Skip to content

v2.0.0-rc1

Choose a tag to compare

View all tags
@github-actions github-actions released this 14 Aug 18:36
· 131 commits to main since this release
v2.0.0-rc1
0012c01
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

See CHANGELOG.md for more details.

What's Changed

  • Add repo info to create release by @loosebazooka in #908
  • Update dependency dev.sigstore:protobuf-specs to v0.4.0 by @renovate[bot] in #903
  • Update after v1.3.0 release by @loosebazooka in #909
  • Update conformance.yml to 0.0.17 by @loosebazooka in #910
  • Update dependency commons-codec:commons-codec to v1.18.0 by @renovate[bot] in #902
  • Update sigstore/community digest to f1c21e9 by @renovate[bot] in #894
  • Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.1 by @renovate[bot] in #895
  • Update actions/upload-artifact action to v4.6.1 by @renovate[bot] in #911
  • Update dependency com.google.oauth-client:google-oauth-client-bom to v1.38.0 by @renovate[bot] in #913
  • Update dependency com.google.http-client:google-http-client-bom to v1.46.3 by @renovate[bot] in #912
  • chore: bump junit to 5.12 by @vlsi in #915
  • Update dependency org.junit:junit-bom to v5.12.0 by @renovate[bot] in #914
  • chore(deps): update gradle/actions action to v4.3.0 by @renovate[bot] in #916
  • fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7 by @renovate[bot] in #919
  • fix(deps): update dependency org.jetbrains.dokka:org.jetbrains.dokka.gradle.plugin to v2 by @renovate[bot] in #921
  • chore(deps): update dependency gradle to v8.13 by @renovate[bot] in #807
  • Gradle plugin: Replace findProperty with Isolated Project compatible … by @hfhbd in #811
  • fix: add workaround for providers.gradleProperty for pre-7.4 Gradle versions by @vlsi in #924
  • Make token string oidc client available outside of cli by @loosebazooka in #925
  • chore: use Gradle Java toolchains for the build and test execution by @vlsi in #923
  • tuf: use cached targets when available by @loosebazooka in #926
  • chore: do not require Java 17 for launching Gradle yet by @vlsi in #927
  • fix(deps): update dependency com.google.errorprone:error_prone_core to v2.36.0 by @renovate[bot] in #820
  • fix(deps): update dependency org.mockito:mockito-bom to v5.16.0 by @renovate[bot] in #918
  • chore(deps): update theupdateframework/tuf-conformance action to v2.3.0 by @renovate[bot] in #917
  • chore(deps): update sigstore/community digest to 61b77fe by @renovate[bot] in #928
  • fix(deps): update dependency org.junit:junit-bom to v5.12.1 by @renovate[bot] in #932
  • fix(deps): update dependency org.mockito:mockito-bom to v5.16.1 by @renovate[bot] in #933
  • chore(deps): update actions/upload-artifact action to v4.6.2 by @renovate[bot] in #929
  • chore(deps): update dependency go to 1.24.x by @renovate[bot] in #935
  • fix(deps): update dependency com.google.guava:guava to v33.4.6-jre by @renovate[bot] in #930
  • fix(deps): update dependency com.google.errorprone:error_prone_core to v2.37.0 by @renovate[bot] in #936
  • fix(deps): update protobuf_grpc by @renovate[bot] in #938
  • fix(deps): update dependency com.google.oauth-client:google-oauth-client-bom to v1.39.0 by @renovate[bot] in #937
  • chore(deps): update actions/setup-go action to v5.4.0 by @renovate[bot] in #934
  • chore(deps): update sigstore/community digest to b9f2e38 by @renovate[bot] in #939
  • chore(deps): update actions/setup-java action to v4.7.1 by @renovate[bot] in #940
  • fix(deps): update dependency com.google.guava:guava to v33.4.8-jre by @renovate[bot] in #943
  • fix(deps): update dependency dev.sigstore:protobuf-specs to v0.4.1 - autoclosed by @renovate[bot] in #944
  • fix(deps): update dependency org.junit:junit-bom to v5.12.2 by @renovate[bot] in #945
  • fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7.0.3 by @renovate[bot] in #942
  • chore(deps): update gradle/actions action to v4.3.1 by @renovate[bot] in #941
  • chore(deps): update dependency gradle to v8.14 by @renovate[bot] in #949
  • chore(deps): update sigstore/sigstore-conformance action to v0.0.18 - autoclosed by @renovate[bot] in #947
  • chore(deps): update sigstore/community digest to ab62b20 by @renovate[bot] in #946
  • fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.2.0 by @renovate[bot] in #955
  • fix(deps): update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.9 by @renovate[bot] in #953
  • fix(deps): update dependency com.google.http-client:google-http-client-bom to v1.47.0 by @renovate[bot] in #952
  • fix(deps): update dependency com.google.errorprone:error_prone_core to v2.38.0 by @renovate[bot] in #951
  • fix(deps): update dependency com.google.code.gson:gson to v2.13.1 by @renovate[bot] in #950
  • Add signing config parsers by @loosebazooka in #956
