco*~anu2Hjb*3m|aSC`R
z^RFq-`YZ49oRT2$4(1)ov;NxlBr~i!csuiRlxO|rjz8O~Bnj@%{1?iz{%YXUqHsTW
zEAz*cXZ^LI((zU+!FwX<{ckJJ`fEV@ocyWa-OM+%foJ`-{Z{8gN#I?~hbqtd>sn0N
zkO1&b<};LM{k8pEUT9VD4(8`7&-!awsqc-;iEw}BH!08hYsS**<!<mc=1(fm`m1u@
zvAfH`TbaM7JnOH8ep?1l2JeZW_xFDuJnJu4px2ss@NVYAlxO`lFJV>DE8tzszo|Uy
zuNBoxey<GP$@~K4S${S1>AB%j0^FbZuasx~HPS0`>bKzS%%4%7_1BL91*`MG+n9f#
zJnOI419wDC1aD=&=?malfBn;>(!*Hrp6>Mi-IZtk6+3ppyq4hI%#To>^;co&j3wUS
zUCiew&-&|D>&)_t@o<0U3zTR56}L03-Y)PC=Fce){pAgx!?IZJ!=K%4ES7?|)p!2`
DBG6lk

diff --git a/test/e2e/testdata/malicious-plugin/zip_bomb.zip.base64 b/test/e2e/testdata/malicious-plugin/zip_bomb.zip.base64
new file mode 100644
index 000000000..ba4fc2e30
--- /dev/null
+++ b/test/e2e/testdata/malicious-plugin/zip_bomb.zip.base64
@@ -0,0 +1 @@
+UEsDBBQAAAAIAKBsSAX7WFLolXYAAF5kTQEBAAAAMAAfAOD/UEsDBBQAAAAIAKBsSAV6KVY+cXYAAD9kTQEBAAAAMQAfAOD/UEsDBBQAAAAIAKBsSAVYPil7TXYAACBkTQEBAAAAMgAfAOD/UEsDBBQAAAAIAKBsSAV42tlMKXYAAAFkTQEBAAAAMwAfAOD/UEsDBBQAAAAIAKBsSAU+iTADBXYAAOJjTQEBAAAANAAfAOD/UEsDBBQAAAAIAKBsSAUEaU454XUAAMNjTQEBAAAANQAfAOD/UEsDBBQAAAAIAKBsSAUo0fzavXUAAKRjTQEBAAAANgAfAOD/UEsDBBQAAAAIAKBsSAUVg59bmXUAAIVjTQEBAAAANwAfAOD/UEsDBBQAAAAIAKBsSAVkz5VYdXUAAGZjTQEBAAAAOAAfAOD/UEsDBBQAAAAIAKBsSAUhQkHmUXUAAEdjTQEBAAAAOQAfAOD/UEsDBBQAAAAIAKBsSAWQbu02LXUAAChjTQEBAAAAQQAfAOD/UEsDBBQAAAAIAKBsSAUj9vjiCXUAAAljTQEBAAAAQgAfAOD/UEsDBBQAAAAIAKBsSAWmxcTP5XQAAOpiTQEBAAAAQwAfAOD/UEsDBBQAAAAIAKBsSAXkGVFDwXQAAMtiTQEBAAAARAAfAOD/UEsDBBQAAAAIAKBsSAWyi7R1nXQAAKxiTQEBAAAARQAfAOD/UEsDBBQAAAAIAKBsSAWIYPYweXQAAI1iTQEBAAAARgAfAOD/UEsDBBQAAAAIAKBsSAW3FWZEVXQAAG5iTQEBAAAARwAfAOD/UEsDBBQAAAAIAKBsSAWQA81aMXQAAE9iTQEBAAAASAAfAOD/UEsDBBQAAAAIAKBsSAXPWqk7DXQAADBiTQEBAAAASQAfAOD/UEsDBBQAAAAIAKBsSAXqbuNl6XMAABFiTQEBAAAASgAfAOD/UEsDBBQAAAAIAKBsSAW6fyycxXMAAPJhTQEBAAAASwAfAOD/UEsDBBQAAAAIAKBsSAWV+jOMoXMAANNhTQEBAAAATAAfAOD/UEsDBBQAAAAIAKBsSAW8LrC+fXMAALRhTQEBAAAATQAfAOD/UEsDBBQAAAAIAKBsSAVp0VyIWXMAAJVhTQEBAAAATgAfAOD/UEsDBBQAAAAIAKBsSAUNhMDaNXMAAHZhTQEBAAAATwAfAOD/UEsDBBQAAAAIAKBsSAXcryxiEXMAAFdhTQEBAAAAUAAfAOD/UEsDBBQAAAAIAKBsSAWb/hWN7XIAADhhTQEBAAAAUQAfAOD/UEsDBBQAAAAIAKBsSAUnJWpGyXIAABlhTQEBAAAAUgAfAOD/UEsDBBQAAAAIAKBsSAWniQU2pXIAAPpgTQEBAAAAUwAfAOD/UEsDBBQAAAAIAKBsSAXgYD+9gXIAANtgTQEBAAAAVAAfAOD/UEsDBBQAAAAIAKBsSAW6odxCXXIAALxgTQEBAAAAVQAfAOD/UEsDBBQAAAAIAKBsSAWIsaTDOXIAAJ1gTQEBAAAAVgAfAOD/UEsDBBQAAAAIAKBsSAVqcU2MFXIAAH5gTQEBAAAAVwAfAOD/UEsDBBQAAAAIAKBsSAXRK/Ed8XEAAF9gTQEBAAAAWAAfAOD/UEsDBBQAAAAIAKBsSAUS+ChfzXEAAEBgTQEBAAAAWQAfAOD/UEsDBBQAAAAIAKBsSAWZrFniqXEAACFgTQEBAAAAWgAgAN//UEsDBBQAAAAIAKBsSAWz1faYhHEAAAFgTQECAAAAMDAAIADf/1BLAwQUAAAACACgbEgFsP8Tfl9xAADhX00BAgAAADAxACAA3/9QSwMEFAAAAAgAoGxIBQyfSTs6cQAAwV9NAQIAAAAwMgAgAN//UEsDBBQAAAAIAKBsSAUYL7vpFXEAAKFfTQECAAAAMDMAIADf/1BLAwQUAAAACACgbEgFhLM3DPBwAACBX00BAgAAADA0ACAA3/9QSwMEFAAAAAgAoGxIBfLGVNbLcAAAYV9NAQIAAAAwNQAgAN//UEsDBBQAAAAIAKBsSAV1cmtYpnAAAEFfTQECAAAAMDYAIADf/1BLAwQUAAAACACgbEgFRpslZoFwAAAhX00BAgAAADA3ACAA3/9QSwMEFAAAAAgAoGxIBQxiDmhccAAAAV9NAQIAAAAwOAAgAN//UEsDBBQAAAAIAKBsSAWa6CCPN3AAAOFeTQECAAAAMDkAIADf/1BLAwQUAAAACACgbEgFi4ZHHRJwAADBXk0BAgAAADBBACAA3/9QSwMEFAAAAAgAoGxIBeMvg6PtbwAAoV5NAQIAAAAwQgAgAN//UEsDBBQAAAAIAKBsSAVCaCBIyG8AAIFeTQECAAAAMEMAIADf/1BLAwQUAAAACACgbEgFt2GZ16NvAABhXk0BAgAAADBEACAA3/9QSwMEFAAAAAgAoGxIBSt3Umx+bwAAQV5NAQIAAAAwRQAgAN//UEsDBBQAAAAIAKBsSAW8sEO3WW8AACFeTQECAAAAMEYAIADf/1BLAwQUAAAACACgbEgFw2D7JTRvAAABXk0BAgAAADBHACAA3/9QSwMEFAAAAAgAoGxIBQL4WKMPbwAA4V1NAQIAAAAwSAAgAN//UEsDBBQAAAAIAKBsSAUSWTcP6m4AAMFdTQECAAAAMEkAIADf/1BLAwQUAAAACACgbEgFTlAVr8VuAAChXU0BAgAAADBKACAA3/9QSwMEFAAAAAgAoGxIBUELQrmgbgAAgV1NAQIAAAAwSwAgAN//UEsDBBQAAAAIAKBsSAUZZsh4e24AAGFdTQECAAAAMEwAIADf/1BLAwQUAAAACACgbEgFp7D+V1ZuAABBXU0BAgAAADBNACAA3/9QSwMEFAAAAAgAoGxIBe3QDbExbgAAIV1NAQIAAAAwTgAgAN//UEsDBBQAAAAIAKBsSAUU67rxDG4AAAFdTQECAAAAME8AIADf/1BLAwQUAAAACACgbEgFnoVLzudtAADhXE0BAgAAADBQACAA3/9QSwMEFAAAAAgAoGxIBd/ndkLCbQAAwVxNAQIAAAAwUQAgAN//UEsDBBQAAAAIAKBsSAXBkgPHnW0AAKFcTQECAAAAMFIAIADf/1BLAwQUAAAACACgbEgFJdbiqHhtAACBXE0BAgAAADBTACAA3/9QSwMEFAAAAAgAoGxIBf2Ze2lTbQAAYVxNAQIAAAAwVAAgAN//UEsDBBQAAAAIAKBsSAUCBc81Lm0AAEFcTQECAAAAMFUAIADf/1BLAwQUAAAACACgbEgFFnWIIQltAAAhXE0BAgAAADBWACAA3/9QSwMEFAAAAAgAoGxIBcCDU9zkbAAAAVxNAQIAAAAwVwAgAN//UEsDBBQAAAAIAKBsSAWXmD14v2wAAOFbTQECAAAAMFgAIADf/1BLAwQUAAAACACgbEgFE0znqZpsAADBW00BAgAAADBZACAA3/9QSwMEFAAAAAgAoGxIBVQ5jtZ1bAAAoVtNAQIAAAAwWgAgAN//UEsDBBQAAAAIAKBsSAUWt6hYUGwAAIFbTQECAAAAMTAAIADf/1BLAwQUAAAACACgbEgF1EE1IStsAABhW00BAgAAADExACAA3/9QSwMEFAAAAAgAoGxIBRqnGoEGbAAAQVtNAQIAAAAxMgAgAN//UEsDBBQAAAAIAKBsSAV+/zom4WsAACFbTQECAAAAMTMAIADf/1BLAwQUAAAACACgbEgFMi+WWbxrAAABW00BAgAAADE0ACAA3/9QSwMEFAAAAAgAoGxIBdodZoCXawAA4VpNAQIAAAAxNQAgAN//UEsDBBQAAAAIAKBsSAV0prWzcmsAAMFaTQECAAAAMTYAIADf/1BLAwQUAAAACACgbEgF5c7WDU1rAAChWk0BAgAAADE3ACAA3/9QSwMEFAAAAAgAoGxIBWaL8NUoawAAgVpNAQIAAAAxOAAgAN//UEsDBBQAAAAIAKBsSAXL4vF4A2sAAGFaTQECAAAAMTkAIADf/1BLAwQUAAAACACgbEgFfuJ8E95qAABBWk0BAgAAADFBACAA3/9QSwMEFAAAAAgAoGxIBT8hGSy5agAAIVpNAQIAAAAxQgAgAN//UEsDBBQAAAAIAKBsSAUKPSTNlGoAAAFaTQECAAAAMUMAIADf/1BLAwQUAAAACACgbEgFqo/tUW9qAADhWU0BAgAAADFEACAA3/9QSwMEFAAAAAgAoGxIBaVoFuJKagAAwVlNAQIAAAAxRQAgAN//UEsDBBQAAAAIAKBsSAW2hyL7JWoAAKFZTQECAAAAMUYAIADf/1BLAwQUAAAACACgbEgF7Mkw3ABqAACBWU0BAgAAADFHACAA3/9QSwMEFAAAAAgAoGxIBby6wGDbaQAAYVlNAQIAAAAxSAAgAN//UEsDBBQAAAAIAKBsSAW4cVUvtmkAAEFZTQECAAAAMUkAIADf/1BLAwQUAAAACACgbEgFg4Lie5FpAAAhWU0BAgAAADFKACAA3/9QSwMEFAAAAAgAoGxIBci1lDVsaQAAAVlNAQIAAAAxSwAgAN//UEsDBBQAAAAIAKBsSAWuNq41R2kAAOFYTQECAAAAMUwAIADf/1BLAwQUAAAACACgbEgFCwSGRCJpAADBWE0BAgAAADFNACAA3/9QSwMEFAAAAAgAoGxIBYtO2dz9aAAAoVhNAQIAAAAxTgAgAN//UEsDBBQAAAAIAKBsSAUSJ1w+2GgAAIFYTQECAAAAMU8AIADf/1BLAwQUAAAACACgbEgFkpaLgrNoAABhWE0BAgAAADFQACAA3/9QSwMEFAAAAAgAoGxIBe54iJiOaAAAQVhNAQIAAAAxUQAgAN//UEsDBBQAAAAIAKBsSAVkITOTaWgAACFYTQECAAAAMVIAIADf/1BLAwQUAAAACACgbEgF0vYJb0RoAAABWE0BAgAAADFTACAA3/9QSwMEFAAAAAgAoGxIBZO3HDEfaAAA4VdNAQIAAAAxVAAgAN//UEsDBBQAAAAIAKBsSAUl1MGT+mcAAMFXTQECAAAAMVUAIADf/1BLAwQUAAAACACgbEgFxezaCNVnAAChV00BAgAAADFWACAA3/9QSwMEFAAAAAgAoGxIBRTHhD6wZwAAgVdNAQIAAAAxVwAgAN//UEsDBBQAAAAIAKBsSAVOyWOri2cAAGFXTQECAAAAMVgAIADf/1BLAwQUAAAACACgbEgFIA11qmZnAABBV00BAgAAADFZACAA3/9QSwMEFAAAAAgAoGxIBZRGYldBZwAAIVdNAQIAAAAxWgAgAN//UEsDBBQAAAAIAKBsSAXwMbHdHGcAAAFXTQECAAAAMjAAIADf/1BLAwQUAAAACACgbEgFdABuD/dmAADhVk0BAgAAADIxACAA3/9QSwMEFAAAAAgAoGxIBaqFaSzSZgAAwVZNAQIAAAAyMgAgAN//UEsDBBQAAAAIAKBsSAWuD0H5rWYAAKFWTQECAAAAMjMAIADf/1BLAwQUAAAACACgbEgFvB75hIhmAACBVk0BAgAAADI0ACAA3/9QSwMEFAAAAAgAoGxIBS6YakdjZgAAYVZNAQIAAAAyNQAgAN//UEsDBBQAAAAIAKBsSAVffTACPmYAAEFWTQECAAAAMjYAIADf/1BLAwQUAAAACACgbEgFrA3FrhlmAAAhVk0BAgAAADI3ACAA3/9QSwMEFAAAAAgAoGxIBTYcrFD0ZQAAAVZNAQIAAAAyOAAgAN//UEsDBBQAAAAIAKBsSAVzG2laz2UAAOFVTQECAAAAMjkAIADf/1BLAwQUAAAACACgbEgFqnetOaplAADBVU0BAgAAADJBACAA3/9QSwMEFAAAAAgAoGxIBRDgYwKFZQAAoVVNAQIAAAAyQgAgAN//UEsDBBQAAAAIAKBsSAWeEcvwYGUAAIFVTQECAAAAMkMAIADf/1BLAwQUAAAACACgbEgFBrQGxDtlAABhVU0BAgAAADJEACAA3/9QSwMEFAAAAAgAoGxIBUCS0jEWZQAAQVVNAQIAAAAyRQAgAN//UEsDBBQAAAAIAKBsSAUZhUat8WQAACFVTQECAAAAMkYAIADf/1BLAwQUAAAACACgbEgFvY4VrsxkAAABVU0BAgAAADJHACAA3/9QSwMEFAAAAAgAoGxIBWBd25qnZAAA4VRNAQIAAAAySAAgAN//UEsDBBQAAAAIAKBsSAXS/eo7gmQAAMFUTQECAAAAMkkAIADf/1BLAwQUAAAACACgbEgFMRSJ2V1kAAChVE0BAgAAADJKACAA3/9QSwMEFAAAAAgAoGxIBdq2YeQ4ZAAAgVRNAQIAAAAySwAgAN//UEsDBBQAAAAIAKBsSAVWLXf3E2QAAGFUTQECAAAAMkwAIADf/1BLAwQUAAAACACgbEgFzOklsO5jAABBVE0BAgAAADJNACAA3/9QSwMEFAAAAAgAoGxIBVRSrczJYwAAIVRNAQIAAAAyTgAgAN//UEsDBBQAAAAIAKBsSAViWMYApGMAAAFUTQECAAAAMk8AIADf/1BLAwQUAAAACACgbEgFbBvVEX9jAADhU00BAgAAADJQACAA3/9QSwMEFAAAAAgAoGxIBR0nfepaYwAAwVNNAQIAAAAyUQAgAN//UEsDBBQAAAAIAKBsSAX/4s/XNWMAAKFTTQECAAAAMlIAIADf/1BLAwQUAAAACACgbEgFPbr9mxBjAACBU00BAgAAADJTACAA3/9QSwMEFAAAAAgAoGxIBZYR4JXrYgAAYVNNAQIAAAAyVAAgAN//UEsDBBQAAAAIAKBsSAUXBMYExmIAAEFTTQECAAAAMlUAIADf/1BLAwQUAAAACACgbEgFvRXMKKFiAAAhU00BAgAAADJWACAA3/9QSwMEFAAAAAgAoGxIBWD2T/t8YgAAAVNNAQIAAAAyVwAgAN//UEsDBBQAAAAIAKBsSAVpQOHFV2IAAOFSTQECAAAAMlgAIADf/1BLAwQUAAAACACgbEgFcrDW9TJiAADBUk0BAgAAADJZACAA3/9QSwMEFAAAAAgAoGxIBR7SoPsNYgAAoVJNAQIAAAAyWgAgAN//UEsDBBQAAAAIAKBsSAXRy9vi6GEAAIFSTQECAAAAMzAAIADf/1BLAwQUAAAACACgbEgF+S7udcNhAABhUk0BAgAAADMxACAA3/9QSwMEFAAAAAgAoGxIBTO0yKGeYQAAQVJNAQIAAAAzMgAgAN//UEsDBBQAAAAIAKBsSAW1we9aeWEAACFSTQECAAAAMzMAIADf/1BLAwQUAAAACACgbEgFQAJRnVRhAAABUk0BAgAAADM0ACAA3/9QSwMEFAAAAAgAoGxIBTnSxCYvYQAA4VFNAQIAAAAzNQAgAN//UEsDBBQAAAAIAKBsSAX6dw0ICmEAAMFRTQECAAAAMzYAIADf/1BLAwQUAAAACACgbEgF7bS0a+VgAAChUU0BAgAAADM3ACAA3/9QSwMEFAAAAAgAoGxIBTaPENPAYAAAgVFNAQIAAAAzOAAgAN//UEsDBBQAAAAIAKBsSAVfglLMm2AAAGFRTQECAAAAMzkAIADf/1BLAwQUAAAACACgbEgF123EyXZgAABBUU0BAgAAADNBACAA3/9QSwMEFAAAAAgAoGxIBfZ1eYpRYAAAIVFNAQIAAAAzQgAgAN//UEsDBBQAAAAIAKBsSAW4cDHPLGAAAAFRTQECAAAAM0MAIADf/1BLAwQUAAAACACgbEgFVXDAQAdgAADhUE0BAgAAADNEACAA3/9QSwMEFAAAAAgAoGxIBexPALPiXwAAwVBNAQIAAAAzRQAgAN//UEsDBBQAAAAIAKBsSAUQnxKRvV8AAKFQTQECAAAAM0YAIADf/1BLAwQUAAAACACgbEgFK7yjiJhfAACBUE0BAgAAADNHACAA3/9QSwMEFAAAAAgAoGxIBWGdTelzXwAAYVBNAQIAAAAzSAAgAN//UEsDBBQAAAAIAKBsSAXpOAIvTl8AAEFQTQECAAAAM0kAIADf/1BLAwQUAAAACACgbEgFdxSM5ilfAAAhUE0BAgAAADNKACAA3/9QSwMEFAAAAAgAoGxIBdBFA2wEXwAAAVBNAQIAAAAzSwAgAN//UEsDBBQAAAAIAKBsSAXxtOuu314AAOFPTQECAAAAM0wAIADf/1BLAwQUAAAACACgbEgF1KAnRrpeAADBT00BAgAAADNNACAA3/9QSwMEFAAAAAgAoGxIBXBSffGVXgAAoU9NAQIAAAAzTgAgAN//UEsDBBQAAAAIAKBsSAVN3qTscF4AAIFPTQECAAAAM08AIADf/1BLAwQUAAAACACgbEgFJvfrtkteAABhT00BAgAAADNQACAA3/9QSwMEFAAAAAgAoGxIBQD4zXwmXgAAQU9NAQIAAAAzUQAgAN//UEsDBBQAAAAIAKBsSAV/KPteAV4AACFPTQECAAAAM1IAIADf/1BLAwQUAAAACACgbEgFUhuUetxdAAABT00BAgAAADNTACAA3/9QSwMEFAAAAAgAoGxIBWfrSTS3XQAA4U5NAQIAAAAzVAAgAN//UEsDBBQAAAAIAKBsSAW/3R3Pkl0AAMFOTQECAAAAM1UAIADf/1BLAwQUAAAACACgbEgFy7JRKm1dAAChTk0BAgAAADNWACAA3/9QSwMEFAAAAAgAoGxIBbYEqNVIXQAAgU5NAQIAAAAzVwAgAN//UEsDBBQAAAAIAKBsSAUxAKfRI10AAGFOTQECAAAAM1gAIADf/1BLAwQUAAAACACgbEgFHo5KXf5cAABBTk0BAgAAADNZACAA3/9QSwMEFAAAAAgAoGxIBf0RyK/ZXAAAIU5NAQIAAAAzWgAgAN//UEsDBBQAAAAIAKBsSAVDaUeQtFwAAAFOTQECAAAANDAAIADf/1BLAwQUAAAACACgbEgFywmVS49cAADhTU0BAgAAADQxACAA3/9QSwMEFAAAAAgAoGxIBavS0JxqXAAAwU1NAQIAAAA0MgAgAN//UEsDBBQAAAAIAKBsSAUQGhjTRVwAAKFNTQECAAAANDMAIADf/1BLAwQUAAAACACgbEgFkLWGxiBcAACBTU0BAgAAADQ0ACAA3/9QSwMEFAAAAAgAoGxIBcWZLC/7WwAAYU1NAQIAAAA0NQAgAN//UEsDBBQAAAAIAKBsSAW9MP5q1lsAAEFNTQECAAAANDYAIADf/1BLAwQUAAAACACgbEgFU+jUhrFbAAAhTU0BAgAAADQ3ACAA3/9QSwMEFAAAAAgAoGxIBa0NXT6MWwAAAU1NAQIAAAA0OAAgAN//UEsDBBQAAAAIAKBsSAU66PiXZ1sAAOFMTQECAAAANDkAIADf/1BLAwQUAAAACACgbEgFbls/6kJbAADBTE0BAgAAADRBACAA3/9QSwMEFAAAAAgAoGxIBSkqbZcdWwAAoUxNAQIAAAA0QgAgAN//UEsDBBQAAAAIAKBsSAU1zFPG+FoAAIFMTQECAAAANEMAIADf/1BLAwQUAAAACACgbEgFsx01P9NaAABhTE0BAgAAADREACAA3/9QSwMEFAAAAAgAoGxIBfcWleauWgAAQUxNAQIAAAA0RQAgAN//UEsDBBQAAAAIAKBsSAWca8/0iVoAACFMTQECAAAANEYAIADf/1BLAwQUAAAACACgbEgFffQHlWRaAAABTE0BAgAAADRHACAA3/9QSwMEFAAAAAgAoGxIBeChj0o/WgAA4UtNAQIAAAA0SAAgAN//UEsDBBQAAAAIAKBsSAUY6xzCGloAAMFLTQECAAAANEkAIADf/1BLAwQUAAAACACgbEgFRJFZvPVZAAChS00BAgAAADRKACAA3/9QSwMEFAAAAAgAoGxIBZTizbrQWQAAgUtNAQIAAAA0SwAgAN//UEsDBBQAAAAIAKBsSAUWE4hxq1kAAGFLTQECAAAANEwAIADf/1BLAwQUAAAACACgbEgFvxP8ooZZAABBS00BAgAAADRNACAA3/9QSwMEFAAAAAgAoGxIBWw4k0JhWQAAIUtNAQIAAAA0TgAgAN//UEsDBBQAAAAIAKBsSAVBwh2APFkAAAFLTQECAAAANE8AIADf/1BLAwQUAAAACACgbEgFqGW5RBdZAADhSk0BAgAAADRQACAA3/9QSwMEFAAAAAgAoGxIBSpX/43yWAAAwUpNAQIAAAA0UQAgAN//UEsDBBQAAAAIAKBsSAVTVH2VzVgAAKFKTQECAAAANFIAIADf/1BLAwQUAAAACACgbEgFN+mOLqhYAACBSk0BAgAAADRTACAA3/9QSwMEFAAAAAgAoGxIBbmyPrCDWAAAYUpNAQIAAAA0VAAgAN//UEsDBBQAAAAIAKBsSAX1Bcm0XlgAAEFKTQECAAAANFUAIADf/1BLAwQUAAAACACgbEgF+6ns4DlYAAAhSk0BAgAAADRWACAA3/9QSwMEFAAAAAgAoGxIBXM2DHcUWAAAAUpNAQIAAAA0VwAgAN//UEsDBBQAAAAIAKBsSAXFZOly71cAAOFJTQECAAAANFgAIADf/1BLAwQUAAAACACgbEgFgnu2KspXAADBSU0BAgAAADRZACAA3/9QSwMEFAAAAAgAoGxIBUP+zRClVwAAoUlNAQIAAAA0WgAgAN//UEsDBBQAAAAIAKBsSAVqKh2PgFcAAIFJTQECAAAANTAAIADf/1BLAwQUAAAACACgbEgF463wg1tXAABhSU0BAgAAADUxACAA3/9QSwMEFAAAAAgAoGxIBYWQu+M2VwAAQUlNAQIAAAA1MgAgAN//UEsDBBQAAAAIAKBsSAXnFNqnEVcAACFJTQECAAAANTMAIADf/1BLAwQUAAAACACgbEgF3d6D6OxWAAABSU0BAgAAADU0ACAA3/9QSwMEFAAAAAgAoGxIBfxmbYzHVgAA4UhNAQIAAAA1NQAgAN//UEsDBBQAAAAIAKBsSAXtrUZwolYAAMFITQECAAAANTYAIADf/1BLAwQUAAAACACgbEgFnWgwmn1WAAChSE0BAgAAADU3ACAA3/9QSwMEFAAAAAgAoGxIBdbNZJFYVgAAgUhNAQIAAAA1OAAgAN//UEsDBBQAAAAIAKBsSAWZ5obpM1YAAGFITQECAAAANTkAIADf/1BLAwQUAAAACACgbEgFtv+CQg5WAABBSE0BAgAAADVBACAA3/9QSwMEFAAAAAgAoGxIBcFS1yvpVQAAIUhNAQIAAAA1QgAgAN//UEsDBBQAAAAIAKBsSAUZDSnLxFUAAAFITQECAAAANUMAIADf/1BLAwQUAAAACACgbEgFqgfRK59VAADhR00BAgAAADVEACAA3/9QSwMEFAAAAAgAoGxIBV00j616VQAAwUdNAQIAAAA1RQAgAN//UEsDBBQAAAAIAKBsSAW39DvIVVUAAKFHTQECAAAANUYAIADf/1BLAwQUAAAACACgbEgF6k7tYzBVAACBR00BAgAAADVHACAA3/9QSwMEFAAAAAgAoGxIBbfZmT8LVQAAYUdNAQIAAAA1SAAgAN//UEsDBBQAAAAIAKBsSAWa7BPv5lQAAEFHTQECAAAANUkAIADf/1BLAwQUAAAACACgbEgFfpQO8cFUAAAhR00BAgAAADVKACAA3/9QSwMEFAAAAAgAoGxIBQiZ0PecVAAAAUdNAQIAAAA1SwAgAN//UEsDBBQAAAAIAKBsSAWOFLJid1QAAOFGTQECAAAANUwAIADf/1BLAwQUAAAACACgbEgFoTEDplJUAADBRk0BAgAAADVNACAA3/9QSwMEFAAAAAgAoGxIBYpTpM0tVAAAoUZNAQIAAAA1TgAgAN//UEsDBBQAAAAIAKBsSAWdDunfCFQAAIFGTQECAAAANU8AIADf/1BLAwQUAAAACACgbEgFGw1JquNTAABhRk0BAgAAADVQACAA3/9QSwMEFAAAAAgAoGxIBWsDR3q+UwAAQUZNAQIAAAA1UQAgAN//UEsDBBQAAAAIAKBsSAXKMLSlmVMAACFGTQECAAAANVIAIADf/1BLAwQUAAAACACgbEgFLF65SnRTAAABRk0BAgAAADVTACAA3/9QSwMEFAAAAAgAoGxIBfMeB/xPUwAA4UVNAQIAAAA1VAAgAN//UEsDBBQAAAAIAKBsSAVPb4yKKlMAAMFFTQECAAAANVUAIADf/1BLAwQUAAAACACgbEgFyz9+kwVTAAChRU0BAgAAADVWACAA3/9QSwMEFAAAAAgAoGxIBfQsgvHgUgAAgUVNAQIAAAA1VwAgAN//UEsDBBQAAAAIAKBsSAVRuloXu1IAAGFFTQECAAAANVjtwIEIAAAAwDDW+0tcZAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFBLAQIUABQAAAAIAKBsSAX7WFLolXYAAF5kTQEBAAAAAAAAAAAAAAAAAAAAAAAwUEsBAhQAFAAAAAgAoGxIBXopVj5xdgAAP2RNAQEAAAAAAAAAAAAAAAAAJAAAADFQSwECFAAUAAAACACgbEgFWD4pe012AAAgZE0BAQAAAAAAAAAAAAAAAABIAAAAMlBLAQIUABQAAAAIAKBsSAV42tlMKXYAAAFkTQEBAAAAAAAAAAAAAAAAAGwAAAAzUEsBAhQAFAAAAAgAoGxIBT6JMAMFdgAA4mNNAQEAAAAAAAAAAAAAAAAAkAAAADRQSwECFAAUAAAACACgbEgFBGlOOeF1AADDY00BAQAAAAAAAAAAAAAAAAC0AAAANVBLAQIUABQAAAAIAKBsSAUo0fzavXUAAKRjTQEBAAAAAAAAAAAAAAAAANgAAAA2UEsBAhQAFAAAAAgAoGxIBRWDn1uZdQAAhWNNAQEAAAAAAAAAAAAAAAAA/AAAADdQSwECFAAUAAAACACgbEgFZM+VWHV1AABmY00BAQAAAAAAAAAAAAAAAAAgAQAAOFBLAQIUABQAAAAIAKBsSAUhQkHmUXUAAEdjTQEBAAAAAAAAAAAAAAAAAEQBAAA5UEsBAhQAFAAAAAgAoGxIBZBu7TYtdQAAKGNNAQEAAAAAAAAAAAAAAAAAaAEAAEFQSwECFAAUAAAACACgbEgFI/b44gl1AAAJY00BAQAAAAAAAAAAAAAAAACMAQAAQlBLAQIUABQAAAAIAKBsSAWmxcTP5XQAAOpiTQEBAAAAAAAAAAAAAAAAALABAABDUEsBAhQAFAAAAAgAoGxIBeQZUUPBdAAAy2JNAQEAAAAAAAAAAAAAAAAA1AEAAERQSwECFAAUAAAACACgbEgFsou0dZ10AACsYk0BAQAAAAAAAAAAAAAAAAD4AQAARVBLAQIUABQAAAAIAKBsSAWIYPYweXQAAI1iTQEBAAAAAAAAAAAAAAAAABwCAABGUEsBAhQAFAAAAAgAoGxIBbcVZkRVdAAAbmJNAQEAAAAAAAAAAAAAAAAAQAIAAEdQSwECFAAUAAAACACgbEgFkAPNWjF0AABPYk0BAQAAAAAAAAAAAAAAAABkAgAASFBLAQIUABQAAAAIAKBsSAXPWqk7DXQAADBiTQEBAAAAAAAAAAAAAAAAAIgCAABJUEsBAhQAFAAAAAgAoGxIBepu42XpcwAAEWJNAQEAAAAAAAAAAAAAAAAArAIAAEpQSwECFAAUAAAACACgbEgFun8snMVzAADyYU0BAQAAAAAAAAAAAAAAAADQAgAAS1BLAQIUABQAAAAIAKBsSAWV+jOMoXMAANNhTQEBAAAAAAAAAAAAAAAAAPQCAABMUEsBAhQAFAAAAAgAoGxIBbwusL59cwAAtGFNAQEAAAAAAAAAAAAAAAAAGAMAAE1QSwECFAAUAAAACACgbEgFadFciFlzAACVYU0BAQAAAAAAAAAAAAAAAAA8AwAATlBLAQIUABQAAAAIAKBsSAUNhMDaNXMAAHZhTQEBAAAAAAAAAAAAAAAAAGADAABPUEsBAhQAFAAAAAgAoGxIBdyvLGIRcwAAV2FNAQEAAAAAAAAAAAAAAAAAhAMAAFBQSwECFAAUAAAACACgbEgFm/4Vje1yAAA4YU0BAQAAAAAAAAAAAAAAAACoAwAAUVBLAQIUABQAAAAIAKBsSAUnJWpGyXIAABlhTQEBAAAAAAAAAAAAAAAAAMwDAABSUEsBAhQAFAAAAAgAoGxIBaeJBTalcgAA+mBNAQEAAAAAAAAAAAAAAAAA8AMAAFNQSwECFAAUAAAACACgbEgF4GA/vYFyAADbYE0BAQAAAAAAAAAAAAAAAAAUBAAAVFBLAQIUABQAAAAIAKBsSAW6odxCXXIAALxgTQEBAAAAAAAAAAAAAAAAADgEAABVUEsBAhQAFAAAAAgAoGxIBYixpMM5cgAAnWBNAQEAAAAAAAAAAAAAAAAAXAQAAFZQSwECFAAUAAAACACgbEgFanFNjBVyAAB+YE0BAQAAAAAAAAAAAAAAAACABAAAV1BLAQIUABQAAAAIAKBsSAXRK/Ed8XEAAF9gTQEBAAAAAAAAAAAAAAAAAKQEAABYUEsBAhQAFAAAAAgAoGxIBRL4KF/NcQAAQGBNAQEAAAAAAAAAAAAAAAAAyAQAAFlQSwECFAAUAAAACACgbEgFmaxZ4qlxAAAhYE0BAQAAAAAAAAAAAAAAAADsBAAAWlBLAQIUABQAAAAIAKBsSAWz1faYhHEAAAFgTQECAAAAAAAAAAAAAAAAABAFAAAwMFBLAQIUABQAAAAIAKBsSAWw/xN+X3EAAOFfTQECAAAAAAAAAAAAAAAAADUFAAAwMVBLAQIUABQAAAAIAKBsSAUMn0k7OnEAAMFfTQECAAAAAAAAAAAAAAAAAFoFAAAwMlBLAQIUABQAAAAIAKBsSAUYL7vpFXEAAKFfTQECAAAAAAAAAAAAAAAAAH8FAAAwM1BLAQIUABQAAAAIAKBsSAWEszcM8HAAAIFfTQECAAAAAAAAAAAAAAAAAKQFAAAwNFBLAQIUABQAAAAIAKBsSAXyxlTWy3AAAGFfTQECAAAAAAAAAAAAAAAAAMkFAAAwNVBLAQIUABQAAAAIAKBsSAV1cmtYpnAAAEFfTQECAAAAAAAAAAAAAAAAAO4FAAAwNlBLAQIUABQAAAAIAKBsSAVGmyVmgXAAACFfTQECAAAAAAAAAAAAAAAAABMGAAAwN1BLAQIUABQAAAAIAKBsSAUMYg5oXHAAAAFfTQECAAAAAAAAAAAAAAAAADgGAAAwOFBLAQIUABQAAAAIAKBsSAWa6CCPN3AAAOFeTQECAAAAAAAAAAAAAAAAAF0GAAAwOVBLAQIUABQAAAAIAKBsSAWLhkcdEnAAAMFeTQECAAAAAAAAAAAAAAAAAIIGAAAwQVBLAQIUABQAAAAIAKBsSAXjL4Oj7W8AAKFeTQECAAAAAAAAAAAAAAAAAKcGAAAwQlBLAQIUABQAAAAIAKBsSAVCaCBIyG8AAIFeTQECAAAAAAAAAAAAAAAAAMwGAAAwQ1BLAQIUABQAAAAIAKBsSAW3YZnXo28AAGFeTQECAAAAAAAAAAAAAAAAAPEGAAAwRFBLAQIUABQAAAAIAKBsSAUrd1Jsfm8AAEFeTQECAAAAAAAAAAAAAAAAABYHAAAwRVBLAQIUABQAAAAIAKBsSAW8sEO3WW8AACFeTQECAAAAAAAAAAAAAAAAADsHAAAwRlBLAQIUABQAAAAIAKBsSAXDYPslNG8AAAFeTQECAAAAAAAAAAAAAAAAAGAHAAAwR1BLAQIUABQAAAAIAKBsSAUC+FijD28AAOFdTQECAAAAAAAAAAAAAAAAAIUHAAAwSFBLAQIUABQAAAAIAKBsSAUSWTcP6m4AAMFdTQECAAAAAAAAAAAAAAAAAKoHAAAwSVBLAQIUABQAAAAIAKBsSAVOUBWvxW4AAKFdTQECAAAAAAAAAAAAAAAAAM8HAAAwSlBLAQIUABQAAAAIAKBsSAVBC0K5oG4AAIFdTQECAAAAAAAAAAAAAAAAAPQHAAAwS1BLAQIUABQAAAAIAKBsSAUZZsh4e24AAGFdTQECAAAAAAAAAAAAAAAAABkIAAAwTFBLAQIUABQAAAAIAKBsSAWnsP5XVm4AAEFdTQECAAAAAAAAAAAAAAAAAD4IAAAwTVBLAQIUABQAAAAIAKBsSAXt0A2xMW4AACFdTQECAAAAAAAAAAAAAAAAAGMIAAAwTlBLAQIUABQAAAAIAKBsSAUU67rxDG4AAAFdTQECAAAAAAAAAAAAAAAAAIgIAAAwT1BLAQIUABQAAAAIAKBsSAWehUvO520AAOFcTQECAAAAAAAAAAAAAAAAAK0IAAAwUFBLAQIUABQAAAAIAKBsSAXf53ZCwm0AAMFcTQECAAAAAAAAAAAAAAAAANIIAAAwUVBLAQIUABQAAAAIAKBsSAXBkgPHnW0AAKFcTQECAAAAAAAAAAAAAAAAAPcIAAAwUlBLAQIUABQAAAAIAKBsSAUl1uKoeG0AAIFcTQECAAAAAAAAAAAAAAAAABwJAAAwU1BLAQIUABQAAAAIAKBsSAX9mXtpU20AAGFcTQECAAAAAAAAAAAAAAAAAEEJAAAwVFBLAQIUABQAAAAIAKBsSAUCBc81Lm0AAEFcTQECAAAAAAAAAAAAAAAAAGYJAAAwVVBLAQIUABQAAAAIAKBsSAUWdYghCW0AACFcTQECAAAAAAAAAAAAAAAAAIsJAAAwVlBLAQIUABQAAAAIAKBsSAXAg1Pc5GwAAAFcTQECAAAAAAAAAAAAAAAAALAJAAAwV1BLAQIUABQAAAAIAKBsSAWXmD14v2wAAOFbTQECAAAAAAAAAAAAAAAAANUJAAAwWFBLAQIUABQAAAAIAKBsSAUTTOepmmwAAMFbTQECAAAAAAAAAAAAAAAAAPoJAAAwWVBLAQIUABQAAAAIAKBsSAVUOY7WdWwAAKFbTQECAAAAAAAAAAAAAAAAAB8KAAAwWlBLAQIUABQAAAAIAKBsSAUWt6hYUGwAAIFbTQECAAAAAAAAAAAAAAAAAEQKAAAxMFBLAQIUABQAAAAIAKBsSAXUQTUhK2wAAGFbTQECAAAAAAAAAAAAAAAAAGkKAAAxMVBLAQIUABQAAAAIAKBsSAUapxqBBmwAAEFbTQECAAAAAAAAAAAAAAAAAI4KAAAxMlBLAQIUABQAAAAIAKBsSAV+/zom4WsAACFbTQECAAAAAAAAAAAAAAAAALMKAAAxM1BLAQIUABQAAAAIAKBsSAUyL5ZZvGsAAAFbTQECAAAAAAAAAAAAAAAAANgKAAAxNFBLAQIUABQAAAAIAKBsSAXaHWaAl2sAAOFaTQECAAAAAAAAAAAAAAAAAP0KAAAxNVBLAQIUABQAAAAIAKBsSAV0prWzcmsAAMFaTQECAAAAAAAAAAAAAAAAACILAAAxNlBLAQIUABQAAAAIAKBsSAXlztYNTWsAAKFaTQECAAAAAAAAAAAAAAAAAEcLAAAxN1BLAQIUABQAAAAIAKBsSAVmi/DVKGsAAIFaTQECAAAAAAAAAAAAAAAAAGwLAAAxOFBLAQIUABQAAAAIAKBsSAXL4vF4A2sAAGFaTQECAAAAAAAAAAAAAAAAAJELAAAxOVBLAQIUABQAAAAIAKBsSAV+4nwT3moAAEFaTQECAAAAAAAAAAAAAAAAALYLAAAxQVBLAQIUABQAAAAIAKBsSAU/IRksuWoAACFaTQECAAAAAAAAAAAAAAAAANsLAAAxQlBLAQIUABQAAAAIAKBsSAUKPSTNlGoAAAFaTQECAAAAAAAAAAAAAAAAAAAMAAAxQ1BLAQIUABQAAAAIAKBsSAWqj+1Rb2oAAOFZTQECAAAAAAAAAAAAAAAAACUMAAAxRFBLAQIUABQAAAAIAKBsSAWlaBbiSmoAAMFZTQECAAAAAAAAAAAAAAAAAEoMAAAxRVBLAQIUABQAAAAIAKBsSAW2hyL7JWoAAKFZTQECAAAAAAAAAAAAAAAAAG8MAAAxRlBLAQIUABQAAAAIAKBsSAXsyTDcAGoAAIFZTQECAAAAAAAAAAAAAAAAAJQMAAAxR1BLAQIUABQAAAAIAKBsSAW8usBg22kAAGFZTQECAAAAAAAAAAAAAAAAALkMAAAxSFBLAQIUABQAAAAIAKBsSAW4cVUvtmkAAEFZTQECAAAAAAAAAAAAAAAAAN4MAAAxSVBLAQIUABQAAAAIAKBsSAWDguJ7kWkAACFZTQECAAAAAAAAAAAAAAAAAAMNAAAxSlBLAQIUABQAAAAIAKBsSAXItZQ1bGkAAAFZTQECAAAAAAAAAAAAAAAAACgNAAAxS1BLAQIUABQAAAAIAKBsSAWuNq41R2kAAOFYTQECAAAAAAAAAAAAAAAAAE0NAAAxTFBLAQIUABQAAAAIAKBsSAULBIZEImkAAMFYTQECAAAAAAAAAAAAAAAAAHINAAAxTVBLAQIUABQAAAAIAKBsSAWLTtnc/WgAAKFYTQECAAAAAAAAAAAAAAAAAJcNAAAxTlBLAQIUABQAAAAIAKBsSAUSJ1w+2GgAAIFYTQECAAAAAAAAAAAAAAAAALwNAAAxT1BLAQIUABQAAAAIAKBsSAWSlouCs2gAAGFYTQECAAAAAAAAAAAAAAAAAOENAAAxUFBLAQIUABQAAAAIAKBsSAXueIiYjmgAAEFYTQECAAAAAAAAAAAAAAAAAAYOAAAxUVBLAQIUABQAAAAIAKBsSAVkITOTaWgAACFYTQECAAAAAAAAAAAAAAAAACsOAAAxUlBLAQIUABQAAAAIAKBsSAXS9glvRGgAAAFYTQECAAAAAAAAAAAAAAAAAFAOAAAxU1BLAQIUABQAAAAIAKBsSAWTtxwxH2gAAOFXTQECAAAAAAAAAAAAAAAAAHUOAAAxVFBLAQIUABQAAAAIAKBsSAUl1MGT+mcAAMFXTQECAAAAAAAAAAAAAAAAAJoOAAAxVVBLAQIUABQAAAAIAKBsSAXF7NoI1WcAAKFXTQECAAAAAAAAAAAAAAAAAL8OAAAxVlBLAQIUABQAAAAIAKBsSAUUx4Q+sGcAAIFXTQECAAAAAAAAAAAAAAAAAOQOAAAxV1BLAQIUABQAAAAIAKBsSAVOyWOri2cAAGFXTQECAAAAAAAAAAAAAAAAAAkPAAAxWFBLAQIUABQAAAAIAKBsSAUgDXWqZmcAAEFXTQECAAAAAAAAAAAAAAAAAC4PAAAxWVBLAQIUABQAAAAIAKBsSAWURmJXQWcAACFXTQECAAAAAAAAAAAAAAAAAFMPAAAxWlBLAQIUABQAAAAIAKBsSAXwMbHdHGcAAAFXTQECAAAAAAAAAAAAAAAAAHgPAAAyMFBLAQIUABQAAAAIAKBsSAV0AG4P92YAAOFWTQECAAAAAAAAAAAAAAAAAJ0PAAAyMVBLAQIUABQAAAAIAKBsSAWqhWks0mYAAMFWTQECAAAAAAAAAAAAAAAAAMIPAAAyMlBLAQIUABQAAAAIAKBsSAWuD0H5rWYAAKFWTQECAAAAAAAAAAAAAAAAAOcPAAAyM1BLAQIUABQAAAAIAKBsSAW8HvmEiGYAAIFWTQECAAAAAAAAAAAAAAAAAAwQAAAyNFBLAQIUABQAAAAIAKBsSAUumGpHY2YAAGFWTQECAAAAAAAAAAAAAAAAADEQAAAyNVBLAQIUABQAAAAIAKBsSAVffTACPmYAAEFWTQECAAAAAAAAAAAAAAAAAFYQAAAyNlBLAQIUABQAAAAIAKBsSAWsDcWuGWYAACFWTQECAAAAAAAAAAAAAAAAAHsQAAAyN1BLAQIUABQAAAAIAKBsSAU2HKxQ9GUAAAFWTQECAAAAAAAAAAAAAAAAAKAQAAAyOFBLAQIUABQAAAAIAKBsSAVzG2laz2UAAOFVTQECAAAAAAAAAAAAAAAAAMUQAAAyOVBLAQIUABQAAAAIAKBsSAWqd605qmUAAMFVTQECAAAAAAAAAAAAAAAAAOoQAAAyQVBLAQIUABQAAAAIAKBsSAUQ4GMChWUAAKFVTQECAAAAAAAAAAAAAAAAAA8RAAAyQlBLAQIUABQAAAAIAKBsSAWeEcvwYGUAAIFVTQECAAAAAAAAAAAAAAAAADQRAAAyQ1BLAQIUABQAAAAIAKBsSAUGtAbEO2UAAGFVTQECAAAAAAAAAAAAAAAAAFkRAAAyRFBLAQIUABQAAAAIAKBsSAVAktIxFmUAAEFVTQECAAAAAAAAAAAAAAAAAH4RAAAyRVBLAQIUABQAAAAIAKBsSAUZhUat8WQAACFVTQECAAAAAAAAAAAAAAAAAKMRAAAyRlBLAQIUABQAAAAIAKBsSAW9jhWuzGQAAAFVTQECAAAAAAAAAAAAAAAAAMgRAAAyR1BLAQIUABQAAAAIAKBsSAVgXduap2QAAOFUTQECAAAAAAAAAAAAAAAAAO0RAAAySFBLAQIUABQAAAAIAKBsSAXS/eo7gmQAAMFUTQECAAAAAAAAAAAAAAAAABISAAAySVBLAQIUABQAAAAIAKBsSAUxFInZXWQAAKFUTQECAAAAAAAAAAAAAAAAADcSAAAySlBLAQIUABQAAAAIAKBsSAXatmHkOGQAAIFUTQECAAAAAAAAAAAAAAAAAFwSAAAyS1BLAQIUABQAAAAIAKBsSAVWLXf3E2QAAGFUTQECAAAAAAAAAAAAAAAAAIESAAAyTFBLAQIUABQAAAAIAKBsSAXM6SWw7mMAAEFUTQECAAAAAAAAAAAAAAAAAKYSAAAyTVBLAQIUABQAAAAIAKBsSAVUUq3MyWMAACFUTQECAAAAAAAAAAAAAAAAAMsSAAAyTlBLAQIUABQAAAAIAKBsSAViWMYApGMAAAFUTQECAAAAAAAAAAAAAAAAAPASAAAyT1BLAQIUABQAAAAIAKBsSAVsG9URf2MAAOFTTQECAAAAAAAAAAAAAAAAABUTAAAyUFBLAQIUABQAAAAIAKBsSAUdJ33qWmMAAMFTTQECAAAAAAAAAAAAAAAAADoTAAAyUVBLAQIUABQAAAAIAKBsSAX/4s/XNWMAAKFTTQECAAAAAAAAAAAAAAAAAF8TAAAyUlBLAQIUABQAAAAIAKBsSAU9uv2bEGMAAIFTTQECAAAAAAAAAAAAAAAAAIQTAAAyU1BLAQIUABQAAAAIAKBsSAWWEeCV62IAAGFTTQECAAAAAAAAAAAAAAAAAKkTAAAyVFBLAQIUABQAAAAIAKBsSAUXBMYExmIAAEFTTQECAAAAAAAAAAAAAAAAAM4TAAAyVVBLAQIUABQAAAAIAKBsSAW9FcwooWIAACFTTQECAAAAAAAAAAAAAAAAAPMTAAAyVlBLAQIUABQAAAAIAKBsSAVg9k/7fGIAAAFTTQECAAAAAAAAAAAAAAAAABgUAAAyV1BLAQIUABQAAAAIAKBsSAVpQOHFV2IAAOFSTQECAAAAAAAAAAAAAAAAAD0UAAAyWFBLAQIUABQAAAAIAKBsSAVysNb1MmIAAMFSTQECAAAAAAAAAAAAAAAAAGIUAAAyWVBLAQIUABQAAAAIAKBsSAUe0qD7DWIAAKFSTQECAAAAAAAAAAAAAAAAAIcUAAAyWlBLAQIUABQAAAAIAKBsSAXRy9vi6GEAAIFSTQECAAAAAAAAAAAAAAAAAKwUAAAzMFBLAQIUABQAAAAIAKBsSAX5Lu51w2EAAGFSTQECAAAAAAAAAAAAAAAAANEUAAAzMVBLAQIUABQAAAAIAKBsSAUztMihnmEAAEFSTQECAAAAAAAAAAAAAAAAAPYUAAAzMlBLAQIUABQAAAAIAKBsSAW1we9aeWEAACFSTQECAAAAAAAAAAAAAAAAABsVAAAzM1BLAQIUABQAAAAIAKBsSAVAAlGdVGEAAAFSTQECAAAAAAAAAAAAAAAAAEAVAAAzNFBLAQIUABQAAAAIAKBsSAU50sQmL2EAAOFRTQECAAAAAAAAAAAAAAAAAGUVAAAzNVBLAQIUABQAAAAIAKBsSAX6dw0ICmEAAMFRTQECAAAAAAAAAAAAAAAAAIoVAAAzNlBLAQIUABQAAAAIAKBsSAXttLRr5WAAAKFRTQECAAAAAAAAAAAAAAAAAK8VAAAzN1BLAQIUABQAAAAIAKBsSAU2jxDTwGAAAIFRTQECAAAAAAAAAAAAAAAAANQVAAAzOFBLAQIUABQAAAAIAKBsSAVfglLMm2AAAGFRTQECAAAAAAAAAAAAAAAAAPkVAAAzOVBLAQIUABQAAAAIAKBsSAXXbcTJdmAAAEFRTQECAAAAAAAAAAAAAAAAAB4WAAAzQVBLAQIUABQAAAAIAKBsSAX2dXmKUWAAACFRTQECAAAAAAAAAAAAAAAAAEMWAAAzQlBLAQIUABQAAAAIAKBsSAW4cDHPLGAAAAFRTQECAAAAAAAAAAAAAAAAAGgWAAAzQ1BLAQIUABQAAAAIAKBsSAVVcMBAB2AAAOFQTQECAAAAAAAAAAAAAAAAAI0WAAAzRFBLAQIUABQAAAAIAKBsSAXsTwCz4l8AAMFQTQECAAAAAAAAAAAAAAAAALIWAAAzRVBLAQIUABQAAAAIAKBsSAUQnxKRvV8AAKFQTQECAAAAAAAAAAAAAAAAANcWAAAzRlBLAQIUABQAAAAIAKBsSAUrvKOImF8AAIFQTQECAAAAAAAAAAAAAAAAAPwWAAAzR1BLAQIUABQAAAAIAKBsSAVhnU3pc18AAGFQTQECAAAAAAAAAAAAAAAAACEXAAAzSFBLAQIUABQAAAAIAKBsSAXpOAIvTl8AAEFQTQECAAAAAAAAAAAAAAAAAEYXAAAzSVBLAQIUABQAAAAIAKBsSAV3FIzmKV8AACFQTQECAAAAAAAAAAAAAAAAAGsXAAAzSlBLAQIUABQAAAAIAKBsSAXQRQNsBF8AAAFQTQECAAAAAAAAAAAAAAAAAJAXAAAzS1BLAQIUABQAAAAIAKBsSAXxtOuu314AAOFPTQECAAAAAAAAAAAAAAAAALUXAAAzTFBLAQIUABQAAAAIAKBsSAXUoCdGul4AAMFPTQECAAAAAAAAAAAAAAAAANoXAAAzTVBLAQIUABQAAAAIAKBsSAVwUn3xlV4AAKFPTQECAAAAAAAAAAAAAAAAAP8XAAAzTlBLAQIUABQAAAAIAKBsSAVN3qTscF4AAIFPTQECAAAAAAAAAAAAAAAAACQYAAAzT1BLAQIUABQAAAAIAKBsSAUm9+u2S14AAGFPTQECAAAAAAAAAAAAAAAAAEkYAAAzUFBLAQIUABQAAAAIAKBsSAUA+M18Jl4AAEFPTQECAAAAAAAAAAAAAAAAAG4YAAAzUVBLAQIUABQAAAAIAKBsSAV/KPteAV4AACFPTQECAAAAAAAAAAAAAAAAAJMYAAAzUlBLAQIUABQAAAAIAKBsSAVSG5R63F0AAAFPTQECAAAAAAAAAAAAAAAAALgYAAAzU1BLAQIUABQAAAAIAKBsSAVn60k0t10AAOFOTQECAAAAAAAAAAAAAAAAAN0YAAAzVFBLAQIUABQAAAAIAKBsSAW/3R3Pkl0AAMFOTQECAAAAAAAAAAAAAAAAAAIZAAAzVVBLAQIUABQAAAAIAKBsSAXLslEqbV0AAKFOTQECAAAAAAAAAAAAAAAAACcZAAAzVlBLAQIUABQAAAAIAKBsSAW2BKjVSF0AAIFOTQECAAAAAAAAAAAAAAAAAEwZAAAzV1BLAQIUABQAAAAIAKBsSAUxAKfRI10AAGFOTQECAAAAAAAAAAAAAAAAAHEZAAAzWFBLAQIUABQAAAAIAKBsSAUejkpd/lwAAEFOTQECAAAAAAAAAAAAAAAAAJYZAAAzWVBLAQIUABQAAAAIAKBsSAX9Eciv2VwAACFOTQECAAAAAAAAAAAAAAAAALsZAAAzWlBLAQIUABQAAAAIAKBsSAVDaUeQtFwAAAFOTQECAAAAAAAAAAAAAAAAAOAZAAA0MFBLAQIUABQAAAAIAKBsSAXLCZVLj1wAAOFNTQECAAAAAAAAAAAAAAAAAAUaAAA0MVBLAQIUABQAAAAIAKBsSAWr0tCcalwAAMFNTQECAAAAAAAAAAAAAAAAACoaAAA0MlBLAQIUABQAAAAIAKBsSAUQGhjTRVwAAKFNTQECAAAAAAAAAAAAAAAAAE8aAAA0M1BLAQIUABQAAAAIAKBsSAWQtYbGIFwAAIFNTQECAAAAAAAAAAAAAAAAAHQaAAA0NFBLAQIUABQAAAAIAKBsSAXFmSwv+1sAAGFNTQECAAAAAAAAAAAAAAAAAJkaAAA0NVBLAQIUABQAAAAIAKBsSAW9MP5q1lsAAEFNTQECAAAAAAAAAAAAAAAAAL4aAAA0NlBLAQIUABQAAAAIAKBsSAVT6NSGsVsAACFNTQECAAAAAAAAAAAAAAAAAOMaAAA0N1BLAQIUABQAAAAIAKBsSAWtDV0+jFsAAAFNTQECAAAAAAAAAAAAAAAAAAgbAAA0OFBLAQIUABQAAAAIAKBsSAU66PiXZ1sAAOFMTQECAAAAAAAAAAAAAAAAAC0bAAA0OVBLAQIUABQAAAAIAKBsSAVuWz/qQlsAAMFMTQECAAAAAAAAAAAAAAAAAFIbAAA0QVBLAQIUABQAAAAIAKBsSAUpKm2XHVsAAKFMTQECAAAAAAAAAAAAAAAAAHcbAAA0QlBLAQIUABQAAAAIAKBsSAU1zFPG+FoAAIFMTQECAAAAAAAAAAAAAAAAAJwbAAA0Q1BLAQIUABQAAAAIAKBsSAWzHTU/01oAAGFMTQECAAAAAAAAAAAAAAAAAMEbAAA0RFBLAQIUABQAAAAIAKBsSAX3FpXmrloAAEFMTQECAAAAAAAAAAAAAAAAAOYbAAA0RVBLAQIUABQAAAAIAKBsSAWca8/0iVoAACFMTQECAAAAAAAAAAAAAAAAAAscAAA0RlBLAQIUABQAAAAIAKBsSAV99AeVZFoAAAFMTQECAAAAAAAAAAAAAAAAADAcAAA0R1BLAQIUABQAAAAIAKBsSAXgoY9KP1oAAOFLTQECAAAAAAAAAAAAAAAAAFUcAAA0SFBLAQIUABQAAAAIAKBsSAUY6xzCGloAAMFLTQECAAAAAAAAAAAAAAAAAHocAAA0SVBLAQIUABQAAAAIAKBsSAVEkVm89VkAAKFLTQECAAAAAAAAAAAAAAAAAJ8cAAA0SlBLAQIUABQAAAAIAKBsSAWU4s260FkAAIFLTQECAAAAAAAAAAAAAAAAAMQcAAA0S1BLAQIUABQAAAAIAKBsSAUWE4hxq1kAAGFLTQECAAAAAAAAAAAAAAAAAOkcAAA0TFBLAQIUABQAAAAIAKBsSAW/E/yihlkAAEFLTQECAAAAAAAAAAAAAAAAAA4dAAA0TVBLAQIUABQAAAAIAKBsSAVsOJNCYVkAACFLTQECAAAAAAAAAAAAAAAAADMdAAA0TlBLAQIUABQAAAAIAKBsSAVBwh2APFkAAAFLTQECAAAAAAAAAAAAAAAAAFgdAAA0T1BLAQIUABQAAAAIAKBsSAWoZblEF1kAAOFKTQECAAAAAAAAAAAAAAAAAH0dAAA0UFBLAQIUABQAAAAIAKBsSAUqV/+N8lgAAMFKTQECAAAAAAAAAAAAAAAAAKIdAAA0UVBLAQIUABQAAAAIAKBsSAVTVH2VzVgAAKFKTQECAAAAAAAAAAAAAAAAAMcdAAA0UlBLAQIUABQAAAAIAKBsSAU36Y4uqFgAAIFKTQECAAAAAAAAAAAAAAAAAOwdAAA0U1BLAQIUABQAAAAIAKBsSAW5sj6wg1gAAGFKTQECAAAAAAAAAAAAAAAAABEeAAA0VFBLAQIUABQAAAAIAKBsSAX1Bcm0XlgAAEFKTQECAAAAAAAAAAAAAAAAADYeAAA0VVBLAQIUABQAAAAIAKBsSAX7qezgOVgAACFKTQECAAAAAAAAAAAAAAAAAFseAAA0VlBLAQIUABQAAAAIAKBsSAVzNgx3FFgAAAFKTQECAAAAAAAAAAAAAAAAAIAeAAA0V1BLAQIUABQAAAAIAKBsSAXFZOly71cAAOFJTQECAAAAAAAAAAAAAAAAAKUeAAA0WFBLAQIUABQAAAAIAKBsSAWCe7YqylcAAMFJTQECAAAAAAAAAAAAAAAAAMoeAAA0WVBLAQIUABQAAAAIAKBsSAVD/s0QpVcAAKFJTQECAAAAAAAAAAAAAAAAAO8eAAA0WlBLAQIUABQAAAAIAKBsSAVqKh2PgFcAAIFJTQECAAAAAAAAAAAAAAAAABQfAAA1MFBLAQIUABQAAAAIAKBsSAXjrfCDW1cAAGFJTQECAAAAAAAAAAAAAAAAADkfAAA1MVBLAQIUABQAAAAIAKBsSAWFkLvjNlcAAEFJTQECAAAAAAAAAAAAAAAAAF4fAAA1MlBLAQIUABQAAAAIAKBsSAXnFNqnEVcAACFJTQECAAAAAAAAAAAAAAAAAIMfAAA1M1BLAQIUABQAAAAIAKBsSAXd3oPo7FYAAAFJTQECAAAAAAAAAAAAAAAAAKgfAAA1NFBLAQIUABQAAAAIAKBsSAX8Zm2Mx1YAAOFITQECAAAAAAAAAAAAAAAAAM0fAAA1NVBLAQIUABQAAAAIAKBsSAXtrUZwolYAAMFITQECAAAAAAAAAAAAAAAAAPIfAAA1NlBLAQIUABQAAAAIAKBsSAWdaDCafVYAAKFITQECAAAAAAAAAAAAAAAAABcgAAA1N1BLAQIUABQAAAAIAKBsSAXWzWSRWFYAAIFITQECAAAAAAAAAAAAAAAAADwgAAA1OFBLAQIUABQAAAAIAKBsSAWZ5obpM1YAAGFITQECAAAAAAAAAAAAAAAAAGEgAAA1OVBLAQIUABQAAAAIAKBsSAW2/4JCDlYAAEFITQECAAAAAAAAAAAAAAAAAIYgAAA1QVBLAQIUABQAAAAIAKBsSAXBUtcr6VUAACFITQECAAAAAAAAAAAAAAAAAKsgAAA1QlBLAQIUABQAAAAIAKBsSAUZDSnLxFUAAAFITQECAAAAAAAAAAAAAAAAANAgAAA1Q1BLAQIUABQAAAAIAKBsSAWqB9Ern1UAAOFHTQECAAAAAAAAAAAAAAAAAPUgAAA1RFBLAQIUABQAAAAIAKBsSAVdNI+telUAAMFHTQECAAAAAAAAAAAAAAAAABohAAA1RVBLAQIUABQAAAAIAKBsSAW39DvIVVUAAKFHTQECAAAAAAAAAAAAAAAAAD8hAAA1RlBLAQIUABQAAAAIAKBsSAXqTu1jMFUAAIFHTQECAAAAAAAAAAAAAAAAAGQhAAA1R1BLAQIUABQAAAAIAKBsSAW32Zk/C1UAAGFHTQECAAAAAAAAAAAAAAAAAIkhAAA1SFBLAQIUABQAAAAIAKBsSAWa7BPv5lQAAEFHTQECAAAAAAAAAAAAAAAAAK4hAAA1SVBLAQIUABQAAAAIAKBsSAV+lA7xwVQAACFHTQECAAAAAAAAAAAAAAAAANMhAAA1SlBLAQIUABQAAAAIAKBsSAUImdD3nFQAAAFHTQECAAAAAAAAAAAAAAAAAPghAAA1S1BLAQIUABQAAAAIAKBsSAWOFLJid1QAAOFGTQECAAAAAAAAAAAAAAAAAB0iAAA1TFBLAQIUABQAAAAIAKBsSAWhMQOmUlQAAMFGTQECAAAAAAAAAAAAAAAAAEIiAAA1TVBLAQIUABQAAAAIAKBsSAWKU6TNLVQAAKFGTQECAAAAAAAAAAAAAAAAAGciAAA1TlBLAQIUABQAAAAIAKBsSAWdDunfCFQAAIFGTQECAAAAAAAAAAAAAAAAAIwiAAA1T1BLAQIUABQAAAAIAKBsSAUbDUmq41MAAGFGTQECAAAAAAAAAAAAAAAAALEiAAA1UFBLAQIUABQAAAAIAKBsSAVrA0d6vlMAAEFGTQECAAAAAAAAAAAAAAAAANYiAAA1UVBLAQIUABQAAAAIAKBsSAXKMLSlmVMAACFGTQECAAAAAAAAAAAAAAAAAPsiAAA1UlBLAQIUABQAAAAIAKBsSAUsXrlKdFMAAAFGTQECAAAAAAAAAAAAAAAAACAjAAA1U1BLAQIUABQAAAAIAKBsSAXzHgf8T1MAAOFFTQECAAAAAAAAAAAAAAAAAEUjAAA1VFBLAQIUABQAAAAIAKBsSAVPb4yKKlMAAMFFTQECAAAAAAAAAAAAAAAAAGojAAA1VVBLAQIUABQAAAAIAKBsSAXLP36TBVMAAKFFTQECAAAAAAAAAAAAAAAAAI8jAAA1VlBLAQIUABQAAAAIAKBsSAX0LILx4FIAAIFFTQECAAAAAAAAAAAAAAAAALQjAAA1V1BLAQIUABQAAAAIAKBsSAVRuloXu1IAAGFFTQECAAAAAAAAAAAAAAAAANkjAAA1WFBLBQYAAAAA+gD6ALwuAAC0dgAAAAA=
\ No newline at end of file

