From 6954561b1a5a8c726fd857dcced21393ae1aecf6 Mon Sep 17 00:00:00 2001 From: Teodor Calin Date: Mon, 22 Jun 2026 15:57:47 +0300 Subject: [PATCH] Bump updater to v0.2.3 for fail-closed attestation The updater module v0.2.3 makes SLSA attestation verification fail closed when the gh CLI is absent (previously a silent no-op). Bumping the dependency ships this behavior to the auto-updater binary built by cmd/updater. The --skip-attestation flag (added in #307) continues to wire to updater.Config.SkipAttestation as the explicit opt-out for hosts genuinely without gh. --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6fa22649..1120ae03 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/pilot-protocol/runtime v0.3.1 github.com/pilot-protocol/skillinject v0.2.3 github.com/pilot-protocol/trustedagents v0.2.3 - github.com/pilot-protocol/updater v0.2.2 + github.com/pilot-protocol/updater v0.2.3 github.com/pilot-protocol/webhook v0.2.0 golang.org/x/sys v0.46.0 ) diff --git a/go.sum b/go.sum index 1dc92834..6add17d3 100644 --- a/go.sum +++ b/go.sum @@ -28,8 +28,8 @@ github.com/pilot-protocol/skillinject v0.2.3 h1:Bf0tqRe7tqYY27X5RGCOf4LGjtWpyQvN github.com/pilot-protocol/skillinject v0.2.3/go.mod h1:fCzivA/bjkXRgGjp6yd7nqfaIETtU+lQRocBu0J/O9g= github.com/pilot-protocol/trustedagents v0.2.3 h1:QQJHYqzPrECJwkCev0xIDBMjd92uhtcxcCMc2aOrRHc= github.com/pilot-protocol/trustedagents v0.2.3/go.mod h1:gDgEOC9lHmXSS9v45h80XxlmUS861soIrA0AsbXiSV4= -github.com/pilot-protocol/updater v0.2.2 h1:uA+Gmbs3/sMoumtjwCMXUHo3TAKg51VRch88m0wUtZA= -github.com/pilot-protocol/updater v0.2.2/go.mod h1:wn+HkjgChZ1QCCkOHBolAol42mxyyW/iz7oOFJLciT4= +github.com/pilot-protocol/updater v0.2.3 h1:9+Y2XvyEnfxjbguho8AIKLdEK+Gzj2I7lkad2qIu6JY= +github.com/pilot-protocol/updater v0.2.3/go.mod h1:wn+HkjgChZ1QCCkOHBolAol42mxyyW/iz7oOFJLciT4= github.com/pilot-protocol/webhook v0.2.0 h1:3UFU9X2yBb0iKlPbzVcism+Z6yCrBBaOgdo9+vd4Wf4= github.com/pilot-protocol/webhook v0.2.0/go.mod h1:WVXhHFg+o0pHHk+4nXMCh1zl/ZAyZ3AXrtx6mNuZS6g= golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8=