What's Changed
- Bump google.golang.org/api from 0.81.0 to 0.82.0 by @dependabot in #1948
- Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #1951
- replace gcr.io/distroless/ to use ghcr.io/distroless/ by @cpanato in #1961
- Bump github.com/hashicorp/go-secure-stdlib/parseutil from 0.1.5 to 0.1.6 by @dependabot in #1958
- Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #1943
- Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #1963
- Separate RegExp matching of issuer/subject from strict by @vaikas in #1956
- tuf: improve TUF client concurrency and caching by @asraa in #1953
- Add Cloudsmith Container Registry to tested registry list by @ciaracarey in #1966
- feat(fulcioroots): singleton error pattern by @developer-guy in #1965
- Bump github.com/hashicorp/go-hclog from 1.2.0 to 1.2.1 by @dependabot in #1968
- Bump actions/cache from 3.0.3 to 3.0.4 by @dependabot in #1970
- Drop tuf client dependency on GCS client library by @imjasonh in #1967
- Add spdxjson predicate type for attestations by @jdolitsky in #1974
- Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 by @dependabot in #1980
- Remove policy-controller now that it lives in sigstore/policy-controller by @vaikas in #1976
- cleanup: unexport kubernetes.Client method by @imjasonh in #1973
- Bump google.golang.org/api from 0.82.0 to 0.83.0 by @dependabot in #1979
- cleanup ci job and remove policy-controller references by @cpanato in #1981
- fix typos by @cpanato in #1982
- fix/update post build job by @cpanato in #1983
- docs: updated Azure kms commands. by @JBrejnholt in #1972
- Add cyclonedx predicate type for attestations by @jdolitsky in #1977
- Route deprecated -version to version subcommand by @puerco in #1854
- docs(readme): add installation steps for container image for cosign binary by @developer-guy in #1986
- Add --platform flag to cosign sbom download by @puerco in #1975
- Bump github.com/hashicorp/vault/sdk from 0.5.0 to 0.5.1 by @dependabot in #1988
- Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore by @imjasonh in #1866
- Bump sigstore/sigstore to HEAD by @puerco in #1995
- Add --oidc-provider flag to specify which provider to use for ambient credentials by @priyawadhwa in #1998
- Bump google.golang.org/api from 0.83.0 to 0.84.0 by @dependabot in #1999
- Bump actions/dependency-review-action from 1.0.2 to 2.0.1 by @dependabot in #2000
- Bump github.com/hashicorp/vault/sdk from 0.5.1 to 0.5.2 by @dependabot in #1996
- Bump actions/dependency-review-action from 2.0.1 to 2.0.2 by @dependabot in #2001
- encrypt values to create the github action secret by @cpanato in #1990
- Bump github.com/stretchr/testify from 1.7.2 to 1.7.3 by @dependabot in #2009
- Bump github/codeql-action from 2.1.12 to 2.1.13 by @dependabot in #2013
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #2012
- Bump github.com/google/go-github/v45 from 45.1.0 to 45.2.0 by @dependabot in #2011
- Bump github.com/stretchr/testify from 1.7.3 to 1.7.4 by @dependabot in #2010
- Bump google.golang.org/api from 0.84.0 to 0.85.0 by @dependabot in #2015
- sign-blob: bundle should work independently and respect
--output-certificate
and--output-signature
by @Dentrax in #2016 - Bump mikefarah/yq from 4.25.2 to 4.25.3 by @dependabot in #2022
- Bump github.com/google/go-containerregistry from 0.9.0 to 0.10.0 by @dependabot in #2021
- Bump github/codeql-action from 2.1.13 to 2.1.14 by @dependabot in #2023
- Attempt to clean up pkg/cosign by @imjasonh in #2018
- public-key: fix command description by @Dentrax in #2024
- Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 by @dependabot in #2026
- Bump github.com/xanzy/go-gitlab from 0.68.0 to 0.68.2 by @dependabot in #2029
- [NFC] specs: fix list formatting on SIGNATURE_SPEC by @woodruffw in #2030
- Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #2033
- feat: cert-extensions verify by @developer-guy in #1626
- Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 by @dependabot in #2035
- Bump google.golang.org/api from 0.85.0 to 0.86.0 by @dependabot in #2036
- Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #2038
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.0 to 2.1.1 by @dependabot in #2037
- Fix #1378 create new attestation signature in replace mode if not existent by @Syquel in #2014
- Bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 by @dependabot in #2032
- Use cosign.ConfirmPrompt more consistently by @imjasonh in #2039
- chore: add a note about SIGSTORE_REKOR_PUBLIC_KEY var by @hectorj2f in #2040
- Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 by @dependabot in #2042
- Fix OIDC test by @cpanato in #2050
- Add env subcommand. by @wlynch in #2051
- remove tests with 1.21 k8s cluster because it is deprecated and add v1.23/24 by @cpanato in #2055
- update ct/otel and etcd by @cpanato in #2054
- Bump github.com/open-policy-agent/opa from 0.35.0 to 0.42.0 by @dependabot in #2046
- update to go 1.18 by @asraa in #2059
- Bump actions/cache from 3.0.4 to 3.0.5 by @dependabot in #2066
- Bump github/codeql-action from 2.1.15 to 2.1.16 by @dependabot in #2065
- Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #2060
- Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #2062
- Bump github.com/open-policy-agent/opa from 0.42.0 to 0.42.2 by @dependabot in #2063
- chore(deps): CycloneDX PredicateType changed to use in-toto-golang by @masahiro331 in #2067
- Bump google.golang.org/api from 0.86.0 to 0.87.0 by @dependabot in #2064
- Bump actions/dependency-review-action from 2.0.2 to 2.0.4 by @dependabot in #2073
- Bump github.com/xanzy/go-gitlab from 0.68.2 to 0.69.0 by @dependabot in #2075
- Bump mikefarah/yq from 4.25.3 to 4.26.1 by @dependabot in #2076
- Remove replace directives in go.mod. by @wlynch in #2070
- update design doc link by @bobcallaway in #2077
- Remove hack/tools.go by @imjasonh in #2080
- Bump google.golang.org/api from 0.87.0 to 0.88.0 by @dependabot in #2081
- Bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3 by @dependabot in #2078
- Bump github.com/hashicorp/vault/sdk from 0.5.2 to 0.5.3 by @dependabot in #2079
- update builder image to use go1.18.4 by @cpanato in #2086
- add changelog for v1.10.0 release by @cpanato in #2087
- fix missing quote by @cpanato in #2090
New Contributors
- @ciaracarey made their first contribution in #1966
- @JBrejnholt made their first contribution in #1972
- @woodruffw made their first contribution in #2030
- @Syquel made their first contribution in #2014
- @masahiro331 made their first contribution in #2067
Full Changelog: v1.9.0...v1.10.0