Ana Guerrero
03655287ce
- update to 3.0.6 (bsc#1261859, CVE-2026-39395): * Fix DSSE predicate check (GHSA-w6c6-c85g-mmv6) (#4801) * Handle whitespace-only certificate annotation (#4760) * fix(sign): closing SignerVerifier too early when signing with a security key (#4761) * Disallow --new-bundle-format and --rfc3161-timestamp (#4762) * support managed keys in conformance testing (#4728) * Add support for GCE metadata server env var (#4732) * fix: preserve per-layer annotations in WriteAttestationsReferrer (#4709) * Fix parsing of in-toto for string predicates * Mark batch of flags for deprecation (#4698) * disallow key and cert identity being used together during verification (#4636) * support key creation in GitLab group (#4704) - Set CGO_ENABLED=1 for fixing s390x failed build - build against a maintained golang version (upstream uses go1.20) (forwarded request 1352661 from dirkmueller) OBS-URL: https://build.opensuse.org/request/show/1352668 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cosign?expand=0&rev=35