Herman Slatman
cfd65484fc
Update to v0.29.0
of go.step.sm/crypto
2023-04-06 23:41:39 +02:00
Herman Slatman
ed1a62206e
Add additional verification of AK certificate
2023-04-05 01:02:44 +02:00
Herman Slatman
dfc56f21b8
Merge branch 'master' into herman/acme-da-tpm
2023-04-03 22:22:53 +02:00
Herman Slatman
9cd4b362f7
Extract the ParseSubjectAlternativeNames
function
2023-04-03 22:21:29 +02:00
dependabot[bot]
6905979537
Bump github.com/newrelic/go-agent/v3 from 3.20.4 to 3.21.0
...
Bumps [github.com/newrelic/go-agent/v3](https://github.com/newrelic/go-agent ) from 3.20.4 to 3.21.0.
- [Release notes](https://github.com/newrelic/go-agent/releases )
- [Changelog](https://github.com/newrelic/go-agent/blob/master/CHANGELOG.md )
- [Commits](https://github.com/newrelic/go-agent/compare/v3.20.4...v3.21.0 )
---
updated-dependencies:
- dependency-name: github.com/newrelic/go-agent/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-03 16:00:22 +00:00
Herman Slatman
79cd42527e
Use newer version of forked github.com/google/go-attestation
2023-03-31 15:06:38 +02:00
Herman Slatman
ae30f6e96b
Add failing TPM simulator test
2023-03-30 13:02:04 +02:00
Herman Slatman
bf53b394a1
Add tpm
format test with simulated TPM
2023-03-29 18:58:50 +02:00
Herman Slatman
720cafb69c
Merge branch 'master' into herman/acme-da-tpm
2023-03-29 16:21:11 +02:00
github-actions[bot]
a3018d9db5
Merge pull request #1331 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.54.0
...
Bump google.golang.org/grpc from 1.53.0 to 1.54.0
2023-03-27 09:37:42 -07:00
dependabot[bot]
0cb5acd01c
Bump google.golang.org/grpc from 1.53.0 to 1.54.0
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.53.0 to 1.54.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.53.0...v1.54.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-27 16:02:37 +00:00
dependabot[bot]
8ed523ea67
Bump go.step.sm/crypto from 0.27.0 to 0.28.0
...
Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto ) from 0.27.0 to 0.28.0.
- [Release notes](https://github.com/smallstep/crypto/releases )
- [Commits](https://github.com/smallstep/crypto/compare/v0.27.0...v0.28.0 )
---
updated-dependencies:
- dependency-name: go.step.sm/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-27 16:02:15 +00:00
Herman Slatman
094f0521e2
Remove check for PermanentIdentifier
from tpm
format validation
2023-03-24 12:55:42 +01:00
Herman Slatman
f91a31f9b6
Merge branch 'master' into herman/acme-da-tpm
2023-03-24 11:18:25 +01:00
github-actions[bot]
897f4711df
Merge pull request #1326 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.13.0
...
Bump cloud.google.com/go/security from 1.12.0 to 1.13.0
2023-03-20 10:07:15 -07:00
github-actions[bot]
1b1df26864
Merge pull request #1327 from smallstep/dependabot/go_modules/google.golang.org/protobuf-1.30.0
...
Bump google.golang.org/protobuf from 1.29.1 to 1.30.0
2023-03-20 10:06:20 -07:00
github-actions[bot]
92e25f0f7f
Merge pull request #1328 from smallstep/dependabot/go_modules/github.com/googleapis/gax-go/v2-2.8.0
...
Bump github.com/googleapis/gax-go/v2 from 2.7.1 to 2.8.0
2023-03-20 09:48:02 -07:00
dependabot[bot]
1859ed2666
Bump cloud.google.com/go/security from 1.12.0 to 1.13.0
...
Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go ) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/asset/v1.12.0...video/v1.13.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/security
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 16:47:50 +00:00
dependabot[bot]
1420f441d5
Bump google.golang.org/protobuf from 1.29.1 to 1.30.0
...