From be482956d2ac968cf9aa3800f079c4a85c3a6ffe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Apr 2025 10:03:03 +0800
Subject: [PATCH 32/35] build(deps): Bump golang.org/x/net from 0.37.0 to
 0.38.0 in /test/e2e (#1258)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 test/e2e/go.mod | 2 +-
 test/e2e/go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index 10f452f3e..1285d0f34 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	go.uber.org/automaxprocs v1.6.0 // indirect
 	golang.org/x/crypto v0.36.0 // indirect
-	golang.org/x/net v0.37.0 // indirect
+	golang.org/x/net v0.38.0 // indirect
 	golang.org/x/sync v0.12.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index e5ff9ced4..63cf3555d 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -55,8 +55,8 @@ go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
 go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
 golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=

From 59edf287083c5912ce8cc1420c1e9b35c0dffc48 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Apr 2025 10:46:40 +0800
Subject: [PATCH 33/35] build(deps): Bump codecov/codecov-action from 5.4.0 to
 5.4.2 (#1264)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
5.4.0 to 5.4.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.4.2</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: hotfix oidc by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1813">codecov/codecov-action#1813</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.1...v5.4.2">https://github.com/codecov/codecov-action/compare/v5.4.1...v5.4.2</a></p>
<h2>v5.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1786">codecov/codecov-action#1786</a></li>
<li>chore(release): wrapper -0.2.1 by <a
href="https://github.com/codecov-releaser-app"><code>@​codecov-releaser-app</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1788">codecov/codecov-action#1788</a></li>
<li>build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1798">codecov/codecov-action#1798</a></li>
<li>build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1797">codecov/codecov-action#1797</a></li>
<li>build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1803">codecov/codecov-action#1803</a></li>
<li>fix: use the github core methods by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1807">codecov/codecov-action#1807</a></li>
<li>chore(release): 5.4.1 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1810">codecov/codecov-action#1810</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.0...v5.4.1">https://github.com/codecov/codecov-action/compare/v5.4.0...v5.4.1</a></p>
<h2>v5.4.1-beta</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1786">codecov/codecov-action#1786</a></li>
<li>chore(release): wrapper -0.2.1 by <a
href="https://github.com/codecov-releaser-app"><code>@​codecov-releaser-app</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1788">codecov/codecov-action#1788</a></li>
<li>build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1798">codecov/codecov-action#1798</a></li>
<li>build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1797">codecov/codecov-action#1797</a></li>
<li>build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1803">codecov/codecov-action#1803</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.0...v5.4.1-beta">https://github.com/codecov/codecov-action/compare/v5.4.0...v5.4.1-beta</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>v5.4.2</h2>
<h3>What's Changed</h3>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2">https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2</a></p>
<h2>v5.4.1</h2>
<h3>What's Changed</h3>
<ul>
<li>fix: use the github core methods by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1807">codecov/codecov-action#1807</a></li>
<li>build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1803">codecov/codecov-action#1803</a></li>
<li>build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1797">codecov/codecov-action#1797</a></li>
<li>build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1798">codecov/codecov-action#1798</a></li>
<li>chore(release): wrapper -0.2.1 by
<code>@​app/codecov-releaser-app</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1788">codecov/codecov-action#1788</a></li>
<li>build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1786">codecov/codecov-action#1786</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1">https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1</a></p>
<h2>v5.4.0</h2>
<h3>What's Changed</h3>
<ul>
<li>update wrapper submodule to 0.2.0, add recurse_submodules arg by <a
href="https://github.com/matt-codecov"><code>@​matt-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1780">codecov/codecov-action#1780</a></li>
<li>build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1775">codecov/codecov-action#1775</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1776">codecov/codecov-action#1776</a></li>
<li>build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1777">codecov/codecov-action#1777</a></li>
<li>Clarify in README that <code>use_pypi</code> bypasses integrity
checks too by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1773">codecov/codecov-action#1773</a></li>
<li>Fix use of safe.directory inside containers by <a
href="https://github.com/Flamefire"><code>@​Flamefire</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1768">codecov/codecov-action#1768</a></li>
<li>Fix description for report_type input by <a
href="https://github.com/craigscott-crascit"><code>@​craigscott-crascit</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1770">codecov/codecov-action#1770</a></li>
<li>build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1765">codecov/codecov-action#1765</a></li>
<li>Fix a typo in the example by <a
href="https://github.com/miranska"><code>@​miranska</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1758">codecov/codecov-action#1758</a></li>
<li>build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1757">codecov/codecov-action#1757</a></li>
<li>build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1753">codecov/codecov-action#1753</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0">https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0</a></p>
<h2>v5.3.1</h2>
<h3>What's Changed</h3>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1">https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1</a></p>
<h2>v5.3.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/codecov/codecov-action/commit/ad3126e916f78f00edff4ed0317cf185271ccc2d"><code>ad3126e</code></a>
fix: hotfix oidc (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1813">#1813</a>)</li>
<li><a
href="https://github.com/codecov/codecov-action/commit/cf3f51a67d2820f7a7cefa0831889fbbef41ca57"><code>cf3f51a</code></a>
chore(release): 5.4.1 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1810">#1810</a>)</li>
<li><a
href="https://github.com/codecov/codecov-action/commit/e4cdaba82f2510a623b98430c48d84b0d8764a4f"><code>e4cdaba</code></a>
fix: use the github core methods (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1807">#1807</a>)</li>
<li><a
href="https://github.com/codecov/codecov-action/commit/f95a404f9265da16dee374e6e9dcb76d3eee88b1"><code>f95a404</code></a>
build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1803">#1803</a>)</li>
<li><a
href="https://github.com/codecov/codecov-action/commit/ea99328d1c4d5f39fda7cbffe104afd6906c50b0"><code>ea99328</code></a>
build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1797">#1797</a>)</li>
<li><a
href="https://github.com/codecov/codecov-action/commit/13d0469d01f6a59fcfbc75f685ac31aa0cae3aef"><code>13d0469</code></a>
build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1798">#1798</a>)</li>
<li><a
href="https://github.com/codecov/codecov-action/commit/3440e5ef70c638a9f44602a80ab017feee1309fe"><code>3440e5e</code></a>
chore(release): wrapper -0.2.1 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1788">#1788</a>)</li>
<li><a
href="https://github.com/codecov/codecov-action/commit/cd4e7cf31ae2a4bcefb694e31a62869ebbd161af"><code>cd4e7cf</code></a>
build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1786">#1786</a>)</li>
<li>See full diff in <a
href="https://github.com/codecov/codecov-action/compare/0565863a31f2c772f9f0395002a31e3f06189574...ad3126e916f78f00edff4ed0317cf185271ccc2d">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=5.4.0&new-version=5.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 7e6ec8782..9d13a0b71 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -59,6 +59,6 @@ jobs:
             make e2e-covdata
           fi
       - name: Upload coverage to codecov.io
-        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

