v1.6.0

What's Changed

Storage

• Support for skipping subtree revisions to increase read performance and reduce disk usage by @mhutchinson in #3201
• Skip SELECTing revision that isn't used by @mhutchinson in #3207
• Inlined storage/sql.go into both implementations that use it by @mhutchinson in #3235

CI

• Disable the OS package patches to bypass the mysql8 gpg key rotation issue by @roger2hk in #3270
• Switch from using unmaintained Google Cloud mysql db image to dockerhub official image by @patflynn in #3272
• Strip unused docker image manipulation from cloudbuild by @mhutchinson in #3278
• Updated all MySQL deps to 8.0 #3182 by @mhutchinson in #3183
• Do vuln scanning with a version of Go not subject to GO-2023-2185 by @mhutchinson in #3202
• Increase some timeouts in integration tests by @mhutchinson in #3203
• Move golangci-lint from Cloud Build to GitHub Action by @roger2hk in #3188

Misc

• Updated Slack channel details by @mhutchinson in #3214
• Make uninitializedBegin test accurately test its intention by @mhutchinson in #3244
• Disable race condition checking for beam code by @mhutchinson in #3249
• Changelog for v1.6.0 release by @mhutchinson in #3285

Dependency updates

• Bump golangci-lint from 1.51.1 to 1.55.1 by @roger2hk in #3177
• Bump k8s.io/klog/v2 from 2.100.1 to 2.110.1 by @dependabot in #3175
• Bump golang from 20f9ab5 to deebfda in /integration/cloudbuild/testbase by @dependabot in #3178
• Bump golang from 20f9ab5 to deebfda in /examples/deployment/docker/db_client by @dependabot in #3179
• Bump golang from 20f9ab5 to deebfda in /examples/deployment/docker/log_server by @dependabot in #3180
• Bump golang from 20f9ab5 to deebfda in /examples/deployment/docker/log_signer by @dependabot in #3181
• Bump golang from deebfda to 5bafbbb in /examples/deployment/docker/log_signer by @dependabot in #3184
• Bump golang from deebfda to 5bafbbb in /integration/cloudbuild/testbase by @dependabot in #3186
• Bump golang from deebfda to 5bafbbb in /examples/deployment/docker/log_server by @dependabot in #3185
• Bump golang from deebfda to 5bafbbb in /examples/deployment/docker/db_client by @dependabot in #3187
• Bump golang.org/x/sys from 0.13.0 to 0.14.0 by @dependabot in #3191
• Bump golang.org/x/sync from 0.4.0 to 0.5.0 by @dependabot in #3190
• Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /examples/deployment/docker/log_server by @dependabot in #3195
• Bump MariaDB image from 10.3 to 11.1 in Cloud Build by @roger2hk in #3189
• Bump google.golang.org/api from 0.149.0 to 0.150.0 by @dependabot in #3193
• Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /integration/cloudbuild/testbase by @dependabot in #3192
• Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /examples/deployment/docker/log_signer by @dependabot in #3194
• Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /examples/deployment/docker/db_client by @dependabot in #3196
• Bump golang from 932f877 to 85aacbe in /integration/cloudbuild/testbase by @dependabot in #3197
• Bump golang from f559da8 to 85aacbe in /examples/deployment/docker/log_server by @dependabot in #3198
• Bump golang.org/x/tools from 0.14.0 to 0.15.0 by @dependabot in #3204
• Bump golang from f559da8 to 85aacbe in /examples/deployment/docker/log_signer by @dependabot in #3199
• Bump cloud.google.com/go/spanner from 1.51.0 to 1.53.0 by @dependabot in #3206
• Bump google.golang.org/api from 0.150.0 to 0.151.0 by @dependabot in #3208
• Bump github.com/apache/beam/sdks/v2 from 2.51.0 to 2.52.0 by @dependabot in #3209
• Bump golang from 85aacbe to c870468 in /examples/deployment/docker/log_signer by @dependabot in #3210
