Skip to content

Bump github.com/google/go-tpm-tools from 0.4.4 to 0.4.5 #719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
step-ci merged 1 commit into from
Mar 3, 2025
Merged

Bump github.com/google/go-tpm-tools from 0.4.4 to 0.4.5 #719

step-ci merged 1 commit into from
Mar 3, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 3, 2025

Bumps github.com/google/go-tpm-tools from 0.4.4 to 0.4.5.

Release notes

Sourced from github.com/google/go-tpm-tools's releases.

v0.4.5

Breaking Changes

Populate the SNP/TDX Machine State field with the verified SNP/TDX attestation data + use a stable COS image version #463

  • Removes verifyGceTechnology export Support health monitoring mode for NPD #479
  • Changes signature of spec.GetLaunchPolicy

New Features

Add event-log flag to cmd package #423 add custom nonce flag to cmd package token subcommand #451

Bug Fixes

Fix bug dropping CEL in launcher attestations #438 fix invalid check and restore workaround from #72 #435 Error message should return length of digest #436 [launcher] Fix a concurrent TPM access issue #434 Fix releaser.yaml and ci.yml file on macos #444 Refresh SA auth token in signaturediscovery client before fetching container image signatures #449 Fix an uint conversion #452 [launcher] Try to fix cloudbuild for launcher #458 Release lock if generating attestation returns error #475 Add mutex to failing client to prevent concurrent writes #494

Other Changes

Add PKI and LIMITED_AWS token types for VerifyAttestation. #430 Move verifier package to its own submodule #447 Delte files used for AUR packaging #457 Add version information and fix cloudbuild #455 Update go-sev-guest version and API use #445 Update typo in README.md #459 Add SEV-SNP policy for signed UEFI measurements #446 Update gce-tcb-verifier version. #468 [launcher] Optimize serial read in test #470 [launcher] Switch base image to 113 cos #467 Use confidentialcomputing api v1.6.0 to send SEVSNP attestation #472 Adding EV_EVENT_TAG support for PCR9 #471 Update gce-tcb-verifier dependency #485 remove duplicate error check #488 Log detailed errors if refreshing SA credential goes wrong #481 Use confidentialcomputing api v1.6.0 to send TDX attestation #477 Removed experiment flags that we would no longer consider rolling back #483 Add retry to container signature fetch in agent #489 Export function to extract and validate AK from server #492 Override /dev/shm size only when specified #493 Add tempfs experiment and gate mounting behind it #490 Instantiate backoff strategy per goroutine #496 Remove EnableSignedContainerCache + EnableMeasureMemoryMonitor from container launcher #498 Refactor CEL AppendEvent, to support RTMR #486 Change ParseCosCEL* to return an AttestedCosState #501 [launcher] launcher can expose IPv6 ports as well #505 Add the location of the service we are calling to the API error logs #506

... (truncated)

Commits
  • 09bf13f Update API version to include new principal tag token type and tokentype opti...
  • 3eedcbd Bump go-sev-guest to v0.12.1 (#527)
  • f667d4e Add client-side experiment for NPD Health Monitoring config (#525)
  • b249b7f Reduce NPD full config (#520)
  • ef8a29b Change container workload's default OOM Score (#522)
  • 545a4bc Apply retry logics in confidential computing API + workload image puller (#511)
  • 82b45ad Revert "[launcher] Merge upstream/tdx_rtmr (#513)" (#516)
  • ec4a9c1 Bump the go_modules group across 4 directories with 1 update (#514)
  • 4e8ff3e Bump the go_modules group across 3 directories with 1 update (#512)
  • 86a7e85 [launcher] Merge upstream/tdx_rtmr (#513)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/google/go-tpm-tools from 0.4.4 to 0.4.5
264eaa6 
Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) from 0.4.4 to 0.4.5.
- [Release notes](https://github.com/google/go-tpm-tools/releases)
- [Changelog](https://github.com/google/go-tpm-tools/blob/main/.goreleaser.yaml)
- [Commits](google/go-tpm-tools@v0.4.4...v0.4.5)

---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 3, 2025
@step-ci step-ci enabled auto-merge March 3, 2025 22:12
@step-ci step-ci merged commit f9fb24e into master Mar 3, 2025
14 checks passed
@step-ci step-ci deleted the dependabot/go_modules/github.com/google/go-tpm-tools-0.4.5 branch March 3, 2025 23:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hslatman hslatman hslatman approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code needs triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hslatman @step-ci