Releases: sigstore/sigstore-java
Releases · sigstore/sigstore-java
Release list
v2.2.0
See CHANGELOG.md for more details.
What's Changed
- Update versions and changelog after 2.1.0 release by @aaronlew02 in #1191
- Allow testing token to reference the new gcp token by @loosebazooka in #1195
- Pipe algorithm registry into verifiers by @loosebazooka in #1196
- Make version scripts macOS-compatible by @aaronlew02 in #1192
- Update actions/setup-go action to v6.4.0 by @renovate[bot] in #1181
- Update dependency org.junit:junit-bom to v5.14.4 by @renovate[bot] in #1179
- Make algorithm registry more central to system by @loosebazooka in #1197
- Support more hash/signing algorithms by @loosebazooka in #1198
- remove accidental test resources by @loosebazooka in #1200
- Ts algo reg by @loosebazooka in #1201
- use hashedrekord as only type in rekor v2 paths by @loosebazooka in #1202
- Update jetty monorepo to v12.1.10 by @renovate[bot] in #1178
- Update dependency com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-extensions.gradle.plugin to v3.0.2 by @renovate[bot] in #1193
- ci: declare contents:read on gradle-wrapper-validation workflow by @arpitjain099 in #1188
- ci: declare contents: read permissions on cifuzz workflow by @arpitjain099 in #1194
- Add SIGSTORE_JAVA_ID_TOKEN for passing id token by @loosebazooka in #1204
New Contributors
- @arpitjain099 made their first contribution in #1188
Full Changelog: v2.1.0...v2.2.0
v2.1.0
See CHANGELOG.md for more details.
What's Changed
- Update versions after 2.0.0 release by @loosebazooka in #1118
- chore(deps): update sigstore/community digest to c0c5605 by @renovate[bot] in #1119
- fix(deps): update gradleup_nmcp to v1.3.0 by @renovate[bot] in #1124
- fix(deps): update dependency com.google.errorprone:error_prone_core to v2.45.0 by @renovate[bot] in #1123
- fix(deps): update dependency com.code-intelligence:jazzer-api to v0.28.0 by @renovate[bot] in #1122
- fix(deps): update bouncycastle to v1.83 by @renovate[bot] in #1121
- chore(deps): update actions/checkout action to v4.3.1 by @renovate[bot] in #1120
- ref(deps): Migrate UpdaterTest from Jetty to MockWebServer by @aaronlew02 in #1125
- workflows: schedule a weekly tuf-conformance run by @jku in #1126
- fix(deps): update dependency org.eclipse.jetty:jetty-server to v12.1.5 by @renovate[bot] in #1128
- fix(deps): update maven to v3.9.12 - autoclosed by @renovate[bot] in #1129
- chore(deps): update actions/setup-go action to v5.6.0 by @renovate[bot] in #1130
- chore(deps): update actions/setup-java action to v4.8.0 by @renovate[bot] in #1131
- fix(deps): update dependency org.mockito:mockito-bom to v5.21.0 by @renovate[bot] in #1132
- fix(deps): update dependency com.code-intelligence:jazzer-api to v0.29.1 by @renovate[bot] in #1133
- chore(deps): update sigstore/community digest to bafa89c by @renovate[bot] in #1127
- chore(deps): update actions/checkout action to v6 by @renovate[bot] in #1137
- fix(deps): update immutables to v2.12.0 by @renovate[bot] in #1135
- fix(deps): update gradleup_nmcp to v1.4.0 by @renovate[bot] in #1134
- Use StandardCharsets by @loosebazooka in #1138
- fix(test): Update sample bundle version from 0.2 to 0.1 by @aaronlew02 in #1141
- fix(deps): update protobuf_grpc by @renovate[bot] in #1136
- chore(deps): update actions/setup-go action to v6 by @renovate[bot] in #1139
- chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #1140
- chore(deps): update actions/upload-artifact action to v6 by @renovate[bot] in #1142
- chore(deps): update google-github-actions/auth action to v3 by @renovate[bot] in #1143
- use full key fingerprints by @loosebazooka in #1147
- chore(deps): update google-github-actions/get-secretmanager-secrets action to v3 by @renovate[bot] in #1144
- Update conformance.yml to 0.0.25 by @loosebazooka in #1149
- chore(deps): update actions/setup-go action to v6.2.0 by @renovate[bot] in #1155
- fix(deps): update protobuf_grpc to v4.33.4 by @renovate[bot] in #1154
- fix(deps): update immutables to v2.12.1 by @renovate[bot] in #1153
- chore(deps): update sigstore/community digest to a959c6f by @renovate[bot] in #1150
- chore(deps): update gradle/actions action to v5 by @renovate[bot] in #1158
- fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.4.0 by @renovate[bot] in #1157
- fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v8 by @renovate[bot] in #1159
- fix(deps): update dependency com.google.errorprone:error_prone_core to v2.46.0 by @renovate[bot] in #1156
- fix(deps): update dependency org.junit:junit-bom to v5.14.2 by @renovate[bot] in #1151
- add nonce parameter to OIDC flow by @bobcallaway in #1148
- fix(deps): update dependency com.squareup.okhttp3:mockwebserver to v5 by @renovate[bot] in #1163
- fix(deps): update dependency com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-extensions.gradle.plugin to v3 by @renovate[bot] in #1160
- fix(deps): update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v2 by @renovate[bot] in #1162
- fix(deps): update dependency com.google.http-client:google-http-client-bom to v2 by @renovate[bot] in #1161
- Add test for rekor v2 in prod by @loosebazooka in #1165
- Add prod attestation test by @aaronlew02 in #1167
- chore(deps): update plugin org.gradlex.build-parameters to v1.4.5 by @renovate[bot] in #1172
- Support DSSE signing conformance test by @aaronlew02 in #1166
- Add troubleshooting to README.md by @loosebazooka in #1175
- chore(deps): update gradle/actions action to v5.0.2 by @renovate[bot] in #1171
- fix(deps): update dependency org.assertj:assertj-core to v3.27.7 by @renovate[bot] in #1174
- chore(deps): update actions/checkout action to v6.0.2 by @renovate[bot] in #1169
- catch more exceptions to avoid parsing errors from crashing process by @bobcallaway in #1177
- fix(deps): update maven to v3.9.15 by @renovate[bot] in #1180
- Replace URI.resolve with URIFormat.appendPath by @aaronlew02 in #1182
- http fulcio client by @loosebazooka in #1176
- Replace URI.resolve with URIFormat.appendPath by @aaronlew02 in #1183
- Prioritize email over subject for SAN from OIDC token string by @aaronlew02 in #1186
- Re-add and enhance SET verification in KeylessVerifier by @aaronlew02 in #1185
- add repositories for nmcp plugin to use by @loosebazooka in #1190
Full Changelog: v2.0.0...v2.1.0
v2.0.0
See CHANGELOG.md for more details.
What's Changed
- Add repo info to create release by @loosebazooka in #908
- Update dependency dev.sigstore:protobuf-specs to v0.4.0 by @renovate[bot] in #903
- Update after v1.3.0 release by @loosebazooka in #909
- Update conformance.yml to 0.0.17 by @loosebazooka in #910
- Update dependency commons-codec:commons-codec to v1.18.0 by @renovate[bot] in #902
- Update sigstore/community digest to f1c21e9 by @renovate[bot] in #894
- Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.1 by @renovate[bot] in #895
- Update actions/upload-artifact action to v4.6.1 by @renovate[bot] in #911
- Update dependency com.google.oauth-client:google-oauth-client-bom to v1.38.0 by @renovate[bot] in #913
- Update dependency com.google.http-client:google-http-client-bom to v1.46.3 by @renovate[bot] in #912
- chore: bump junit to 5.12 by @vlsi in #915
- Update dependency org.junit:junit-bom to v5.12.0 by @renovate[bot] in #914
- chore(deps): update gradle/actions action to v4.3.0 by @renovate[bot] in #916
- fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7 by @renovate[bot] in #919
- fix(deps): update dependency org.jetbrains.dokka:org.jetbrains.dokka.gradle.plugin to v2 by @renovate[bot] in #921
- chore(deps): update dependency gradle to v8.13 by @renovate[bot] in #807
- Gradle plugin: Replace findProperty with Isolated Project compatible … by @hfhbd in #811
- fix: add workaround for providers.gradleProperty for pre-7.4 Gradle versions by @vlsi in #924
- Make token string oidc client available outside of cli by @loosebazooka in #925
- chore: use Gradle Java toolchains for the build and test execution by @vlsi in #923
- tuf: use cached targets when available by @loosebazooka in #926
- chore: do not require Java 17 for launching Gradle yet by @vlsi in #927
- fix(deps): update dependency com.google.errorprone:error_prone_core to v2.36.0 by @renovate[bot] in #820
- fix(deps): update dependency org.mockito:mockito-bom to v5.16.0 by @renovate[bot] in #918
- chore(deps): update theupdateframework/tuf-conformance action to v2.3.0 by @renovate[bot] in #917
