github sigstore/sigstore v1.3.0
on GitHub

latest releases: pkg/signature/kms/hashivault/v1.8.3, pkg/signature/kms/gcp/v1.8.3, pkg/signature/kms/aws/v1.8.3...
22 months ago

What's Changed

  • Bump github.com/aws/aws-sdk-go from 1.43.24 to 1.43.26 by @dependabot in #349
  • Bump github.com/hashicorp/vault/api from 1.4.1 to 1.5.0 by @dependabot in #348
  • Add method to validate public key by @haydentherapper in #344
  • Makefile: Install golangci lint by @hectorj2f in #350
  • Bump github.com/go-rod/rod from 0.104.1 to 0.104.2 by @dependabot in #352
  • Bump github.com/aws/aws-sdk-go from 1.43.26 to 1.43.27 by @dependabot in #351
  • Bump github.com/Azure/azure-sdk-for-go from 62.3.0+incompatible to 63.0.0+incompatible by @dependabot in #354
  • Bump github.com/aws/aws-sdk-go from 1.43.27 to 1.43.28 by @dependabot in #355
  • Bump github.com/go-rod/rod from 0.104.2 to 0.104.4 by @dependabot in #358
  • Bump github/codeql-action from 1.1.5 to 2.1.6 by @dependabot in #356
  • Bump actions/cache from 3.0.0 to 3.0.1 by @dependabot in #357
  • oidc: set the redirect url if needed by @hectorj2f in #353
  • Fix regex for matching GCP KMS key by @haydentherapper in #359
  • Bump github.com/aws/aws-sdk-go from 1.43.28 to 1.43.29 by @dependabot in #360
  • Bump github.com/aws/aws-sdk-go from 1.43.29 to 1.43.30 by @dependabot in #363
  • Bump github.com/Azure/go-autorest/autorest from 0.11.24 to 0.11.25 by @dependabot in #362
  • update boulder dependency to remove some syslog dependencies that affect windows build by @cpanato in #364
  • Add fake signer that implements KMS interface by @haydentherapper in #361
  • fix if check in the release job by @cpanato in #365
  • fix missing curly brackets by @cpanato in #366
  • Bump github.com/aws/aws-sdk-go from 1.43.30 to 1.43.31 by @dependabot in #367
  • chore: set redirect URL in doOobFlow by @hectorj2f in #368
  • Bump github.com/aws/aws-sdk-go from 1.43.31 to 1.43.33 by @dependabot in #373
  • Bump github/codeql-action from 2.1.6 to 2.1.7 by @dependabot in #372
  • Bump google-github-actions/auth from 0.6.0 to 0.7.0 by @dependabot in #371
  • Bump github.com/Azure/azure-sdk-for-go from 63.0.0+incompatible to 63.1.0+incompatible by @dependabot in #369
  • Bump github.com/aws/aws-sdk-go from 1.43.33 to 1.43.34 by @dependabot in #375
  • Bump github.com/aws/aws-sdk-go from 1.43.34 to 1.43.36 by @dependabot in #379
  • Bump github/codeql-action from 2.1.7 to 2.1.8 by @dependabot in #378
  • Bump github.com/go-rod/rod from 0.104.4 to 0.105.0 by @dependabot in #377
  • Update to go 1.17 / 1.18 by @lukehinds in #374
  • Bump github.com/aws/aws-sdk-go from 1.43.36 to 1.43.37 by @dependabot in #382
  • Bump github.com/go-rod/rod from 0.105.0 to 0.105.1 by @dependabot in #383
  • Bump github.com/Azure/azure-sdk-for-go from 63.1.0+incompatible to 63.2.0+incompatible by @dependabot in #385
  • Bump actions/cache from 3.0.1 to 3.0.2 by @dependabot in #381
  • run tests with go1.17 and go1.18 by @cpanato in #380
  • Bump github.com/aws/aws-sdk-go from 1.43.37 to 1.43.39 by @dependabot in #387
  • Bump github.com/aws/aws-sdk-go from 1.43.39 to 1.43.40 by @dependabot in #389
  • Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #388
  • Bump github.com/go-rod/rod from 0.105.1 to 0.106.0 by @dependabot in #390
  • Bump github.com/aws/aws-sdk-go from 1.43.40 to 1.43.41 by @dependabot in #391