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go ) from 1.29.1 to 1.30.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash )
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.29.1...v1.30.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 16:47:49 +00:00
dependabot[bot]
d8a2839955
Bump github.com/googleapis/gax-go/v2 from 2.7.1 to 2.8.0
...
Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go ) from 2.7.1 to 2.8.0.
- [Release notes](https://github.com/googleapis/gax-go/releases )
- [Commits](https://github.com/googleapis/gax-go/compare/v2.7.1...v2.8.0 )
---
updated-dependencies:
- dependency-name: github.com/googleapis/gax-go/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 16:02:21 +00:00
dependabot[bot]
e6339a3761
Bump google.golang.org/api from 0.112.0 to 0.114.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.112.0 to 0.114.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.112.0...v0.114.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 16:01:37 +00:00
Mariano Cano
334bc81694
Upgrade go.step.sm/crypto to improved azurekms support
...
This commit upgrades go.step.sm/crypto to the latest version which
includes support for sovereign clouds and HSM keys.
Fixes #1276
2023-03-15 17:11:45 -07:00
dependabot[bot]
942f8bfc9f
Bump google.golang.org/protobuf from 1.29.0 to 1.29.1
...
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go ) from 1.29.0 to 1.29.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash )
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.29.0...v1.29.1 )
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-14 23:09:56 +00:00
Herman Slatman
589a62df74
Make validation of tpm
format stricter
2023-03-14 13:59:16 +01:00
Herman Slatman
213b31bc2c
Simplify processing logic for unhandled critical extension
2023-03-14 09:48:44 +01:00
Herman Slatman
6297bace1a
Merge branch 'master' into herman/acme-da-tpm
2023-03-13 17:27:40 +01:00
Herman Slatman
69489480ab
Add more complete tpm
format validation
2023-03-13 17:21:09 +01:00
dependabot[bot]
6588efdb01
Bump google.golang.org/api from 0.111.0 to 0.112.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.111.0 to 0.112.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.111.0...v0.112.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 16:18:15 +00:00
github-actions[bot]
19a91671a6
Merge pull request #1315 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.20.4
...
Bump github.com/newrelic/go-agent/v3 from 3.20.3 to 3.20.4
2023-03-13 09:12:45 -07:00
github-actions[bot]
745c1cc130
Merge pull request #1318 from smallstep/dependabot/go_modules/github.com/googleapis/gax-go/v2-2.7.1
...
Bump github.com/googleapis/gax-go/v2 from 2.7.0 to 2.7.1
2023-03-13 09:11:26 -07:00
github-actions[bot]
c72826a690
Merge pull request #1317 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.26.0
...
Bump go.step.sm/crypto from 0.25.2 to 0.26.0
2023-03-13 09:10:51 -07:00
dependabot[bot]
bb3cddd6f1
Bump google.golang.org/protobuf from 1.28.1 to 1.29.0
...
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go ) from 1.28.1 to 1.29.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash )
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.28.1...v1.29.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 16:02:43 +00:00
dependabot[bot]
5943c3955e
Bump github.com/googleapis/gax-go/v2 from 2.7.0 to 2.7.1
...
Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go ) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/googleapis/gax-go/releases )
- [Commits](https://github.com/googleapis/gax-go/compare/v2.7.0...v2.7.1 )
---
updated-dependencies:
- dependency-name: github.com/googleapis/gax-go/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 16:02:31 +00:00
dependabot[bot]
8747156bcc
Bump go.step.sm/crypto from 0.25.2 to 0.26.0
...
Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto ) from 0.25.2 to 0.26.0.
- [Release notes](https://github.com/smallstep/crypto/releases )
- [Commits](https://github.com/smallstep/crypto/compare/v0.25.2...v0.26.0 )
---
updated-dependencies:
- dependency-name: go.step.sm/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 16:02:21 +00:00
dependabot[bot]
442f2fe5f9
Bump github.com/newrelic/go-agent/v3 from 3.20.3 to 3.20.4
...
Bumps [github.com/newrelic/go-agent/v3](https://github.com/newrelic/go-agent ) from 3.20.3 to 3.20.4.