- chore(deps): update sigstore/community digest to 61b77fe by @renovate[bot] in #928
- fix(deps): update dependency org.junit:junit-bom to v5.12.1 by @renovate[bot] in #932
- fix(deps): update dependency org.mockito:mockito-bom to v5.16.1 by @renovate[bot] in #933
- chore(deps): update actions/upload-artifact action to v4.6.2 by @renovate[bot] in #929
- chore(deps): update dependency go to 1.24.x by @renovate[bot] in #935
- fix(deps): update dependency com.google.guava:guava to v33.4.6-jre by @renovate[bot] in #930
- fix(deps): update dependency com.google.errorprone:error_prone_core to v2.37.0 by @renovate[bot] in #936
- fix(deps): update protobuf_grpc by @renovate[bot] in #938
- fix(deps): update dependency com.google.oauth-client:google-oauth-client-bom to v1.39.0 by @renovate[bot] in #937
- chore(deps): update actions/setup-go action to v5.4.0 by @renovate[bot] in #934
- chore(deps): update sigstore/community digest to b9f2e38 by @renovate[bot] in #939
- chore(deps): update actions/setup-java action to v4.7.1 by @renovate[bot] in #940
- fix(deps): update dependency com.google.guava:guava to v33.4.8-jre by @renovate[bot] in #943
- fix(deps): update dependency dev.sigstore:protobuf-specs to v0.4.1 - autoclosed by @renovate[bot] in #944
- fix(deps): update dependency org.junit:junit-bom to v5.12.2 by @renovate[bot] in #945
- fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7.0.3 by @renovate[bot] in #942
- chore(deps): update gradle/actions action to v4.3.1 by @renovate[bot] in #941
- chore(deps): update dependency gradle to v8.14 by @renovate[bot] in #949
- chore(deps): update sigstore/sigstore-conformance action to v0.0.18 - autoclosed by @renovate[bot] in #947
- chore(deps): update sigstore/community digest to ab62b20 by @renovate[bot] in #946
- fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.2.0 by @renovate[bot] in #955
- fix(deps): update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.9 by @renovate[bot] in #953
- fix(deps): update dependency com.google.http-client:google-http-client-bom to v1.47.0 by @renovate[bot] in #952
- fix(deps): update dependency com.google.errorprone:error_prone_core to v2.38.0 by @renovate[bot] in #951
- fix(deps): update dependency com.google.code.gson:gson to v2.13.1 by @renovate[bot] in #950
- Add signing config parsers by @loosebazooka in #956
- Update google-java-format to 1.24.0 by @loosebazooka in #957
- Allow targetStore to return input streams by @loosebazooka in #962
- chore: migrate to Kotlin Dokka 2.0 by @vlsi in #964
- Use SigstoreConfigurationException more widely by @loosebazooka in #963
- Add timestamp client and verifier by @aaronlew02 in #960
- Consume signing_config v0.2 from TUF repo if availalbe. by @loosebazooka in #965
- ignoreUnknownFields when parsing json by @loosebazooka in #966
- chore(deps): update dependency gradle to v8.14.1 by @renovate[bot] in #969
- chore(deps): update actions/setup-go action to v5.5.0 by @renovate[bot] in #971
- chore(deps): update gradle/actions action to v4.4.0 by @renovate[bot] in #972
- chore(deps): update sigstore/community digest to 55b19bf by @renovate[bot] in #968
- Add providers for signing config and legacy helper by @loosebazooka in #967
- Update Examples action to run on Windows, MacOs, and Linux by @keastrid in #974
- Use Sigstore staging TSA in timestamp client by @aaronlew02 in #975
- Run dev/release examples in separate jobs by @loosebazooka in #976
- Add artifact validation and staging tests to timestamp verifier by @aaronlew02 in #977
- Add RFC3161 timestamps to bundle reader and writer by @aaronlew02 in #978
- Add RFC3161 timestamps to keyless signer and verifier by @aaronlew02 in #979
- Push signing config through all our clients by @loosebazooka in #981
- Add support for ED25519 in trusted_root by @loosebazooka in #983
- Use service helper to create temp services by @loosebazooka in #984
- Reduce redundant action runs by @loosebazooka in #985
- use main on concurrency checks by @loosebazooka in #986
- Update protobuf-specs by @loosebazooka in #988
- fix concurrency by @loosebazooka in https://github.com/sigstore/sigst...
v2.0.0-rc2
See CHANGELOG.md for more details.
