Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to v2.4.3 #343

Merged
merged 105 commits into from
Mar 21, 2025
+4,124 −1,054
Merged

Update to v2.4.3 #343

Changes from 1 commit
Commits
Show all changes
105 commits
Select commit Hold shift + click to select a range
da11580
move reference from gcr to ghcr (#3897)
bobcallaway Oct 6, 2024
c7d04ba
fix typo in readme for move to GHCR (#3898)
bobcallaway Oct 6, 2024
95d9dca
chore(deps): bump the actions group with 6 updates (#3899)
dependabot[bot] Oct 7, 2024
a0752eb
update go to 1.22.8 (#3900)
cpanato Oct 10, 2024
4626251
chore(deps): bump the actions group with 3 updates (#3907)
dependabot[bot] Oct 14, 2024
342a346
Add install targets to Makefile (#3910)
adityasaky Oct 21, 2024
ad47808
Update README scorecard badge link (#3912)
haydentherapper Oct 22, 2024
3818a1d
chore(deps): bump the actions group with 4 updates (#3914)
dependabot[bot] Oct 28, 2024
9b17791
Add trusted-root create helper command (#3876)
steiza Oct 29, 2024
04b8e1c
Remove usage.md from spec, point to client spec (#3918)
haydentherapper Nov 2, 2024
3380f9f
chore(deps): bump google-github-actions/auth in the actions group (#3…
dependabot[bot] Nov 4, 2024
ce43834
chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#…
dependabot[bot] Nov 5, 2024
38c8a28
Add bundle create helper command (#3901)
steiza Nov 5, 2024
ad5bc3b
Support mTLS towards container registry (#3922)
zpon Nov 6, 2024
93b72d2
Add a log message if user doesn't provide `--trusted-root` (#3933)
steiza Nov 13, 2024
7952891
Detect if user supplied a valid protobuf bundle (#3931)
steiza Nov 13, 2024
19c1624
chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 (#3937)
dependabot[bot] Nov 18, 2024
d4b65ad
chore(deps): bump mikefarah/yq in the actions group (#3936)
dependabot[bot] Nov 18, 2024
6aeb919
Add e2e tests using a TUF mirror (#3938)
cmurphy Nov 22, 2024
ecad693
goreleaser: Refactor git-diff hook (#3943)
jku Nov 25, 2024
e7667bd
chore(deps): bump codecov/codecov-action in the actions group (#3945)
dependabot[bot] Nov 25, 2024
77f46ca
Fix formatting of CODEOWNERS (#3957)
codysoyland Dec 10, 2024
2e3d296
Remove dependency on github.com/pkg/errors (#3956)
codysoyland Dec 10, 2024
8f0a179
fix zizmor issues (#3959)
bobcallaway Dec 11, 2024
519e55b
chore(deps): bump golang.org/x/crypto in /test/fakeoidc (#3962)
dependabot[bot] Dec 12, 2024
a213ea9
Revert "Fix formatting of CODEOWNERS (#3957)" (#3967)
haydentherapper Dec 13, 2024
cff9f1e
update builder to use go1.22.10 (#3964)
cpanato Dec 13, 2024
0dbb70a
chore(deps): bump golang.org/x/crypto from 0.27.0 to 0.31.0 (#3966)
dependabot[bot] Dec 13, 2024
c9eb68d
Fix copy --only for signatures + update/align docs (#3904)
marcofranssen Dec 16, 2024
b033ac8
chore(deps): bump the actions group across 1 directory with 5 updates…
dependabot[bot] Dec 16, 2024
3837f01
chore(deps): bump github.com/go-piv/piv-go from 1.11.0 to 2.0.0+incom…
dependabot[bot] Dec 16, 2024
6094066
bump sigstore-conformance to v0.0.14 release (#3965)
bobcallaway Dec 16, 2024
15be941
fix lint error, bump golangci-lint version (#3972)
bobcallaway Dec 16, 2024
0d74f8e
chore(deps): bump the gomod group across 1 directory with 8 updates (…
dependabot[bot] Dec 16, 2024
3d6965e
Bump test/fakeoidc and cuelang deps (#3975)
haydentherapper Dec 16, 2024
45eba90
CHANGELOG for v2.4.2 (#3971)
haydentherapper Dec 17, 2024
fa805ab
Add nightly conformance test workflow (#3979)
codysoyland Dec 18, 2024
ce5acdf
Fix for multiple WithRemote options (#3982)
warrenhodg Dec 19, 2024
2c10070
update builder to use go1.23.4 (#3985)
cpanato Dec 23, 2024