- [Release notes](https://github.com/newrelic/go-agent/releases )
- [Changelog](https://github.com/newrelic/go-agent/blob/master/CHANGELOG.md )
- [Commits](https://github.com/newrelic/go-agent/compare/v3.20.3...v3.20.4 )
---
updated-dependencies:
- dependency-name: github.com/newrelic/go-agent/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 16:02:01 +00:00
github-actions[bot]
b8ee206f71
Merge pull request #1305 from smallstep/dependabot/go_modules/google.golang.org/api-0.111.0
...
Bump google.golang.org/api from 0.110.0 to 0.111.0
2023-03-06 09:36:27 -08:00
dependabot[bot]
dd43e9e09f
Bump google.golang.org/api from 0.110.0 to 0.111.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.110.0 to 0.111.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.110.0...v0.111.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 17:15:23 +00:00
dependabot[bot]
152a0a2f3e
Bump go.step.sm/crypto from 0.25.0 to 0.25.2
...
Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto ) from 0.25.0 to 0.25.2.
- [Release notes](https://github.com/smallstep/crypto/releases )
- [Commits](https://github.com/smallstep/crypto/compare/v0.25.0...v0.25.2 )
---
updated-dependencies:
- dependency-name: go.step.sm/crypto
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 17:15:03 +00:00
dependabot[bot]
6452afc45c
Bump golang.org/x/crypto from 0.6.0 to 0.7.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/crypto/releases )
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 16:08:09 +00:00
Herman Slatman
4d6ecf9a48
Upgrade to latest smallstep/pkcs7
to fix RSA OAEP decryption
2023-03-03 13:33:44 +01:00
Mariano Cano
831a1e35ea
Add support for compating the badger db
...
This commit adds a job that will compact the badger db periodically.
In the nosql package, when Compact is called, it will run badger's
RunValueLogGC method.
2023-03-01 17:16:34 -08:00
dependabot[bot]
fe63f3e832
Bump github.com/stretchr/testify from 1.8.1 to 1.8.2
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 16:05:54 +00:00
github-actions[bot]
b02c43cf8e
Merge pull request #1280 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.12.0
...
Bump cloud.google.com/go/security from 1.11.0 to 1.12.0
2023-02-21 22:16:06 -08:00
dependabot[bot]
e0b9f3960c
Bump cloud.google.com/go/security from 1.11.0 to 1.12.0
...
Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go ) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/asset/v1.11.0...video/v1.12.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/security
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-22 05:49:03 +00:00
dependabot[bot]
b4f8100c72
Bump github.com/hashicorp/vault/api/auth/approle from 0.3.0 to 0.4.0
...
Bumps [github.com/hashicorp/vault/api/auth/approle](https://github.com/hashicorp/vault ) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/hashicorp/vault/releases )
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/vault/compare/v0.3.0...v0.4.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api/auth/approle
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-22 05:49:03 +00:00
dependabot[bot]
5f835dc808
Bump cloud.google.com/go/longrunning from 0.4.0 to 0.4.1
...
Bumps [cloud.google.com/go/longrunning](https://github.com/googleapis/google-cloud-go ) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/v0.4.0...batch/v0.4.1 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/longrunning
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-21 21:14:50 +00:00
dependabot[bot]
790139d5a7
Bump golang.org/x/crypto from 0.5.0 to 0.6.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases )
- [Commits](https://github.com/golang/crypto/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 16:06:45 +00:00
dependabot[bot]
bb068f8280
Bump google.golang.org/grpc from 1.52.3 to 1.53.0
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.52.3 to 1.53.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.52.3...v1.53.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-15 23:38:31 +00:00
dependabot[bot]
2f2e3dea0f
Bump github.com/hashicorp/vault/api/auth/kubernetes from 0.3.0 to 0.4.0
...
Bumps [github.com/hashicorp/vault/api/auth/kubernetes](https://github.com/hashicorp/vault ) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/hashicorp/vault/releases )
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/vault/compare/v0.3.0...v0.4.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api/auth/kubernetes
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 22:04:07 +00:00
Mariano Cano
0d80473157
Upgrade golang.org/x/net
...
When the Go client is configured with an http2.Transport we need to
upgrade x/net due to:
- net/http: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
2023-02-14 13:11:25 -08:00