  • Bump github.com/Azure/azure-sdk-for-go from 63.2.0+incompatible to 63.3.0+incompatible by @dependabot in #393
  • Bump github.com/Azure/go-autorest/autorest from 0.11.25 to 0.11.26 by @dependabot in #392
  • Bump github.com/go-rod/rod from 0.106.0 to 0.106.1 by @dependabot in #395
  • Add a helper method to parse a PEM-encoded CSR by @haydentherapper in #394
  • Bump github.com/aws/aws-sdk-go from 1.43.41 to 1.43.43 by @dependabot in #398
  • Add method for generating certificate serial number by @haydentherapper in #399
  • Bump github.com/aws/aws-sdk-go from 1.43.43 to 1.43.44 by @dependabot in #402
  • Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #401
  • make target integration by @sallyom in #400
  • Bump github.com/Azure/go-autorest/autorest from 0.11.26 to 0.11.27 by @dependabot in #404
  • Bump github.com/aws/aws-sdk-go from 1.43.44 to 1.43.45 by @dependabot in #405
  • Add error type for kms.Get when provider not found by @znewman01 in #407
  • Bump github.com/Azure/azure-sdk-for-go from 63.3.0+incompatible to 63.4.0+incompatible by @dependabot in #409
  • Bump github.com/aws/aws-sdk-go from 1.43.45 to 1.44.0 by @dependabot in #410
  • Bump google-github-actions/auth from 0.7.0 to 0.7.1 by @dependabot in #408
  • Bump github.com/aws/aws-sdk-go from 1.44.0 to 1.44.1 by @dependabot in #412
  • Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #411
  • Bump github.com/aws/aws-sdk-go from 1.44.1 to 1.44.2 by @dependabot in #413
  • Bump github.com/go-rod/rod from 0.106.1 to 0.106.2 by @dependabot in #414
  • Bump github/codeql-action from 2.1.8 to 2.1.9 by @dependabot in #415
  • Bump github.com/go-rod/rod from 0.106.2 to 0.106.4 by @dependabot in #417
  • Bump github.com/aws/aws-sdk-go from 1.44.2 to 1.44.3 by @dependabot in #416
  • Bump github.com/aws/aws-sdk-go from 1.44.2 to 1.44.4 by @dependabot in #418
  • chore(deps): Included dependency review by @naveensrinivasan in #406
  • Call ValidReference in all KMS cases by @imjasonh in #419
  • Bump github.com/aws/aws-sdk-go from 1.44.4 to 1.44.5 by @dependabot in #420
  • Bump github.com/go-rod/rod from 0.106.4 to 0.106.5 by @dependabot in #421
  • Bump github.com/aws/aws-sdk-go from 1.44.5 to 1.44.7 by @dependabot in #422
  • Bump github.com/aws/aws-sdk-go from 1.44.7 to 1.44.8 by @dependabot in #423
  • Bump github.com/aws/aws-sdk-go from 1.44.8 to 1.44.9 by @dependabot in #424
  • Remove copy of OAuth success HTML by @imjasonh in #425
  • Bump github.com/go-rod/rod from 0.106.5 to 0.106.6 by @dependabot in #427
  • Bump github.com/aws/aws-sdk-go from 1.44.9 to 1.44.10 by @dependabot in #428
  • Bump github.com/Azure/azure-sdk-for-go from 63.4.0+incompatible to 64.0.0+incompatible by @dependabot in #429
  • Bump github.com/aws/aws-sdk-go from 1.44.10 to 1.44.11 by @dependabot in #432
  • Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 by @dependabot in #433
  • Bump github.com/aws/aws-sdk-go from 1.44.11 to 1.44.12 by @dependabot in #434
  • Bump github/codeql-action from 2.1.9 to 2.1.10 by @dependabot in #431
  • Bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0 by @dependabot in #437
  • Add method to unmarshal certificates with a limit by @haydentherapper in #430
  • Add unsafe verifier to verify signatures with SHA1 digests by @haydentherapper in #441
  • Bump github.com/aws/aws-sdk-go from 1.44.12 to 1.44.13 by @dependabot in #440
  • Bump github/codeql-action from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.10 by @dependabot in #439