12d14ed
chore(deps): bump cuelang.org/go in the gomod group (#3986)
dependabot[bot] Dec 23, 2024
1e06e1d
chore(deps): bump google.golang.org/api from 0.210.0 to 0.214.0 (#3988)
dependabot[bot] Dec 23, 2024
7c7b0f4
chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (…
dependabot[bot] Dec 23, 2024
3c60c46
chore(deps): bump github.com/buildkite/agent/v3 from 3.81.0 to 3.88.0…
dependabot[bot] Dec 24, 2024
170ef3c
chore(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.1 (#…
dependabot[bot] Dec 24, 2024
8040fc4
chore(deps): bump sigs.k8s.io/release-utils from 0.8.5 to 0.9.0 (#3994)
dependabot[bot] Dec 30, 2024
782e038
policy fuzzer: ignore known panics (#3993)
AdamKorcz Jan 4, 2025
6e89388
chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0 (#3999)
dependabot[bot] Jan 6, 2025
a1648b5
chore(deps): bump github.com/moby/term in the gomod group (#3997)
dependabot[bot] Jan 6, 2025
8288480
chore(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#4001)
dependabot[bot] Jan 6, 2025
f056c3e
Add support for verifying root checksum in cosign initialize (#3953)
bkabrda Jan 7, 2025
9ae59fc
chore(deps): bump github.com/buildkite/agent/v3 from 3.88.0 to 3.89.0…
dependabot[bot] Jan 8, 2025
342f8d8
Add more complex TUF tests (#4003)
cmurphy Jan 9, 2025
87c08b0
Clean up (#4004)
cpanato Jan 10, 2025
d01988e
fix: set tls config while retaining other fields from default http tr…
nianyush Jan 13, 2025
e5aa062
Bump conformance to latest version (#4011)
haydentherapper Jan 13, 2025
accc80a
Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
codysoyland Jan 13, 2025
51d23eb
Add conformance test commands to Makefile (#4023)
codysoyland Jan 30, 2025
8ef39b5
chore(deps): bump the actions group across 1 directory with 6 updates…
dependabot[bot] Jan 31, 2025
a25bb31
chore(deps): bump the gomod group across 1 directory with 14 updates …
dependabot[bot] Jan 31, 2025
37740f0
chore(deps): bump github.com/buildkite/agent/v3 from 3.89.0 to 3.91.0…
dependabot[bot] Jan 31, 2025
b5f6d98
chore(deps): bump github.com/sigstore/protobuf-specs from 0.3.3 to 0.…
dependabot[bot] Feb 3, 2025
176602b
chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.4.0 to 2.5.0 …
dependabot[bot] Feb 3, 2025
89ef8a5
chore(deps): bump google-github-actions/auth in the actions group (#4…
dependabot[bot] Feb 3, 2025
fcf13eb
chore(deps): bump sigs.k8s.io/release-utils from 0.9.0 to 0.11.0 (#4040)
dependabot[bot] Feb 3, 2025
a71220e
chore(deps): bump google.golang.org/api from 0.218.0 to 0.219.0 (#4038)
dependabot[bot] Feb 3, 2025
4937bca
chore(deps): bump the gomod group across 1 directory with 2 updates (…
dependabot[bot] Feb 4, 2025
9f142a5
chore(deps): bump github.com/sigstore/sigstore-go (#4034)
dependabot[bot] Feb 4, 2025
486937b
chore(deps): move github.com/xanzy/go-gitlab to gitlab.com/gitlab-org…
dependabot[bot] Feb 4, 2025
cced656
fix warning message from golangci-lint (#4043)
bobcallaway Feb 4, 2025
e4ff8e2
chore(deps): bump cuelang.org/go from 0.11.2 to 0.12.0 (#4035)
dependabot[bot] Feb 4, 2025
4dc18dd
test against newer k8s, scaffolding release (#4044)
bobcallaway Feb 4, 2025
ff13ba4
chore(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 1.1…
dependabot[bot] Feb 4, 2025
b6df9c7
update v2.4.2 changelog (#4045)
bobcallaway Feb 4, 2025
7fc127b
Fix codeowners syntax, add dep-maintainers (#4046)
haydentherapper Feb 4, 2025
c4299b1
fix parsing error in --only for cosign copy (#4049)
bobcallaway Feb 6, 2025
7fc8e2a
disable fuzzer (#4051)
bobcallaway Feb 7, 2025
737c83c
Refactor verifyNewBundle into library function (#4013)
codysoyland Feb 7, 2025
