Skip to content

v0.7.0
Compare
Choose a tag to compare
@sigstore-bot sigstore-bot released this 27 May 08:41
· 1187 commits to main since this release
v0.7.0
This tag was signed with the committer’s verified signature. The key has expired.
cpanato Carlos Tadeu Panato Junior
GPG key ID: 37CA4627A2CA778F
Expired
Learn about vigilant mode.
7ff1c87
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

⚠️ Breaking Change

Removed timestamping authority API. This is a breaking API change.
If you are relying on the timestamping authority to issue signed timestamps, create signed timestamps using either OpenSSL or a service such as FreeTSA.

What's Changed

  • remove URL fetch of keys/artifacts server-side by @bobcallaway in #735
  • Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 by @dependabot in #776
  • Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #777
  • Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #778
  • Bump anchore/sbom-action from 0.10.0 to 0.11.0 by @dependabot in #779
  • Bump github.com/mediocregopher/radix/v4 from 4.0.0 to 4.1.0 by @dependabot in #781
  • Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 by @dependabot in #782
  • Bump codecov/codecov-action from 3.0.0 to 3.1.0 by @dependabot in #785
  • Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #786
  • Bump google-github-actions/auth from 0.7.0 to 0.7.1 by @dependabot in #790
  • Bump google.golang.org/grpc from 1.45.0 to 1.46.0 by @dependabot in #791
  • Bump github/codeql-action from 2.1.8 to 2.1.9 by @dependabot in #796
  • Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 by @dependabot in #795
  • Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #794
  • intoto: add index on materials digest of slsa provenance by @asraa in #793
  • Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 by @dependabot in #799
  • chore(deps): Included dependency review by @naveensrinivasan in #788
  • Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800
  • Bump github.com/go-playground/validator/v10 from 10.10.1 to 10.11.0 by @dependabot in #803
  • Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807
  • Bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 by @dependabot in #802
  • Bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 by @dependabot in #811
  • Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810
  • Bump github/codeql-action from 2.1.9 to 2.1.10 by @dependabot in #816
  • Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 by @dependabot in #815
  • update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820
  • Bump github/codeql-action from 03e2e3c45f9f937ffe65a1caa4c9960d420a31f9 to 2.1.10 by @dependabot in #821
  • Bump actions/setup-go from 3.0.0 to 3.1.0 by @dependabot in #822
  • Bump github.com/google/trillian from 1.4.0 to 1.4.1 by @dependabot in #817
  • Bump github.com/google/trillian from 1.4.0 to 1.4.1 in /hack/tools by @dependabot in #818
  • update go to 1.17.10 in the dockerfile by @cpanato in #819
  • Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #827
  • Limit the number of certificates parsed in a chain by @haydentherapper in #823
  • Bump actions/github-script from 6.0.0 to 6.1.0 by @dependabot in #826
  • Bump actions/dependency-review-action from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1 by @dependabot in #825
  • Bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #828
  • Bump google-github-actions/auth from 0.7.1 to 0.7.2 by @dependabot in #830
  • Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #829
  • Breaking change: Remove timestamping authority by @haydentherapper in #813
  • Bump google-github-actions/auth from 0.7.2 to 0.7.3 by @dependabot in #832
  • Add back owners for rfc3161 package type by @haydentherapper in #833
  • all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834
  • Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in #836
  • Bump goreleaser/goreleaser-action from 2.9.1 to 3 by @dependabot in #837
  • Bump actions/dependency-review-action from 1.0.1 to 1.0.2 by @dependabot in #840
  • Bump google-github-actions/auth from 0.7.3 to 0.8.0 by @dependabot in #839
  • name stored attestations by digest instead of UUID by @bobcallaway in #769
  • Bump ossf/scorecard-action from 1.0.4 to 1.1.0 by @dependabot in #843
  • Bump actions/setup-go from 3.1.0 to 3.2.0 by @dependabot in #842
  • add changelog for 0.7.0 release by @cpanato in #835

New Contributors

Full Changelog: v0.6.0...v0.7.0

Thanks for all contributors!

Contributors

naveensrinivasan, bobcallaway, and 6 other contributors
Assets 72
Loading