From f1351b39fc74ec603d64195d10a20031f2cdef5b Mon Sep 17 00:00:00 2001
From: Patrick Zheng <patrickzheng@microsoft.com>
Date: Wed, 23 Apr 2025 13:13:46 +0800
Subject: [PATCH 34/35] bump: bump up dependencies (#1266)

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 go.mod                                        | 12 +++---
 go.sum                                        | 25 +++++--------
 test/e2e/go.mod                               | 15 +++-----
 test/e2e/go.sum                               | 37 ++++++-------------
 test/e2e/plugin/go.mod                        | 10 ++---
 test/e2e/plugin/go.sum                        | 16 ++++----
 .../suite/trustpolicy/verification_level.go   |  6 +--
 7 files changed, 49 insertions(+), 72 deletions(-)

diff --git a/go.mod b/go.mod
index d998375d5..bc636a57e 100644
--- a/go.mod
+++ b/go.mod
@@ -3,10 +3,10 @@ module github.com/notaryproject/notation
 go 1.23.0
 
 require (
-	github.com/notaryproject/notation-core-go v1.2.0
+	github.com/notaryproject/notation-core-go v1.3.0
 	github.com/notaryproject/notation-go v1.3.1
-  github.com/notaryproject/notation-plugin-framework-go v1.0.0
-	github.com/notaryproject/tspclient-go v1.0.0
+	github.com/notaryproject/notation-plugin-framework-go v1.0.0
+	github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/sirupsen/logrus v1.9.3
@@ -18,7 +18,7 @@ require (
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
 	github.com/go-ldap/ldap/v3 v3.4.10 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
@@ -26,8 +26,8 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/veraison/go-cose v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/crypto v0.33.0 // indirect
-	golang.org/x/mod v0.23.0 // indirect
+	golang.org/x/crypto v0.37.0 // indirect
+	golang.org/x/mod v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
 )
diff --git a/go.sum b/go.sum
index a7fd1a327..abfc0e88c 100644
--- a/go.sum
+++ b/go.sum
@@ -6,8 +6,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6N
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
-github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/go-asn1-ber/asn1-ber v1.5.7 h1:DTX+lbVTWaTw1hQ+PbZPlnDZPEIs0SS/GCZAl535dDk=
 github.com/go-asn1-ber/asn1-ber v1.5.7/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.10 h1:ot/iwPOhfpNVgB1o+AVXljizWZ9JTp7YF5oeyONmcJU=
@@ -36,19 +36,14 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/notaryproject/notation-core-go v1.2.0 h1:WElMG9X0YXJhBd0A4VOxLNalTLrTjvqtIAj7JHr5X08=
-github.com/notaryproject/notation-core-go v1.2.0/go.mod h1:+y3L1dOs2/ZwJIU5Imo7BBvZ/M3CFjXkydGGdK09EtA=
-<<<<<<< HEAD
+github.com/notaryproject/notation-core-go v1.3.0 h1:mWJaw1QBpBxpjLSiKOjzbZvB+xh2Abzk14FHWQ+9Kfs=
+github.com/notaryproject/notation-core-go v1.3.0/go.mod h1:hzvEOit5lXfNATGNBT8UQRx2J6Fiw/dq/78TQL8aE64=
 github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAylOKoFjTd6o=
 github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
-=======
-github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604 h1:uw65pHgN+NXAqHssmlRJUkcl515AQgMIOdC6tbBHHXE=
-github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604/go.mod h1:NXYZyzIawUSyv+C0Gs8bBYJ1q8a1gy78GEss8fPNZmY=
->>>>>>> b7a2f0c (fix: plugin error message (#1217))
 github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
 github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics=
-github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1SDX8YNv4Dg4=
-github.com/notaryproject/tspclient-go v1.0.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
+github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 h1:Ay72jBeHKqBFk6TbJWywfwzefN3Ei7Py2OzCiWU/7nk=
+github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01/go.mod h1:3ZJPmpmdwufY23BkS+JPNktOVb5DXJ8Ik5zxvN7h670=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -83,15 +78,15 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
-golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
-golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index 1285d0f34..701083f01 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -3,7 +3,7 @@ module github.com/notaryproject/notation/test/e2e
 go 1.23.0
 
 require (
-	github.com/notaryproject/notation-core-go v1.2.0
+	github.com/notaryproject/notation-core-go v1.3.0
 	github.com/notaryproject/notation-go v1.3.1
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
@@ -12,26 +12,21 @@ require (
 )
 
 require (
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-<<<<<<< HEAD
-	github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
-	github.com/notaryproject/tspclient-go v1.0.0 // indirect
-=======
 	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
 	github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 // indirect
->>>>>>> 2af2853 (build(deps): Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 in /test/e2e (#1252))
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/veraison/go-cose v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.uber.org/automaxprocs v1.6.0 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
+	golang.org/x/crypto v0.37.0 // indirect
 	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sync v0.12.0 // indirect
+	golang.org/x/sync v0.13.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
 	golang.org/x/tools v0.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index 63cf3555d..008dcf481 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -1,40 +1,27 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
-github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-<<<<<<< HEAD
-github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
-github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
-github.com/notaryproject/notation-core-go v1.2.0 h1:WElMG9X0YXJhBd0A4VOxLNalTLrTjvqtIAj7JHr5X08=
-github.com/notaryproject/notation-core-go v1.2.0/go.mod h1:+y3L1dOs2/ZwJIU5Imo7BBvZ/M3CFjXkydGGdK09EtA=
-github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAylOKoFjTd6o=
-github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
-github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1SDX8YNv4Dg4=
-github.com/notaryproject/tspclient-go v1.0.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
-github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
-github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
-=======
 github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
 github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/notaryproject/notation-core-go v1.2.1-0.20250325094510-4d7353253409 h1:UakQ5ASMDmDVWyRvVnl2h5ecjABvakCIJmJQgGsio/E=
-github.com/notaryproject/notation-core-go v1.2.1-0.20250325094510-4d7353253409/go.mod h1:w2jtfaWSn3w+x86o2AaWiImyXH18+u2ohLVaHW1tAs8=
-github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250325093958-3bd0ac92b2ba h1:UlkFxK3IUPoV9OHyEV6Z6qzVJSgTPavE1fwnMIc1WsI=
-github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250325093958-3bd0ac92b2ba/go.mod h1:M2qB0+yI2KlpdBo66ZfSti3jvCVYYS+jIsdaj8M2fac=
+github.com/notaryproject/notation-core-go v1.3.0 h1:mWJaw1QBpBxpjLSiKOjzbZvB+xh2Abzk14FHWQ+9Kfs=
+github.com/notaryproject/notation-core-go v1.3.0/go.mod h1:hzvEOit5lXfNATGNBT8UQRx2J6Fiw/dq/78TQL8aE64=
+github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAylOKoFjTd6o=
+github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
 github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 h1:Ay72jBeHKqBFk6TbJWywfwzefN3Ei7Py2OzCiWU/7nk=
 github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01/go.mod h1:3ZJPmpmdwufY23BkS+JPNktOVb5DXJ8Ik5zxvN7h670=
 github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
 github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
->>>>>>> 2af2853 (build(deps): Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 in /test/e2e (#1252))
 github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
 github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -53,16 +40,16 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
 go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
 golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
 golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
 golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
 google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
diff --git a/test/e2e/plugin/go.mod b/test/e2e/plugin/go.mod
index 24a218b48..09b5656c9 100644
--- a/test/e2e/plugin/go.mod
+++ b/test/e2e/plugin/go.mod
@@ -1,10 +1,10 @@
 module github.com/notaryproject/notation/test/e2e/plugin
 