d0a8aa2
Udpate builder to use go1.23.6 (#4052)
cpanato Feb 8, 2025
b6c199a
chore(deps): bump google.golang.org/protobuf in the gomod group (#4053)
dependabot[bot] Feb 10, 2025
4fff6f3
chore(deps): bump the actions group with 2 updates (#4060)
dependabot[bot] Feb 10, 2025
3488f37
chore(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#4058)
dependabot[bot] Feb 10, 2025
ea828e0
chore(deps): bump google.golang.org/api from 0.219.0 to 0.220.0 (#4054)
dependabot[bot] Feb 10, 2025
bf1b942
chore(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 (#4059)
dependabot[bot] Feb 10, 2025
db48ad1
chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4057)
dependabot[bot] Feb 10, 2025
b01173e
chore(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 (#4056)
dependabot[bot] Feb 10, 2025
c20a63b
chore(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 (#4055)
dependabot[bot] Feb 10, 2025
8f58513
Feat/file flag completion improvements (#4028)
scop Feb 11, 2025
736acbd
fix comment typo and imports order (#4061)
dmitris Feb 17, 2025
5fc24fa
fix go imports order to be alphabetical (#4062)
dmitris Feb 17, 2025
cce71fd
chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr…
dependabot[bot] Feb 17, 2025
01fde81
sync comment with parameter name in function signature (#4063)
dmitris Feb 17, 2025
b4be5f7
chore(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 (#4068)
dependabot[bot] Feb 17, 2025
a0b20b7
sort properly Go imports (#4071)
dmitris Feb 19, 2025
c1b1a78
chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#4067)
dependabot[bot] Feb 19, 2025
5181623
chore(deps): bump golangci/golangci-lint-action in the actions group …
dependabot[bot] Feb 19, 2025
26d0ee5
Bump sigstore/sigstore to support KMS plugins (#4073)
haydentherapper Feb 19, 2025
d6aeeb2
Enable fetching signatures without remote get. (#4047)
janisz Feb 19, 2025
3564b3e
chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4065)
dependabot[bot] Feb 19, 2025
0b69cc5
chore(deps): bump github.com/buildkite/agent/v3 from 3.91.0 to 3.92.1…
dependabot[bot] Feb 19, 2025
6a7abbf
chore(deps): bump the gomod group across 1 directory with 4 updates (…
dependabot[bot] Feb 19, 2025
ea63e31
Merge tag 'v2.4.3'
tommyd450 Mar 18, 2025
96d2371
Updating Go Builder image for cosign to 1.23
tommyd450 Mar 18, 2025
cd900d8
Updating to newer builder version
tommyd450 Mar 18, 2025
c61a060
Update to date image test
tommyd450 Mar 19, 2025
40b49a0
Update dating ubi minimal image
tommyd450 Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
CHANGELOG for v2.4.2 (sigstore#3971) 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
haydentherapper authored Dec 17, 2024

Verified

This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
commit 45eba906b0847f300d76d69cb9b1f528e57224b8
32 changes: 32 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,35 @@
# v2.4.2

## Features

* Detect if user supplied a valid protobuf bundle (#3931)
* Add a log message if user doesn't provide `--trusted-root` (#3933)
* Support mTLS towards container registry (#3922)
* Add bundle create helper command (#3901)
* Add trusted-root create helper command (#3876)

## Bug Fixes

* Fix copy --only for signatures + update/align docs (#3904)

## Documentation

* Remove usage.md from spec, point to client spec (#3918)
* move reference from gcr to ghcr (#3897)

## Contributors

* Aditya Sirish
* Bob Callaway
* Carlos Tadeu Panato Junior
* Cody Soyland
* Colleen Murphy
* Hayden B
* Jussi Kukkonen
* Marco Franssen
* Søren Juul
* Zach Steindler

# v2.4.1

v2.4.1 largely contains bug fixes and updates dependencies.