Request for updating dependencies to newer versions
Closed this issue · 3 comments
Description
I'm facing an issue with using k8s-manifest-sigstore to sign manifests in our Go project. k8s-manifest-sigstore is currently dependent on an older version of k8s.io/cli-runtime, v0.23.5, which is incompatible with the newer version v0.24+ that we're using in our project. This prevents us from using k8s-manifest-sigstore altogether.
Therefore, I would like to request that you update the k8s.io/cli-runtime dependency version to v0.24 or higher to support the projects using latest versions of k8s.io/cli-runtime. This would allow users like us to use k8s-manifest-sigstore without any conflicts.
Thank You.
Hi @suhasgummanirmata , thank you for reporting this!
Actually the version of k8s.io/cli-runtime was not updated for a while, but we just released v0.5.0 of k8s-manifest-sigstore last week and now the latest go.mod uses v0.26.1 (ref) .
I am glad if you can try the latest version to resolve the issue and if you can let us know the result. Thank you.
Hi @hirokuni-kitahara , Thanks for the update. It solved the previous problem. But, the current version bumped the github.com/sigstore/cosign to v2 2.0.2. Our project is not compatible with v2. It would be great if you release a middle version with github.com/sigstore/cosign v1. I would totally understand if you couldn't.
Anyways, thank you for maintaining this amazing project.
No activity on this issue for a while, so let me close this.
Right now basically k8s-manifest-sigstore is maintained for compatibility with the latest version of cosign.