-go 1.23
+go 1.23.0
 
 require (
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/notaryproject/notation-core-go v1.2.0
+	github.com/notaryproject/notation-core-go v1.3.0
 	github.com/notaryproject/notation-go v1.3.1
 	github.com/notaryproject/notation-plugin-framework-go v1.0.0
 	github.com/spf13/cobra v1.9.1
@@ -12,7 +12,7 @@ require (
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
 	github.com/go-ldap/ldap/v3 v3.4.10 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
@@ -24,8 +24,8 @@ require (
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/veraison/go-cose v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/crypto v0.33.0 // indirect
-	golang.org/x/mod v0.23.0 // indirect
+	golang.org/x/crypto v0.37.0 // indirect
+	golang.org/x/mod v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	oras.land/oras-go/v2 v2.5.0 // indirect
 )
diff --git a/test/e2e/plugin/go.sum b/test/e2e/plugin/go.sum
index 9bef4c963..ff806dc28 100644
--- a/test/e2e/plugin/go.sum
+++ b/test/e2e/plugin/go.sum
@@ -6,8 +6,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6N
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
-github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/go-asn1-ber/asn1-ber v1.5.7 h1:DTX+lbVTWaTw1hQ+PbZPlnDZPEIs0SS/GCZAl535dDk=
 github.com/go-asn1-ber/asn1-ber v1.5.7/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.10 h1:ot/iwPOhfpNVgB1o+AVXljizWZ9JTp7YF5oeyONmcJU=
@@ -38,8 +38,8 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/notaryproject/notation-core-go v1.2.0 h1:WElMG9X0YXJhBd0A4VOxLNalTLrTjvqtIAj7JHr5X08=
-github.com/notaryproject/notation-core-go v1.2.0/go.mod h1:+y3L1dOs2/ZwJIU5Imo7BBvZ/M3CFjXkydGGdK09EtA=
+github.com/notaryproject/notation-core-go v1.3.0 h1:mWJaw1QBpBxpjLSiKOjzbZvB+xh2Abzk14FHWQ+9Kfs=
+github.com/notaryproject/notation-core-go v1.3.0/go.mod h1:hzvEOit5lXfNATGNBT8UQRx2J6Fiw/dq/78TQL8aE64=
 github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAylOKoFjTd6o=
 github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
 github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
@@ -77,15 +77,15 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
-golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
-golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
diff --git a/test/e2e/suite/trustpolicy/verification_level.go b/test/e2e/suite/trustpolicy/verification_level.go
index 3f6c1197c..a383b6677 100644
--- a/test/e2e/suite/trustpolicy/verification_level.go
+++ b/test/e2e/suite/trustpolicy/verification_level.go
@@ -174,7 +174,7 @@ var _ = Describe("notation trust policy verification level test", func() {
 
 			notation.Exec("verify", artifact.ReferenceWithDigest(), "-v").
 				MatchErrKeyWords("Warning: authenticity was set to \"log\"",
-					"signature is not produced by a trusted signer").
+					"the signature's certificate chain does not contain any trusted certificate").
 				MatchKeyWords(VerifySuccessfully)
 		})
 	})
@@ -244,7 +244,7 @@ var _ = Describe("notation trust policy verification level test", func() {
 
 			notation.Exec("verify", artifact.ReferenceWithDigest(), "-v").
 				MatchErrKeyWords("Warning: authenticity was set to \"log\"",
-					"signature is not produced by a trusted signer").
+					"the signature's certificate chain does not contain any trusted certificate").
 				MatchKeyWords(VerifySuccessfully)
 		})
 	})
@@ -289,7 +289,7 @@ var _ = Describe("notation trust policy verification level test", func() {
 
 			notation.Exec("verify", artifact.ReferenceWithDigest(), "-v").
 				MatchErrKeyWords("Warning: authenticity was set to \"log\"",
-					"signature is not produced by a trusted signer").
+					"the signature's certificate chain does not contain any trusted certificate").
 				MatchKeyWords(VerifySuccessfully)
 		})
 	})

From dfb0e93ec601c90b684c62854e7fa99f97205572 Mon Sep 17 00:00:00 2001
From: Patrick Zheng <patrickzheng@microsoft.com>
Date: Wed, 23 Apr 2025 14:34:08 +0800
Subject: [PATCH 35/35] bump up dependencies

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 go.mod                 |  2 +-
 go.sum                 |  4 ++--
 test/e2e/go.mod        |  2 +-
 test/e2e/go.sum        |  4 ++--
 test/e2e/plugin/go.mod |  6 +++---
 test/e2e/plugin/go.sum | 12 ++++++------
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index bc636a57e..c2b5f841f 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.23.0
 
 require (
 	github.com/notaryproject/notation-core-go v1.3.0
-	github.com/notaryproject/notation-go v1.3.1
+	github.com/notaryproject/notation-go v1.3.2
 	github.com/notaryproject/notation-plugin-framework-go v1.0.0
 	github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01
 	github.com/opencontainers/go-digest v1.0.0
diff --git a/go.sum b/go.sum
index abfc0e88c..4727de990 100644
--- a/go.sum
+++ b/go.sum
@@ -38,8 +38,8 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/notaryproject/notation-core-go v1.3.0 h1:mWJaw1QBpBxpjLSiKOjzbZvB+xh2Abzk14FHWQ+9Kfs=
 github.com/notaryproject/notation-core-go v1.3.0/go.mod h1:hzvEOit5lXfNATGNBT8UQRx2J6Fiw/dq/78TQL8aE64=
-github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAylOKoFjTd6o=
-github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
+github.com/notaryproject/notation-go v1.3.2 h1:4223iLXOHhEV7ZPzIUJEwwMkhlgzoYFCsMJvSH1Chb8=
+github.com/notaryproject/notation-go v1.3.2/go.mod h1:/1kuq5WuLF6Gaer5re0Z6HlkQRlKYO4EbWWT/L7J1Uw=
 github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
 github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics=
 github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 h1:Ay72jBeHKqBFk6TbJWywfwzefN3Ei7Py2OzCiWU/7nk=
diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index 701083f01..5ec245654 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -4,7 +4,7 @@ go 1.23.0
 
 require (
 	github.com/notaryproject/notation-core-go v1.3.0
-	github.com/notaryproject/notation-go v1.3.1
+	github.com/notaryproject/notation-go v1.3.2
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
 	github.com/opencontainers/image-spec v1.1.1
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index 008dcf481..9a11a48af 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -16,8 +16,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/notaryproject/notation-core-go v1.3.0 h1:mWJaw1QBpBxpjLSiKOjzbZvB+xh2Abzk14FHWQ+9Kfs=
 github.com/notaryproject/notation-core-go v1.3.0/go.mod h1:hzvEOit5lXfNATGNBT8UQRx2J6Fiw/dq/78TQL8aE64=
-github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAylOKoFjTd6o=
-github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
+github.com/notaryproject/notation-go v1.3.2 h1:4223iLXOHhEV7ZPzIUJEwwMkhlgzoYFCsMJvSH1Chb8=
+github.com/notaryproject/notation-go v1.3.2/go.mod h1:/1kuq5WuLF6Gaer5re0Z6HlkQRlKYO4EbWWT/L7J1Uw=
 github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 h1:Ay72jBeHKqBFk6TbJWywfwzefN3Ei7Py2OzCiWU/7nk=
 github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01/go.mod h1:3ZJPmpmdwufY23BkS+JPNktOVb5DXJ8Ik5zxvN7h670=
 github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
diff --git a/test/e2e/plugin/go.mod b/test/e2e/plugin/go.mod
index 09b5656c9..1f1d351d5 100644
--- a/test/e2e/plugin/go.mod
+++ b/test/e2e/plugin/go.mod
@@ -5,7 +5,7 @@ go 1.23.0
 require (
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/notaryproject/notation-core-go v1.3.0
-	github.com/notaryproject/notation-go v1.3.1
+	github.com/notaryproject/notation-go v1.3.2
 	github.com/notaryproject/notation-plugin-framework-go v1.0.0
 	github.com/spf13/cobra v1.9.1
 )
@@ -18,9 +18,9 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/notaryproject/tspclient-go v1.0.0 // indirect
+	github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/veraison/go-cose v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
diff --git a/test/e2e/plugin/go.sum b/test/e2e/plugin/go.sum
index ff806dc28..3d81726c5 100644
--- a/test/e2e/plugin/go.sum
+++ b/test/e2e/plugin/go.sum
@@ -40,16 +40,16 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/notaryproject/notation-core-go v1.3.0 h1:mWJaw1QBpBxpjLSiKOjzbZvB+xh2Abzk14FHWQ+9Kfs=
 github.com/notaryproject/notation-core-go v1.3.0/go.mod h1:hzvEOit5lXfNATGNBT8UQRx2J6Fiw/dq/78TQL8aE64=
-github.com/notaryproject/notation-go v1.3.1 h1:JLJ9HiwMwPAFNkJEBkF8iBdNazdEKrGAylOKoFjTd6o=
-github.com/notaryproject/notation-go v1.3.1/go.mod h1:Qytzn2v8nYkA9G44fbXKh1Tnvz8ONmod2Tgtkrl5zYc=
+github.com/notaryproject/notation-go v1.3.2 h1:4223iLXOHhEV7ZPzIUJEwwMkhlgzoYFCsMJvSH1Chb8=
+github.com/notaryproject/notation-go v1.3.2/go.mod h1:/1kuq5WuLF6Gaer5re0Z6HlkQRlKYO4EbWWT/L7J1Uw=
 github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
 github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics=
-github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1SDX8YNv4Dg4=
-github.com/notaryproject/tspclient-go v1.0.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
+github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 h1:Ay72jBeHKqBFk6TbJWywfwzefN3Ei7Py2OzCiWU/7nk=
+github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01/go.mod h1:3ZJPmpmdwufY23BkS+JPNktOVb5DXJ8Ik5zxvN7h670=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
-github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
+github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=