Request for updating dependencies to newer versions
Closed this issue · 3 comments
Description
I'm facing an issue with using k8s-manifest-sigstore
to sign manifests
in our Go project. k8s-manifest-sigstore
is currently dependent on an older version of k8s.io/cli-runtime
, v0.23.5
, which is incompatible with the newer version v0.24+
that we're using in our project. This prevents us from using k8s-manifest-sigstore
altogether.
Therefore, I would like to request that you update the k8s.io/cli-runtime
dependency version to v0.24 or higher
to support the projects using latest versions of k8s.io/cli-runtime
. This would allow users like us to use k8s-manifest-sigstore
without any conflicts.
Thank You.
Hi @suhasgummanirmata , thank you for reporting this!
Actually the version of k8s.io/cli-runtime
was not updated for a while, but we just released v0.5.0
of k8s-manifest-sigstore last week and now the latest go.mod uses v0.26.1
(ref) .
I am glad if you can try the latest version to resolve the issue and if you can let us know the result. Thank you.
Hi @hirokuni-kitahara , Thanks for the update. It solved the previous problem. But, the current version bumped the github.com/sigstore/cosign
to v2 2.0.2
. Our project is not compatible with v2
. It would be great if you release a middle version with github.com/sigstore/cosign v1
. I would totally understand if you couldn't.
Anyways, thank you for maintaining this amazing project.
No activity on this issue for a while, so let me close this.
Right now basically k8s-manifest-sigstore is maintained for compatibility with the latest version of cosign.