Releases: in-toto/witness
Releases · in-toto/witness
v0.4.0-beta2
v0.4.0-beta1
v0.4.0-beta
Changelog
Bug fixes
- 09f8cbb: fix: run e2e test script as part of workflows (#397) (@mikhailswift)
Others
- 838aec6: Handle multiple results from run (@jkjell)
- f8d862f: Rename exportRun and add better file naming (@jkjell)
- 609dcd4: Run make docgen (@jkjell)
- ad043b1: Update go version in actions and point go.mod to WIP go-witness (@jkjell)
- 9a85fca: Add explicit setup-go action for workflows and change attestation file output to backwards compatible (@jkjell)
- 3c8d14d: chore: bump actions/cache from 4.0.0 to 4.0.1 (#401) (@dependabot[bot])
- feac3aa: chore: bump github/codeql-action from 3.24.5 to 3.24.6 (#400) (@dependabot[bot])
- e54d8be: chore: bump actions/download-artifact from 4.1.2 to 4.1.4 (#399) (@dependabot[bot])
- a4c4029: doc: fix example in signers kms doc (#403) (@kairoaraujo)
- 910d630: Witness website netlify (#394) (@ChaosInTheCRD)
- bb8b3c0: chore: bump the go_modules group group with 2 updates (#408) (@dependabot[bot])
- 3fc10e4: chore: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#409) (@dependabot[bot])
- 7528df2: chore: bump follow-redirects from 1.15.5 to 1.15.6 in /docs-website (#410) (@dependabot[bot])
- 1844b26: chore: bump k8s.io/apimachinery from 0.29.2 to 0.29.3 (#411) (@dependabot[bot])
- 10f895d: chore: bump actions/checkout from 4.1.1 to 4.1.2 (#412) (@dependabot[bot])
- b1ee681: chore: bump github/codeql-action from 3.24.6 to 3.24.8 (#415) (@dependabot[bot])
- 917e13b: chore: bump docker/login-action from 3.0.0 to 3.1.0 (#413) (@dependabot[bot])
- 51d0fa6: Merge branch 'main' into link-attestor (@jkjell)
- fe61acd: chore: bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /docs-website (#417) (@dependabot[bot])
- 2b4213f: chore: bump github/codeql-action from 3.24.8 to 3.24.9 (#419) (@dependabot[bot])
- 78f1a7b: chore: bump actions/dependency-review-action from 4.1.3 to 4.2.4 (#420) (@dependabot[bot])
- 6bec181: chore: bump actions/cache from 4.0.1 to 4.0.2 (#421) (@dependabot[bot])
- f5deef5: chore: bump express from 4.18.3 to 4.19.2 in /docs-website (#423) (@dependabot[bot])
- c86b46d: small typo fix (#424) (@ChaosInTheCRD)
- 90cb5ac: Update dependabot.yml (#405) (@jkjell)
- 1fbdaa9: chore: bump the all-gha group with 1 update (#426) (@dependabot[bot])
- 6f7d4a8: Adding ability to list attestors (#384) (@ChaosInTheCRD)
- bed1863: Update GHA triggers to fine tune for code changes vs other updates (#406) (@jkjell)
- 74f6c3d: chore: bump the all-go-mod group with 1 update (#425) (@dependabot[bot])
- 9f16a4d: Merge branch 'main' into link-attestor (@jkjell)
- 1836ab9: Update temporary reference to go-witness commit (@jkjell)
- b8e9f51: Improvements / Changes to Link Attestor (#428) (@ChaosInTheCRD)
- d330b78: make docgen update (@jkjell)
- eef6826: Point to latest version of go-witness (@jkjell)
- 0219f20: Remove replace directive (@jkjell)
- 1ac142a: Add missing go.sum (@jkjell)
v0.3.1
v0.3.0
Changelog
Others
- 46b168d: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
- 34563ab: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
- b8f36d6: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
- ea67d31: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
- 88881fa: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
- 2c590bb: Update go-git to resolve vulnerability (#346) (@jkjell)
- 617e15a: chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#349) (@dependabot[bot])
- b9e38d5: Add FOSSA license scanning (@jkjell)
- 494d44a: Add Security MD files an add FOSSA scan badge (@jkjell)
- 93768db: Pin dependencies and restrict permissions (@jkjell)
- 15d9014: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
- abce18b: Add cosign install (@jkjell)
- f2e2a6f: Update cloudflare/circl due to dependabot failure (#352) (@jkjell)
- d2471e6: chore: bump actions/cache from 3.3.2 to 3.3.3 (#355) (@dependabot[bot])
- 70e0b09: chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356) (@dependabot[bot])
