update selfupdate dependency to fix signature verification (#13919)

minisign v0.10.0 tool broke compatibility, that leads to our library failing to parse the newer signatures. This PR fixes - https://github.com/minio/operator/issues/913 fixes - https://github.com/minio/minio/issues/13824 A workaround for users facing this problem is to unset ``` MINIO_UPDATE_MINISIGN_PUBKEY ``` or set it to `empty` string then signature verification is skipped automatically.
2025-11-27 12:53:45 -05:00 · 2021-12-15 15:05:23 -08:00
parent d6396f82fe
commit da540ccf8c
2 changed files with 9 additions and 7 deletions
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 	github.com/minio/minio-go/v7 v7.0.17
 	github.com/minio/parquet-go v1.1.0
 	github.com/minio/pkg v1.1.9
-	github.com/minio/selfupdate v0.3.1
+	github.com/minio/selfupdate v0.4.0
 	github.com/minio/sha256-simd v1.0.0
 	github.com/minio/simdjson-go v0.2.1
 	github.com/minio/sio v0.3.0
@@ -86,7 +86,7 @@ require (
 	go.etcd.io/etcd/client/v3 v3.5.0
 	go.uber.org/atomic v1.9.0
 	go.uber.org/zap v1.19.1
-	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
+	golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b
 	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
 	golang.org/x/sys v0.0.0-20211020174200-9d6173849985
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
@@ -203,7 +203,7 @@ require (
 	go.mongodb.org/mongo-driver v1.4.6 // indirect
 	go.opencensus.io v0.23.0 // indirect
 	go.uber.org/multierr v1.7.0 // indirect
-	golang.org/x/net v0.0.0-20211020060615-d418f374d309 // indirect
+	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect