From 406a904cf443a29bdba634a09cc1dd5bc61cf712 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com>
Date: Fri, 13 Dec 2024 01:17:21 +0000
Subject: [PATCH 1/2] neuvector-sigstore-interface/0_git20240801-r2: fix
 GHSA-v778-237x-gjrc

---
 neuvector-sigstore-interface.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/neuvector-sigstore-interface.yaml b/neuvector-sigstore-interface.yaml
index fbb184c0e7f..9b17ba37d59 100644
--- a/neuvector-sigstore-interface.yaml
+++ b/neuvector-sigstore-interface.yaml
@@ -2,7 +2,7 @@
 package:
   name: neuvector-sigstore-interface
   version: 0_git20240801
-  epoch: 2
+  epoch: 3
   description: NeuVector sigstore interface for the SUSE NeuVector Container Security Platform
   copyright:
     - license: Apache-2.0
@@ -20,7 +20,7 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: github.com/sigstore/cosign/v2@v2.2.4 github.com/hashicorp/go-retryablehttp@v0.7.7
+      deps: github.com/sigstore/cosign/v2@v2.2.4 github.com/hashicorp/go-retryablehttp@v0.7.7 golang.org/x/crypto@v0.31.0
       modroot: .
 
   - uses: go/build

From c6e47b07a6dff3a52bb3f469ca6f7dfd3469da78 Mon Sep 17 00:00:00 2001
From: Hunter Harris <hunter.harris@chainguard.dev>
Date: Fri, 13 Dec 2024 19:42:28 -0500
Subject: [PATCH 2/2] Updated version commit, which includes the crypto bump

---
 neuvector-sigstore-interface.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/neuvector-sigstore-interface.yaml b/neuvector-sigstore-interface.yaml
index 9b17ba37d59..d8b4e4115a0 100644
--- a/neuvector-sigstore-interface.yaml
+++ b/neuvector-sigstore-interface.yaml
@@ -16,11 +16,11 @@ pipeline:
   - uses: git-checkout
     with:
       repository: https://github.com/neuvector/sigstore-interface
-      expected-commit: 96da0529724951cd26b1568a980d66b991353976
+      expected-commit: 226f6b0c4ad4094c7d387e86b435be868c59a149
 
   - uses: go/bump
     with:
-      deps: github.com/sigstore/cosign/v2@v2.2.4 github.com/hashicorp/go-retryablehttp@v0.7.7 golang.org/x/crypto@v0.31.0
+      deps: github.com/sigstore/cosign/v2@v2.2.4 github.com/hashicorp/go-retryablehttp@v0.7.7
       modroot: .
 
   - uses: go/build