Update Info

openSUSE-2024-316

Recommended update for gh

Type: recommended
Severity: moderate
Issued: 2024-09-27
Description:
This update for gh fixes the following issues:

gh was updated to version 2.57.0:

  * Update go-gh to use api subdomains
  * Use api subdomains for commands using ghinstance package
  * Add test for extension install fallback to amd64 on darwin
  * suppress att verify output when no tty
  * add att verify test for custom OIDC issuer
  * build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2
  * Suggest installing Rosetta when extension installation fails due to missing `darwin-arm64` binary, but a `darwin-amd64` binary is available
  * This commit introduces tenancy aware attestation policy building.
  * use sigstore-go v0.6.2
  * check specific err
  * check err in GetLocalAttestations
  * check for sigstore-go validation errs
  * get latest sigstore-go commit
  * handle os.PathError in GetLocalAttestations
  * Move non-integration test to different test file
  * print verify err
  * check for os.PathError
  * dont print err content
  * update bundle file parsing err messages
  * Expand active test cases
  * Added `--active` flag to the `gh auth status` command

Update to version 2.56.0:

  * Check for nil values to prevent nil dereference panic
  * build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3
  * Update linux install to point to GPG troubleshoot
  * Revert "Remove note explaining 2 year old GPG ID change"
  * Remove note explaining 2 year old GPG ID change
  * Rename ProtobufBundle to Bundle
  * Upgrade to sigstore-go v0.6.1
  * `gh attestation verify` handles empty JSONL files (#9541)
  * verify 2nd artifact without swapping order (#9532)
  * Improve the help message for -F (#9525)
  * build(deps): bump actions/attest-build-provenance from 1.4.1 to 1.4.2 (#9518)
  * "offline" verification using the bundle of attestations without any additional handling of the file (#9523)
  * Drop surplus trailing space char in flag names in web
  * Remove `Internal` from `gh repo create` prompt when owner is not an org (#9465)
  * Fix doc typo for `repo sync`
  * Quote repo names consistently in `gh repo sync` stdout (#9491)
  * update error message
  * rename flag to bundle-from-oci
  * fix the trimming of log filenames for `gh run view`
  * Check http scheme as well
  * Always print URL scheme to stdout

References

No references

Packages

  • gh-2.57.0-bp156.2.12.1