- 63cc5d8: chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357) (@dependabot[bot])
- 83ca942: chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358) (@dependabot[bot])
- 1a9b5a2: Initial attempt at PR and Issue templates (#351) (@jkjell)
- 06031da: Checking attestors for duplicates (#361) (@ChaosInTheCRD)
- 272e492: chore: bump actions/cache from 3.3.3 to 4.0.0 (#364) (@dependabot[bot])
- 55418b5: chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363) (@dependabot[bot])
- 9247c81: chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365) (@dependabot[bot])
- 2b872a3: chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366) (@dependabot[bot])
- b90f41b: README and docs restructure (#362) (@ChaosInTheCRD)
- df179e2: Fixing mistakes in the readme (#368) (@ChaosInTheCRD)
- 1bbd0e8: Updating timestamper (#367) (@ChaosInTheCRD)
- cd18d5e: chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369) (@dependabot[bot])
- 58d5516: chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370) (@dependabot[bot])
- dfd64fe: Updated witness to use changes made to
cryptoutil.DigestValue
implemented in go-witness (#371) (@ChaosInTheCRD) - 0e7dda9: Add back license scanning badge (#377) (@jkjell)
- 2923f96: chore: bump github/codeql-action from 3.23.2 to 3.24.0 (#378) (@dependabot[bot])
- 3195add: chore: bump step-security/harden-runner from 2.6.1 to 2.7.0 (#379) (@dependabot[bot])
- 1144fa5: chore: bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#380) (@dependabot[bot])
- 58fe093: chore: bump actions/download-artifact from 4.1.1 to 4.1.2 (#382) (@dependabot[bot])
- be37eee: chore: bump actions/upload-artifact from 4.3.0 to 4.3.1 (#383) (@dependabot[bot])
- c27a4f5: KMS Support (#376) (@ChaosInTheCRD)
- 17bdb4e: Add Tom as a Witness maintainer (#385) (@jkjell)
- e438568: chore: bump testifysec/witness-run-action from 0.1.3 to 0.1.5 (#389) (@dependabot[bot])
- 001a113: chore: bump k8s.io/apimachinery from 0.26.13 to 0.26.14 (#386) (@dependabot[bot])
- f772f2d: chore: bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#387) (@dependabot[bot])
- 161286d: chore: bump fossas/fossa-action from 1.3.1 to 1.3.3 (#390) (@dependabot[bot])
- db7a266: chore: bump github/codeql-action from 3.24.0 to 3.24.3 (#391) (@dependabot[bot])
- 0df242b: chore: bump actions/dependency-review-action from 4.0.0 to 4.1.1 (#392) (@dependabot[bot])
v0.3.0-beta-kms
Changelog
Bug fixes
- e92de32: fix: update tests for loadSigners changes (@mikhailswift)
Others
- 46b168d: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
- 34563ab: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
- b8f36d6: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
- ea67d31: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
- 88881fa: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
- 2c590bb: Update go-git to resolve vulnerability (#346) (@jkjell)
- 617e15a: chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#349) (@dependabot[bot])
- b9e38d5: Add FOSSA license scanning (@jkjell)
- 494d44a: Add Security MD files an add FOSSA scan badge (@jkjell)
- 93768db: Pin dependencies and restrict permissions (@jkjell)
- 15d9014: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
- abce18b: Add cosign install (@jkjell)
- f2e2a6f: Update cloudflare/circl due to dependabot failure (#352) (@jkjell)
- d2471e6: chore: bump actions/cache from 3.3.2 to 3.3.3 (#355) (@dependabot[bot])
- 70e0b09: chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356) (@dependabot[bot])
- 63cc5d8: chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357) (@dependabot[bot])
- 83ca942: chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358) (@dependabot[bot])
- 1a9b5a2: Initial attempt at PR and Issue templates (#351) (@jkjell)
- 06031da: Checking attestors for duplicates (#361) (@ChaosInTheCRD)
- 272e492: chore: bump actions/cache from 3.3.3 to 4.0.0 (#364) (@dependabot[bot])
- 55418b5: chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363) (@dependabot[bot])