  • Bump actions/setup-go from 3.0.0 to 3.1.0 by @dependabot in #438
  • Bump github.com/aws/aws-sdk-go from 1.44.13 to 1.44.14 by @dependabot in #443
  • Bump actions/dependency-review-action from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1 by @dependabot in #442
  • Remove dependency on deprecated github.com/pkg/errors by @imjasonh in #444
  • Bump google-github-actions/auth from 0.7.1 to 0.7.2 by @dependabot in #446
  • Bump github.com/aws/aws-sdk-go from 1.44.14 to 1.44.15 by @dependabot in #447
  • Bump github.com/Azure/azure-sdk-for-go from 64.0.0+incompatible to 64.1.0+incompatible by @dependabot in #445
  • Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #448
  • Bump github.com/aws/aws-sdk-go from 1.44.15 to 1.44.16 by @dependabot in #449
  • Bump github.com/go-rod/rod from 0.106.6 to 0.106.7 by @dependabot in #450
  • Bump github.com/google/go-containerregistry from 0.8.0 to 0.9.0 by @dependabot in #451
  • Bump github.com/aws/aws-sdk-go from 1.44.16 to 1.44.17 by @dependabot in #453
  • Bump google-github-actions/auth from 0.7.2 to 0.7.3 by @dependabot in #452
  • Bump github.com/go-rod/rod from 0.106.7 to 0.106.8 by @dependabot in #454
  • Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in #456
  • Bump github.com/aws/aws-sdk-go from 1.44.17 to 1.44.18 by @dependabot in #455
  • Bump github.com/aws/aws-sdk-go from 1.44.18 to 1.44.19 by @dependabot in #457
  • Bump github.com/aws/aws-sdk-go from 1.44.19 to 1.44.20 by @dependabot in #461
  • Bump github.com/Azure/azure-sdk-for-go from 64.1.0+incompatible to 65.0.0+incompatible by @dependabot in #460
  • Bump actions/dependency-review-action from 1.0.1 to 1.0.2 by @dependabot in #459
  • Bump google-github-actions/auth from 0.7.3 to 0.8.0 by @dependabot in #458
  • Bump github.com/aws/aws-sdk-go from 1.44.20 to 1.44.21 by @dependabot in #464
  • Bump github.com/hashicorp/vault/api from 1.5.0 to 1.6.0 by @dependabot in #463
  • Bump github.com/aws/aws-sdk-go from 1.44.21 to 1.44.22 by @dependabot in #465
  • Update go-tuf to pick up security fixes by @haydentherapper in #462
  • Export providerInit type by @imjasonh in #466
  • Bump actions/setup-go from 3.1.0 to 3.2.0 by @dependabot in #469
  • Bump github.com/aws/aws-sdk-go from 1.44.22 to 1.44.23 by @dependabot in #470
  • Bump github.com/go-rod/rod from 0.106.8 to 0.107.0 by @dependabot in #471
  • update error message for pkg/signature/ecdsa.go when checking the VerifyASN1 by @cpanato in #473
  • Bump github.com/aws/aws-sdk-go from 1.44.23 to 1.44.24 by @dependabot in #474
  • Allow passing options to GCP's LoadSignVerifier. by @mattmoor in #468
  • Migrate AWK KMS to use the v2 SDK. by @mattmoor in #475
  • Bump google.golang.org/api from 0.75.0 to 0.81.0 by @dependabot in #476
  • fix uppercase err msgs to quiet golangci-lint by @bobcallaway in #477
  • Bump actions/cache from 3.0.2 to 3.0.3 by @dependabot in #478
  • Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.1 to 0.4.0 by @dependabot in #482
  • Bump github.com/aws/aws-sdk-go from 1.44.24 to 1.44.26 by @dependabot in #481
  • Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #480
  • Bump google.golang.org/api from 0.81.0 to 0.82.0 by @dependabot in #483
  • Autoclose OAuth success page after 5 seconds. by @wlynch in #484
  • Bump github.com/aws/aws-sdk-go from 1.44.26 to 1.44.27 by @dependabot in #485
  • Add a warning when using WithDigest with ECDSA by @haydentherapper in #487
  • Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #489
  • Bump github.com/go-rod/rod from 0.107.0 to 0.107.1 by @dependabot in #488
  • Bump google.golang.org/api from 0.82.0 to 0.83.0 by @dependabot in #495
  • Bump github.com/aws/aws-sdk-go-v2 from 1.16.4 to 1.16.5 by @dependabot in #491
  • Bump github.com/aws/aws-sdk-go-v2/config from 1.15.9 to 1.15.10 by @dependabot in #494
  • Bump github.com/aws/aws-sdk-go-v2/service/kms from 1.17.2 to 1.17.3 by @dependabot in #493
  • Bump actions/cache from 3.0.3 to 3.0.4 by @dependabot in #490
  • Bump github.com/aws/aws-sdk-go from 1.44.27 to 1.44.29 by @dependabot in #492
  • Bump github.com/hashicorp/vault/api from 1.6.0 to 1.7.1 by @dependabot in #496
  • Bump github.com/aws/aws-sdk-go from 1.44.29 to 1.44.30 by @dependabot in #497
  • Bump github.com/aws/aws-sdk-go from 1.44.30 to 1.44.31 by @dependabot in #498
  • Bump github.com/hashicorp/vault/api from 1.7.1 to 1.7.2 by @dependabot in #499
  • Move fulcioroots and tuf packages from cosign by @imjasonh in #435
  • Bump github.com/aws/aws-sdk-go from 1.44.31 to 1.44.32 by @dependabot in #501
  • Bump github.com/aws/aws-sdk-go from 1.44.32 to 1.44.33 by @dependabot in #504
  • Lock TUF client during target loading operations by @puerco in #503
  • Bump google.golang.org/api from 0.83.0 to 0.84.0 by @dependabot in #507
  • Bump github.com/aws/aws-sdk-go from 1.44.33 to 1.44.34 by @dependabot in #506
  • Bump github.com/aws/aws-sdk-go from 1.44.33 to 1.44.35 by @dependabot in #508
  • Bump actions/dependency-review-action from 1.0.2 to 2.0.1 by @dependabot in #505
  • Bump actions/dependency-review-action from 2.0.1 to 2.0.2 by @dependabot in #509
  • Bump github.com/aws/aws-sdk-go from 1.44.35 to 1.44.36 by @dependabot in #510
  • Bump github.com/aws/aws-sdk-go-v2/config from 1.15.10 to 1.15.11 by @dependabot in #511
  • Bump github.com/go-rod/rod from 0.107.1 to 0.107.2 by @dependabot in #512
  • Bump github.com/aws/aws-sdk-go from 1.44.36 to 1.44.37 by @dependabot in #513
  • Bump github.com/aws/aws-sdk-go from 1.44.37 to 1.44.38 by @dependabot in #517
  • Bump github.com/stretchr/testify from 1.7.2 to 1.7.3 by @dependabot in #518
  • Bump github.com/stretchr/testify from 1.7.3 to 1.7.4 by @dependabot in #520
  • Bump github.com/aws/aws-sdk-go from 1.44.38 to 1.44.39 by @dependabot in #521
  • Bump github/codeql-action from 2.1.12 to 2.1.13 by @dependabot in #519
  • Revert "Autoclose OAuth success page after 5 seconds. (#484)" by @wlynch in #502
  • oauthflow/interactive: Make input/output configurable. by @wlynch in #514
  • Bump google.golang.org/api from 0.84.0 to 0.85.0 by @dependabot in #523
  • Bump github.com/aws/aws-sdk-go from 1.44.39 to 1.44.40 by @dependabot in #524
  • Bump github.com/Azure/azure-sdk-for-go from 65.0.0+incompatible to 66.0.0+incompatible by @dependabot in #526
  • add check if transit return nil data by @Dentrax in #515
  • Bump github.com/google/go-containerregistry from 0.9.0 to 0.10.0 by @dependabot in #525
  • Bump github.com/aws/aws-sdk-go from 1.44.40 to 1.44.41 by @dependabot in #529
  • Bump github/codeql-action from 2.1.13 to 2.1.14 by @dependabot in #528

New Contributors

Full Changelog: v1.2.0...v1.3.0

Check out latest releases or
releases around sigstore/sigstore v1.3.0

Don't miss a new sigstore release

NewReleases is sending notifications on new releases.

Get notifications