What's Changed
- Updates after 2.0.0-rc1 release by @loosebazooka in #1050
- Update README.md by @loosebazooka in #1051
- Update google-github-actions/get-secretmanager-secrets action to v2.2.4 by @renovate[bot] in #1057
- Update dependency org.assertj:assertj-core to v3.27.4 by @renovate[bot] in #1056
- Update dependency com.github.autostyle:com.github.autostyle.gradle.plugin to v4.0.1 by @renovate[bot] in #1054
- Update sigstore/community digest to ff42fd8 by @renovate[bot] in #1053
- Update dependency com.gradleup.nmcp:com.gradleup.nmcp.gradle.plugin to v1.0.3 by @renovate[bot] in #1055
- Update google-github-actions/auth digest to dac4e13 by @renovate[bot] in #1052
- Group gradleup.nmcp in renovate.json by @loosebazooka in #1058
- Update conformance with new xfail by @loosebazooka in #1060
- tuf Updater: fix snapshot version rollback case by @jku in #1061
- cli: Add working directory and enable Rekor v2 by @aaronlew02 in #1062
- Use HTTP server for TUF conformance testing by @aaronlew02 in #1045
- ref: Simplify hashedrekord and DSSE parsing exceptions by @aaronlew02 in #1064
- fix: Reject unsupported DSSE version by @aaronlew02 in #1063
- Fix userAgent string in requests by @loosebazooka in #1066
- Add Rekor v2 types to RekorTypes by @aaronlew02 in #1073
- Handle null inputs parsing rekor entry by @loosebazooka in #1074
- Catch json parse error from gson by @loosebazooka in #1075
- chore(deps): update sigstore/community digest to d7264e2 by @renovate[bot] in #1067
- chore(deps): update google-github-actions/auth action to v2.1.13 by @renovate[bot] in #1068
- chore(deps): update gradle/actions action to v4.4.3 by @renovate[bot] in #1070
- chore(deps): update google-github-actions/get-secretmanager-secrets action to v2.2.5 by @renovate[bot] in #1069
- chore(deps): update sigstore/sigstore-conformance action to v0.0.20 by @renovate[bot] in #1071
- fix(deps): update jetty monorepo to v11.0.26 - autoclosed by @renovate[bot] in #1072
- chore(deps): update sigstore/sigstore-conformance action to v0.0.21 by @renovate[bot] in #1078
- chore(deps): update sigstore/community digest to f539f57 by @renovate[bot] in #1077
- fix(deps): update dependency com.google.code.gson:gson to v2.13.2 by @renovate[bot] in #1079
- fix(deps): update dependency org.assertj:assertj-core to v3.27.6 by @renovate[bot] in #1080
- chore(deps): update actions/checkout action to v4.3.0 by @renovate[bot] in #1081
- chore(deps): update dependency go to 1.25.x by @renovate[bot] in #1082
- remove oidc config from gradle plugin by @loosebazooka in #1076
- fix(deps): update dependency com.google.guava:guava to v33.5.0-jre by @renovate[bot] in #1090
- fix(deps): update dependency com.google.errorprone:error_prone_core to v2.42.0 by @renovate[bot] in #1089
- fix(deps): update bouncycastle to v1.82 by @renovate[bot] in #1087
- chore(deps): update sigstore/community digest to f09be1d by @renovate[bot] in #1085
- chore(deps): update gradle/actions action to v4.4.4 by @renovate[bot] in #1086
- fix(deps): update dependency com.code-intelligence:jazzer-api to v0.26.0 by @renovate[bot] in #1088
New Contributors
Full Changelog: v2.0.0-rc1...v2.0.0-rc2
v2.0.0-rc1
See CHANGELOG.md for more details.
