Skip to content

Update module github.com/sigstore/cosign/v2 to v2.6.2 [SECURITY] (main) #3074

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 2 commits into
base: main
Choose a base branch
from
+972 −1,039
Open

Update module github.com/sigstore/cosign/v2 to v2.6.2 [SECURITY] (main) #3074

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ea81a15
Update module github.com/sigstore/cosign/v2 to v2.6.2 [SECURITY]
renovate[bot] Feb 2, 2026
a4f0d22
Fix compatibility with cosign v2.6.2 and resolve linting errors
dheerajodha Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion acceptance/crypto/keys.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ func SignerWithKey(ctx context.Context, keyName string) (signature.SignerVerifie
return nil, err
}

return cosign.LoadPrivateKey(key.PrivateBytes, key.Password())
return cosign.LoadPrivateKey(key.PrivateBytes, key.Password(), nil)
}

// PublicKeysFrom returns a map of all public keys encoded in PEM format
Expand Down
163 changes: 82 additions & 81 deletions acceptance/go.mod
View file
Open in desktop

Large diffs are not rendered by default.

742 changes: 320 additions & 422 deletions acceptance/go.sum
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion cmd/inspect/inspect_policy_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ package inspect

import (
"bytes"
"context"
"fmt"
"testing"

Expand All @@ -29,7 +30,6 @@ import (
"github.com/spf13/cobra"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"golang.org/x/net/context"

"github.com/conforma/cli/cmd/root"
"github.com/conforma/cli/internal/policy/source"
Expand Down
10 changes: 5 additions & 5 deletions cmd/validate/image_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1438,7 +1438,7 @@ func TestValidateImageCommand_VSAUpload_Success(t *testing.T) {
originalLoadPrivateKey := vsa.LoadPrivateKey
defer func() { vsa.LoadPrivateKey = originalLoadPrivateKey }()

vsa.LoadPrivateKey = func(keyBytes, password []byte) (signature.SignerVerifier, error) {
vsa.LoadPrivateKey = func(keyBytes, password []byte, defaultLoadOptions *[]signature.LoadOption) (signature.SignerVerifier, error) {
return &simpleFakeSigner{}, nil
}

Expand Down Expand Up @@ -1499,7 +1499,7 @@ func TestValidateImageCommand_VSAUpload_NoStorageBackends(t *testing.T) {
originalLoadPrivateKey := vsa.LoadPrivateKey
defer func() { vsa.LoadPrivateKey = originalLoadPrivateKey }()

vsa.LoadPrivateKey = func(keyBytes, password []byte) (signature.SignerVerifier, error) {
vsa.LoadPrivateKey = func(keyBytes, password []byte, defaultLoadOptions *[]signature.LoadOption) (signature.SignerVerifier, error) {
return &simpleFakeSigner{}, nil
}

Expand Down Expand Up @@ -1643,7 +1643,7 @@ func TestValidateImageCommand_VSAFormat_DSSE(t *testing.T) {
originalLoadPrivateKey := vsa.LoadPrivateKey
defer func() { vsa.LoadPrivateKey = originalLoadPrivateKey }()

vsa.LoadPrivateKey = func(keyBytes, password []byte) (signature.SignerVerifier, error) {
vsa.LoadPrivateKey = func(keyBytes, password []byte, defaultLoadOptions *[]signature.LoadOption) (signature.SignerVerifier, error) {
return &simpleFakeSigner{}, nil
}

Expand Down Expand Up @@ -1992,7 +1992,7 @@ func TestGenerateVSAsDSSE_Errors(t *testing.T) {
originalLoadPrivateKey := vsa.LoadPrivateKey
defer func() { vsa.LoadPrivateKey = originalLoadPrivateKey }()

vsa.LoadPrivateKey = func(keyBytes, password []byte) (signature.SignerVerifier, error) {
vsa.LoadPrivateKey = func(keyBytes, password []byte, defaultLoadOptions *[]signature.LoadOption) (signature.SignerVerifier, error) {
return &simpleFakeSigner{}, nil
}

Expand Down Expand Up @@ -2118,7 +2118,7 @@ func TestVSAGeneration_WithOutputDir(t *testing.T) {
originalLoadPrivateKey := vsa.LoadPrivateKey
defer func() { vsa.LoadPrivateKey = originalLoadPrivateKey }()

vsa.LoadPrivateKey = func(keyBytes, password []byte) (signature.SignerVerifier, error) {
vsa.LoadPrivateKey = func(keyBytes, password []byte, defaultLoadOptions *[]signature.LoadOption) (signature.SignerVerifier, error) {
return &simpleFakeSigner{}, nil
}

Expand Down
299 changes: 157 additions & 142 deletions go.mod
View file
Open in desktop

Large diffs are not rendered by default.

783 changes: 400 additions & 383 deletions go.sum
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 4 additions & 2 deletions internal/validate/vsa/attest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,9 @@ const (
)

// LoadPrivateKey is aliased to allow easy testing.
var LoadPrivateKey = cosign.LoadPrivateKey
var LoadPrivateKey = func(key, pass []byte, defaultLoadOptions *[]signature.LoadOption) (signature.SignerVerifier, error) {
return cosign.LoadPrivateKey(key, pass, defaultLoadOptions)
}

type Attestor struct {
PredicatePath string // path to the raw VSA (predicate) JSON
Expand Down Expand Up @@ -71,7 +73,7 @@ func NewSigner(ctx context.Context, keyRef string, fs afero.Fs) (*Signer, error)
return nil, fmt.Errorf("resolve private key password: %w", err)
}

signerVerifier, err := LoadPrivateKey(keyBytes, password)
signerVerifier, err := LoadPrivateKey(keyBytes, password, nil)
if err != nil {
return nil, fmt.Errorf("load private key %q: %w", keyRef, err)
}
Expand Down
4 changes: 2 additions & 2 deletions internal/validate/vsa/attest_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ func TestNewSigner(t *testing.T) {
originalLoadPrivateKey := LoadPrivateKey
defer func() { LoadPrivateKey = originalLoadPrivateKey }()

LoadPrivateKey = func(keyBytes, password []byte) (signature.SignerVerifier, error) {
LoadPrivateKey = func(keyBytes, password []byte, defaultLoadOptions *[]signature.LoadOption) (signature.SignerVerifier, error) {
return &fakeSigner{}, nil
}

Expand Down Expand Up @@ -373,7 +373,7 @@ func TestNewSigner_Comprehensive(t *testing.T) {
originalLoadPrivateKey := LoadPrivateKey
defer func() { LoadPrivateKey = originalLoadPrivateKey }()

LoadPrivateKey = func(keyBytes, password []byte) (signature.SignerVerifier, error) {
LoadPrivateKey = func(keyBytes, password []byte, defaultLoadOptions *[]signature.LoadOption) (signature.SignerVerifier, error) {
return &fakeSigner{}, nil
}

Expand Down
Loading