v0.7.4

Changelog

Bug fixes

• 178b9d5: fix(daemon): tests after upgrading go-git (@aymanbagabas)
• fc2c62f: fix(daemon): timeout test (@aymanbagabas)
• fa23c9c: fix(ui): dry glamour chroma renderer (@aymanbagabas)
• e419a93: fix(ui): go back on esc (@aymanbagabas)
• 0a38578: fix(ui): hide clone command while browse only (@aymanbagabas)
• 812d840: fix(ui): render about page using glamour (@aymanbagabas)

Dependency updates

• 4ccd373: feat(deps): bump github.com/charmbracelet/log from 0.3.0 to 0.3.1 (#431) (@dependabot[bot])
• 0ec24e3: feat(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#429) (@dependabot[bot])
• 8e5966a: feat(deps): bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#430) (@dependabot[bot])

Other work

• bac2ff3: build: avoid duplicated CI runs (#433) (@caarlos0)

---

Verifying the artifacts

First, download the checksums.txt file, for example, with wget:

wget 'https://github.com/charmbracelet/soft-serve/releases/download/v0.7.4/checksums.txt'

Then, verify it using cosign:

cosign verify-blob \
  --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --cert 'https://github.com/charmbracelet/soft-serve/releases/download/v0.7.4/checksums.txt.pem' \
  --signature 'https://github.com/charmbracelet/soft-serve/releases/download/v0.7.4/checksums.txt.sig' \
  ./checksums.txt

If the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:

sha256sum --ignore-missing -c checksums.txt

Done! You artifacts are now verified!

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.