- 9247c81: chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365) (@dependabot[bot])
- 2b872a3: chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366) (@dependabot[bot])
- b90f41b: README and docs restructure (#362) (@ChaosInTheCRD)
- df179e2: Fixing mistakes in the readme (#368) (@ChaosInTheCRD)
- 1bbd0e8: Updating timestamper (#367) (@ChaosInTheCRD)
- cd18d5e: chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369) (@dependabot[bot])
- 58d5516: chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370) (@dependabot[bot])
- dfd64fe: Updated witness to use changes made to
cryptoutil.DigestValue
implemented in go-witness (#371) (@ChaosInTheCRD) - 0e7dda9: Add back license scanning badge (#377) (@jkjell)
- 873b868: adding changes for testing kms (@ChaosInTheCRD)
- 7e96be8: implementing verifier for policy with KMS (@ChaosInTheCRD)
- b114971: adding changes (@ChaosInTheCRD)
- a19520d: removing log (@ChaosInTheCRD)
- 5cc4119: saving progress (@ChaosInTheCRD)
- 459e059: saving progress (@ChaosInTheCRD)
- 2615fd7: adding hashivault provider (@ChaosInTheCRD)
- 7d78cd7: we dont always add verifiers (@ChaosInTheCRD)
- 2511ea3: preparing for draft PR (@ChaosInTheCRD)
- cfaf12c: fixing go mod (@ChaosInTheCRD)
- 7fef9cc: added implementation for passing in extra options for the kms providers (@ChaosInTheCRD)
v0.2.2-beta-1
Changelog
Bug fixes
- 0af9128: fix: update to go-witness with vault fix (@mikhailswift)
Others
- 46b168d: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
- 34563ab: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
- b8f36d6: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
- ea67d31: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
- 88881fa: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
- 2c590bb: Update go-git to resolve vulnerability (#346) (@jkjell)
- 617e15a: chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#349) (@dependabot[bot])
- b9e38d5: Add FOSSA license scanning (@jkjell)
- 494d44a: Add Security MD files an add FOSSA scan badge (@jkjell)
- 93768db: Pin dependencies and restrict permissions (@jkjell)
- 15d9014: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
- abce18b: Add cosign install (@jkjell)
- f2e2a6f: Update cloudflare/circl due to dependabot failure (#352) (@jkjell)
- d2471e6: chore: bump actions/cache from 3.3.2 to 3.3.3 (#355) (@dependabot[bot])
- 70e0b09: chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356) (@dependabot[bot])
- 63cc5d8: chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357) (@dependabot[bot])
- 83ca942: chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358) (@dependabot[bot])
- 1a9b5a2: Initial attempt at PR and Issue templates (#351) (@jkjell)
- 06031da: Checking attestors for duplicates (#361) (@ChaosInTheCRD)
- 272e492: chore: bump actions/cache from 3.3.3 to 4.0.0 (#364) (@dependabot[bot])
- 55418b5: chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363) (@dependabot[bot])
- 9247c81: chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365) (@dependabot[bot])
- 2b872a3: chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366) (@dependabot[bot])
- b90f41b: README and docs restructure (#362) (@ChaosInTheCRD)
- df179e2: Fixing mistakes in the readme (#368) (@ChaosInTheCRD)
- 1bbd0e8: Updating timestamper (#367) (@ChaosInTheCRD)
- cd18d5e: chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369) (@dependabot[bot])
- 58d5516: chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370) (@dependabot[bot])
- dfd64fe: Updated witness to use changes made to
cryptoutil.DigestValue
implemented in go-witness (#371) (@ChaosInTheCRD) - 0e7dda9: Add back license scanning badge (#377) (@jkjell)
v0.2.1-beta-1
Changelog
Others
- 46b168d: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
- 34563ab: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
- b8f36d6: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
- ea67d31: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
- 88881fa: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
- 2c590bb: Update go-git to resolve vulnerability (#346) (@jkjell)