  • Update google-java-format to 1.24.0 by @loosebazooka in #957
  • Allow targetStore to return input streams by @loosebazooka in #962
  • chore: migrate to Kotlin Dokka 2.0 by @vlsi in #964
  • Use SigstoreConfigurationException more widely by @loosebazooka in #963
  • Add timestamp client and verifier by @aaronlew02 in #960
  • Consume signing_config v0.2 from TUF repo if availalbe. by @loosebazooka in #965
  • ignoreUnknownFields when parsing json by @loosebazooka in #966
  • chore(deps): update dependency gradle to v8.14.1 by @renovate[bot] in #969
  • chore(deps): update actions/setup-go action to v5.5.0 by @renovate[bot] in #971
  • chore(deps): update gradle/actions action to v4.4.0 by @renovate[bot] in #972
  • chore(deps): update sigstore/community digest to 55b19bf by @renovate[bot] in #968
  • Add providers for signing config and legacy helper by @loosebazooka in #967
  • Update Examples action to run on Windows, MacOs, and Linux by @keastrid in #974
  • Use Sigstore staging TSA in timestamp client by @aaronlew02 in #975
  • Run dev/release examples in separate jobs by @loosebazooka in #976
  • Add artifact validation and staging tests to timestamp verifier by @aaronlew02 in #977
  • Add RFC3161 timestamps to bundle reader and writer by @aaronlew02 in #978
  • Add RFC3161 timestamps to keyless signer and verifier by @aaronlew02 in #979
  • Push signing config through all our clients by @loosebazooka in #981
  • Add support for ED25519 in trusted_root by @loosebazooka in #983
  • Use service helper to create temp services by @loosebazooka in #984
  • Reduce redundant action runs by @loosebazooka in #985
  • use main on concurrency checks by @loosebazooka in #986
  • Update protobuf-specs by @loosebazooka in #988
  • fix concurrency by @loosebazooka in #989
  • Update dependency org.apache.maven:maven-core to v3.9.10 by @renovate[bot] in #995
  • Extract inclusion proof verifier into a new library by @aaronlew02 in #998
  • Update dependency org.apache.maven:maven-plugin-api to v3.9.10 by @renovate[bot] in #996
  • Add support for Ed25519 signatures by @aaronlew02 in #1000
  • group maven in renovate.json by @loosebazooka in #1003
  • Update maven build by @loosebazooka in #1004
  • Avoid having users look at ImmutableHttpParams by @loosebazooka in #1006
  • Add Rekor v2 client and verifier by @aaronlew02 in #990
  • Allow RekorEntry to be built from TransparencyLogEntry by @aaronlew02 in #1013
  • Add Rekor v2 staging URI to LegacySigningConfig by @aaronlew02 in #1014
  • Unify Rekor v1 and v2 verifiers by @aaronlew02 in #1016
  • Add Rekor v2 support to bundle reader and writer by @aaronlew02 in #1017
  • Fix check for empty SET in RekorVerifier by @aaronlew02 in #1020
  • Move TLogEntry-to-RekorEntry converter to ProtoMutators by @aaronlew02 in #1021
  • Add Rekor v2 support to keyless signer and verifier by @aaronlew02 in #1008
  • fix(test): Update TUF client test for public good signing config v0.2 by @aaronlew02 in #1025
  • fix: Re-add timestamp verification in KeylessVerifier by @aaronlew02 in #1024
  • Match signer chosing to algorithm registry by @loosebazooka in #1027
  • fix(deps): update dependency com.google.http-client:google-http-client-bom to v1.47.1 by @renovate[bot] in #1009
  • Require signing config from TUF and remove legacy fallback by @aaronlew02 in #1028
  • Add DSSE envelope checks for Rekor v2 by @aaronlew02 in #1031
  • Replace LegacySigningConfig with TUF signing config by @aaronlew02 in #1032
  • fix: Get Rekor v2 from signing config if enabled by @aaronlew02 in #1035
  • fix(test): Verify signing result for Rekor v1 vs. v2 by @aaronlew02 in #1037
  • Get Rekor v2 service from TUF signing config by @aaronlew02 in #1040
  • fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7.2.1 by @renovate[bot] in #993
  • chore(deps): update sigstore/community digest to 74d6625 by @renovate[bot] in #992
  • chore(deps): update gradle/actions action to v4.4.1 by @renovate[bot] in #1011
  • chore(deps): update plugin org.gradlex.maven-plugin-development to v1.0.3 by @renovate[bot] in #1036
  • fix(deps): update dependency org.eclipse.jetty:jetty-server to v11.0.25 by @renovate[bot] in #931
  • Add option to use conformance token by @loosebazooka in #1041
  • Use HTTP server for conformance testing by @aaronlew02 in #1038
  • chore(deps): update dependency gradle to v8.14.3 by @renovate[bot] in #994
  • Configure maven central publishing by @loosebazooka in #1042
  • Apply httpparams more universally by @loosebazooka in #1046
  • URL -> URI by @loosebazooka in #1047
  • prepare for 2.0.0-rc1 by @loosebazooka in #1048

New Contributors

Full Changelog: v1.3.0...v2.0.0-rc1

Contributors

vlsi, loosebazooka, and 4 other contributors
Assets 2
Loading