What's Changed
- Add repo info to create release by @loosebazooka in #908
- Update dependency dev.sigstore:protobuf-specs to v0.4.0 by @renovate[bot] in #903
- Update after v1.3.0 release by @loosebazooka in #909
- Update conformance.yml to 0.0.17 by @loosebazooka in #910
- Update dependency commons-codec:commons-codec to v1.18.0 by @renovate[bot] in #902
- Update sigstore/community digest to f1c21e9 by @renovate[bot] in #894
- Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.1 by @renovate[bot] in #895
- Update actions/upload-artifact action to v4.6.1 by @renovate[bot] in #911
- Update dependency com.google.oauth-client:google-oauth-client-bom to v1.38.0 by @renovate[bot] in #913
- Update dependency com.google.http-client:google-http-client-bom to v1.46.3 by @renovate[bot] in #912
- chore: bump junit to 5.12 by @vlsi in #915
- Update dependency org.junit:junit-bom to v5.12.0 by @renovate[bot] in #914
- chore(deps): update gradle/actions action to v4.3.0 by @renovate[bot] in #916
- fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7 by @renovate[bot] in #919
- fix(deps): update dependency org.jetbrains.dokka:org.jetbrains.dokka.gradle.plugin to v2 by @renovate[bot] in #921
- chore(deps): update dependency gradle to v8.13 by @renovate[bot] in #807
- Gradle plugin: Replace findProperty with Isolated Project compatible … by @hfhbd in #811
- fix: add workaround for providers.gradleProperty for pre-7.4 Gradle versions by @vlsi in #924
- Make token string oidc client available outside of cli by @loosebazooka in #925
- chore: use Gradle Java toolchains for the build and test execution by @vlsi in #923
- tuf: use cached targets when available by @loosebazooka in #926
- chore: do not require Java 17 for launching Gradle yet by @vlsi in #927
- fix(deps): update dependency com.google.errorprone:error_prone_core to v2.36.0 by @renovate[bot] in #820
- fix(deps): update dependency org.mockito:mockito-bom to v5.16.0 by @renovate[bot] in #918
- chore(deps): update theupdateframework/tuf-conformance action to v2.3.0 by @renovate[bot] in #917
- chore(deps): update sigstore/community digest to 61b77fe by @renovate[bot] in #928
- fix(deps): update dependency org.junit:junit-bom to v5.12.1 by @renovate[bot] in #932
- fix(deps): update dependency org.mockito:mockito-bom to v5.16.1 by @renovate[bot] in #933
- chore(deps): update actions/upload-artifact action to v4.6.2 by @renovate[bot] in #929
- chore(deps): update dependency go to 1.24.x by @renovate[bot] in #935
- fix(deps): update dependency com.google.guava:guava to v33.4.6-jre by @renovate[bot] in #930
- fix(deps): update dependency com.google.errorprone:error_prone_core to v2.37.0 by @renovate[bot] in #936
- fix(deps): update protobuf_grpc by @renovate[bot] in #938
- fix(deps): update dependency com.google.oauth-client:google-oauth-client-bom to v1.39.0 by @renovate[bot] in #937
- chore(deps): update actions/setup-go action to v5.4.0 by @renovate[bot] in #934
- chore(deps): update sigstore/community digest to b9f2e38 by @renovate[bot] in #939
- chore(deps): update actions/setup-java action to v4.7.1 by @renovate[bot] in #940
- fix(deps): update dependency com.google.guava:guava to v33.4.8-jre by @renovate[bot] in #943
- fix(deps): update dependency dev.sigstore:protobuf-specs to v0.4.1 - autoclosed by @renovate[bot] in #944
- fix(deps): update dependency org.junit:junit-bom to v5.12.2 by @renovate[bot] in #945
- fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7.0.3 by @renovate[bot] in #942
- chore(deps): update gradle/actions action to v4.3.1 by @renovate[bot] in #941
- chore(deps): update dependency gradle to v8.14 by @renovate[bot] in #949
- chore(deps): update sigstore/sigstore-conformance action to v0.0.18 - autoclosed by @renovate[bot] in #947
- chore(deps): update sigstore/community digest to ab62b20 by @renovate[bot] in #946
- fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.2.0 by @renovate[bot] in #955
- fix(deps): update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.9 by @renovate[bot] in #953
- fix(deps): update dependency com.google.http-client:google-http-client-bom to v1.47.0 by @renovate[bot] in #952
- fix(deps): update dependency com.google.errorprone:error_prone_core to v2.38.0 by @renovate[bot] in #951
- fix(deps): update dependency com.google.code.gson:gson to v2.13.1 by @renovate[bot] in #950
- Add signing config parsers by @loosebazooka in #956
- Update google-java-format to 1.24.0 by @loosebazooka in #957
- Allow targetStore to return input streams by @loosebazooka in #962
- chore: migrate to Kotlin Dokka 2.0 by @vlsi in #964