- ba89120: Add FOSSA license scanning (@jkjell)
- b07cb38: Add Security MD files an add FOSSA scan badge (@jkjell)
- 1f7dd69: Pin dependencies and restrict permissions (@jkjell)
- 6d4eae8: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
- 7aada2e: Add cosign install (@jkjell)
v0.2.0-beta-report-005
v0.2.0
Changelog
⚠️ Warning ⚠️
go modules have been renamed from github.com/testifysec/witness => github.com/in-toto/witness
Features
Bug fixes
- be20100: fix: dev/Dockerfile.go-builder to reduce vulnerabilities (@snyk-bot)
- 8e9d798: fix: dev/Dockerfile.go-builder to reduce vulnerabilities (@snyk-bot)
- 2219a76: fix: updating urls to
in-toto
fromtestifysec
and-L
to the curl for version (#297) (@lmco-seth)
Documentation
- edef808: docs: Update key to signer-file-key-path in getting starter .witness.yaml (@blhagadorn)
- 8dde14c: docs: correct sign policy file command in README.md (@shenxianpeng)
Others
- 27f68b9: chore(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 (@dependabot[bot])
- 602dc48: chore(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3 (@dependabot[bot])
- 5beb113: Add maintainers file (@jkjell)
- b3d7207: Add dependabot config and add reusable workflow for calling witness (#298) (@jkjell)
- 21cb944: chore: bump docker/login-action from 2 to 3 (#299) (@dependabot[bot])
- 9380cbe: chore: bump github/codeql-action from 1.0.26 to 2.22.6 (#300) (@dependabot[bot])
- 1880baa: chore: bump ossf/scorecard-action from 2.1.3 to 2.3.1 (#302) (@dependabot[bot])
- 873f55c: chore: bump golangci/golangci-lint-action from 2 to 3 (#303) (@dependabot[bot])
- f49ff8e: chore: bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#304) (@dependabot[bot])
- 5e56558: chore: bump github.com/stretchr/testify from 1.8.1 to 1.8.4 (#305) (@dependabot[bot])
- 932ff1e: chore: bump actions/checkout from 2 to 4 (#301) (@dependabot[bot])
- e7a6f44: chore: bump github/codeql-action from 2.22.6 to 2.22.7 (@dependabot[bot])
- a412c18: chore: bump actions/cache from 2 to 3 (@dependabot[bot])
- 0363ee3: chore: bump actions/setup-go from 2 to 4 (@dependabot[bot])
- 15bec9e: chore: bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (@dependabot[bot])
- 752b9e0: chore: bump github/codeql-action from 2.22.7 to 2.22.8 (@dependabot[bot])
- bcf7ecf: Update README.md - fixing quickstart url (@clemenko)
- f65b232: [StepSecurity] Apply security best practices (#316) (@step-security-bot)
- 81bdfce: Improve gha (#318) (@kairoaraujo)
- a56715e: Refactoring error messages to use
%w
formatting directive and fix logging issue (#314) (@ChaosInTheCRD) - b19afc8: Fix initial pre-commit violations (#319) (@jkjell)
- 862d8c4: chore: bump actions/upload-artifact from 3.0.0 to 3.1.3 (#320) (@dependabot[bot])
- a823f58: chore: bump actions/checkout from 3.6.0 to 4.1.1 (#321) (@dependabot[bot])
- 684fd6a: chore: bump actions/setup-go from 4.1.0 to 5.0.0 (#322) (@dependabot[bot])
- 709ad35: chore: bump github/codeql-action from 2.22.8 to 2.22.9 (#323) (@dependabot[bot])
- 71856fd: chore: bump actions/dependency-review-action from 2.5.1 to 3.1.4 (#324) (@dependabot[bot])
- f0c8f43: Adding help to Makefile and updating
make test
target (#325) (@ChaosInTheCRD) - 937eab8: Adding the contributing.md from archivista (#327) (@ChaosInTheCRD)
- c0f5843: Migrating go module (#328) (@ChaosInTheCRD)
- c06555d: Migrating to the use of in-toto/go-witness module (#331) (@ChaosInTheCRD)
- b36c96d: Bumping Go version for goreleaser (#333) (@ChaosInTheCRD)
New Contributors
- @blhagadorn made their first contribution in #288
- @jkjell made their first contribution in #294
- @lmco-seth made their first contribution in #297
- @shenxianpeng made their first contribution in #311
- @clemenko made their first contribution in #313
- @step-security-bot made their first contribution in #316
- @kairoaraujo made their first contribution in #318
- @DataDavD made their first contribution in #292
- @ChaosInTheCRD made their first contribution in #314
Full Changelog: v0.1.14...v0.2.0