- Use SigstoreConfigurationException more widely by @loosebazooka in #963
- Add timestamp client and verifier by @aaronlew02 in #960
- Consume signing_config v0.2 from TUF repo if availalbe. by @loosebazooka in #965
- ignoreUnknownFields when parsing json by @loosebazooka in #966
- chore(deps): update dependency gradle to v8.14.1 by @renovate[bot] in #969
- chore(deps): update actions/setup-go action to v5.5.0 by @renovate[bot] in #971
- chore(deps): update gradle/actions action to v4.4.0 by @renovate[bot] in #972
- chore(deps): update sigstore/community digest to 55b19bf by @renovate[bot] in #968
- Add providers for signing config and legacy helper by @loosebazooka in #967
- Update Examples action to run on Windows, MacOs, and Linux by @keastrid in #974
- Use Sigstore staging TSA in timestamp client by @aaronlew02 in #975
- Run dev/release examples in separate jobs by @loosebazooka in #976
- Add artifact validation and staging tests to timestamp verifier by @aaronlew02 in #977
- Add RFC3161 timestamps to bundle reader and writer by @aaronlew02 in #978
- Add RFC3161 timestamps to keyless signer and verifier by @aaronlew02 in #979
- Push signing config through all our clients by @loosebazooka in #981
- Add support for ED25519 in trusted_root by @loosebazooka in #983
- Use service helper to create temp services by @loosebazooka in #984
- Reduce redundant action runs by @loosebazooka in #985
- use main on concurrency checks by @loosebazooka in #986
- Update protobuf-specs by @loosebazooka in #988
- fix concurrency by @loosebazooka in https://github.com/sigstore/sigst...
v1.3.0
See CHANGELOG.md for more details.
New Feature
- Add support for verifying dsse-intoto by @loosebazooka in #855
What's Changed
- Update bouncycastle to v1.79 by @renovate in #864
- Update actions/setup-java action to v4.5.0 by @renovate in #863
- Update protobuf_grpc by @renovate in #861
- Update sigstore/community digest to ee857ea by @renovate in #841
- Update dependency com.google.http-client:google-http-client-bom to v1.45.1 by @renovate in #860
- Add tests for downloadTarget by @loosebazooka in #854
- Update sigstore/sigstore-conformance action to v0.0.13 by @renovate in #862
- Import dsse/hashrekord types from rekor by @loosebazooka in #867
- Parse DSSE bundles and Intoto payloads by @loosebazooka in #868
- Update conformance to 0.0.14 by @loosebazooka in #869
- Reorganize message signature checks by @loosebazooka in #872
- Change payload type to byte[] by @loosebazooka in #873
- Update dependency com.code-intelligence:jazzer-api to v0.23.0 by @renovate in #879
- Update actions/setup-go action to v5.2.0 - autoclosed by @renovate in #877
- Update dependency org.junit:junit-bom to v5.11.4 by @renovate in #876
- Update dependency com.google.http-client:google-http-client-bom to v1.45.3 by @renovate in #875
- Update sigstore/community digest to 859cddd by @renovate in #874
- Update actions/setup-java action to v4.6.0 by @renovate in #878
- Update gradle/actions action to v4.2.2 by @renovate in #883
- Update dependency org.assertj:assertj-core to v3.27.2 by @renovate in #882
- Update protobuf_grpc by @renovate in #884
- Update softprops/action-gh-release action to v2.2.0 by @renovate in #885
- Update dependency com.google.guava:guava to v33.4.0-jre by @renovate in #880
- Update dependency com.google.oauth-client:google-oauth-client-bom to v1.37.0 by @renovate in #881
- Update sigstore/sigstore-conformance action to v0.0.16 by @renovate in #891
- address CI issues reported by zizmor by @bobcallaway in #892
- Update sigstore/community digest to 9ce4322 by @renovate in #886
- Update dependency commons-codec:commons-codec to v1.17.2 - autoclosed by @renovate in #887
- Update dependency dev.sigstore:protobuf-specs to v0.3.3 by @renovate in #888
- Update dependency org.assertj:assertj-core to v3.27.3 by @renovate in #889
- Update protobuf_grpc by @renovate in #890
- Update actions/setup-go action to v5.3.0 by @renovate in #896
- Update actions/setup-java action to v4.7.0 by @renovate in #897
- Update bouncycastle to v1.80 by @renovate in #898
- Update dependency com.code-intelligence:jazzer-api to v0.24.0 by @renovate in #899
- Update dependency com.google.code.gson:gson to v2.12.1 by @renovate in #900
- Update dependency com.google.http-client:google-http-client-bom to v1.46.1 by @renovate in #901
- Doc should say .sigstore.json instead of .sigstore.java by @thomasleplus in #906
New Contributors
- @thomasleplus made their first contribution in #906
Full Changelog: v1.2.0...v1.3.0
v1.2.0
See CHANGELOG.md for more details.
What's Changed
- Fix checkpoint verification 23fb488
- Update versions and changelog by @loosebazooka in #858
- Add arifactDigest as input option for conformance by @loosebazooka in #859
Full Changelog: v1.1.0...v1.2.0
v1.1.0
See CHANGELOG.md for more details.
What's Changed
- update versions after 1.0.0 by @loosebazooka in #800
- Update dependency org.eclipse.jetty:jetty-server to v11.0.24 by @renovate in #803
- Update gradle/actions action to v4.0.1 by @renovate in #804
- Update dependency com.google.errorprone:error_prone_core to v2.31.0 by @renovate in #805
- Update dependency com.google.http-client:google-http-client-bom to v1.45.0 by @renovate in #806
- Update sigstore/community digest to af27ecc by @renovate in #801
- Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.2.2 by @renovate in #802
- Update dependency com.google.guava:guava to v33.3.1-jre by @renovate in #815
- Update actions/checkout action to v4.2.0 by @renovate in #818
- Update actions/setup-java action to v4.4.0 by @renovate in #819
- Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.0 by @renovate in #821
- Update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.7 by @renovate in #816
- Update protobuf_grpc by @renovate in #824
- Update gradle/actions action to v4.1.0 by @renovate in #823
- Update dependency org.mockito:mockito-bom to v5.14.1 by @renovate in #822
- Update sigstore/community digest to 95ef39c by @renovate in #814
- Update dependency org.junit:junit-bom to v5.11.1 by @renovate in #817
- Move known roles in TUF by @loosebazooka in #826
- Separate meta fetching from target fetching by @loosebazooka in #827
- Non inferred file names by @loosebazooka in #828
- Update actions/checkout action to v4.2.1 by @renovate in #830
- Update dependency org.junit:junit-bom to v5.11.2 by @renovate in #831
- Update dependency org.mockito:mockito-bom to v5.14.2 by @renovate in #832
- Update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.8 by @renovate in #833
- Update dependency org.junit:junit-bom to v5.11.3 by @renovate in #835
- Update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.1.0 by @renovate in #834
- Update sigstore/community digest to dcc3c01 by @renovate in #829
- Store meta state in memory by @loosebazooka in #836
- Update tuf updater api surface by @loosebazooka in #839
- More tuf updates for conformance by @loosebazooka in #840
- Start adding tuf conformance by @loosebazooka in #838
- Update protobuf_grpc by @renovate in #842
- Update softprops/action-gh-release action to v2.1.0 by @renovate in #844
- Update actions/setup-go action to v5.1.0 by @renovate in #845
- Update staging and public good embedded starter roots by @loosebazooka in #848
- Add tuf specific key/signature handlers by @loosebazooka in #847
- Use tuf verifiers in updater by @loosebazooka in #849
- Cleanup by @loosebazooka in #850
- Update actions/checkout action to v4.2.2 by @renovate in #843
- Cleanup keys parsing, caller specifies type by @loosebazooka in #851
- Handle targets with path elements by @loosebazooka in #853
- Fix test_duplicate_sig_keyids by @loosebazooka in #852
- Rekor Entries should be reconstructed and compared by @loosebazooka in #856
Full Changelog: v1.0.0...v1.1.0
v1.0.0
v0.12.0
See CHANGELOG.md for more details.