• Bump golang from 85aacbe to c870468 in /examples/deployment/docker/db_client by @dependabot in #3211
• Bump golang from 85aacbe to c870468 in /integration/cloudbuild/testbase by @dependabot in #3212
• Bump golang from 85aacbe to c870468 in /examples/deployment/docker/log_server by @dependabot in #3213
• Bump golang from c870468 to 52362e2 in /examples/deployment/docker/db_client by @dependabot in #3215
• Bump golang from c870468 to 52362e2 in /examples/deployment/docker/log_signer by @dependabot in #3216
• Bump golang from c870468 to 52362e2 in /integration/cloudbuild/testbase by @dependabot in #3217
• Bump golang from c870468 to 52362e2 in /examples/deployment/docker/log_server by @dependabot in #3218
• Bump golang.org/x/tools from 0.15.0 to 0.16.0 by @dependabot in #3222
• Bump google.golang.org/api from 0.151.0 to 0.152.0 by @dependabot in #3220
• Bump google-auth-library from 9.2.0 to 9.3.0 in /scripts/gcb2slack by @dependabot in #3224
• Bump google-auth-library from 9.3.0 to 9.4.0 in /scripts/gcb2slack by @dependabot in #3225
• Bump google-auth-library from 9.4.0 to 9.4.1 in /scripts/gcb2slack by @dependabot in #3226
• Bump alpine from eece025 to 34871e7 in /examples/deployment/docker/envsubst by @dependabot in #3227
• Bump cloud.google.com/go/spanner from 1.53.0 to 1.53.1 by @dependabot in #3228
• Bump ubuntu from 2b7412e to 8eab65d in /examples/deployment/kubernetes/mysql/image by @dependabot in #3229
• Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /examples/deployment/docker/log_signer by @dependabot in #3230
• Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /integration/cloudbuild/testbase by @dependabot in #3231
• Bump google.golang.org/api from 0.152.0 to 0.153.0 by @dependabot in #3232
• Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /examples/deployment/docker/db_client by @dependabot in #3233
• Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /examples/deployment/docker/log_server by @dependabot in #3234
• Bump go-version-input from 1.20.11 to 1.20.12 in govulncheck.yml by @roger2hk in #3237
• Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #3238
• Bump go.etcd.io/etcd/v3 from 3.5.10 to 3.5.11 by @dependabot in #3242
• Bump alpine from 3.18 to 3.19 in /examples/deployment/docker/envsubst by @dependabot in #3243
• Bump golang from a6b787c to 2d3b13c in /integration/cloudbuild/testbase by @dependabot in #3245
• Bump golang from a6b787c to 2d3b13c in /examples/deployment/docker/log_server by @dependabot in #3246
• Bump golang from a6b787c to 2d3b13c in /examples/deployment/docker/db_client by @dependabot in #3247
• Bump golang from a6b787c to 2d3b13c in /examples/deployment/docker/log_signer by @dependabot in #3248
• Bump google.golang.org/api from 0.153.0 to 0.154.0 by @dependabot in #3250
• Bump golang.org/x/tools from 0.16.0 to 0.16.1 by @dependabot in #3252
• Bump google.golang.org/grpc from 1.59.0 to 1.60.0 by @dependabot in #3251
• Bump distroless/base-debian12 from 1dfdb5e to 8a0bb63 in /examples/deployment/docker/log_server by @dependabot in #3253
• Bump distroless/base-debian12 from 1dfdb5e to 8a0bb63 in /examples/deployment/docker/log_signer by @dependabot in #3254
• Bump golang.org/x/crypto from 0.16.0 to 0.18.0 by @dependabot in #326...

v1.5.3

What's Changed

Storage

MySQL

• mysql: check for error when getting subtrees by @jsha in #3173

Documentation

• Added comments to show how snippets were generated by @mhutchinson in #3048

Misc

• Export logserver read counter metric together with logIDs by @phbnf in #3077
• Register DoFns by @AlCutter in #3083
• Add docker package-ecosystem to Dependabot config by @roger2hk in #3038
• Fix CVE vulnerabilities in mysql base Docker image by @roger2hk in #3037
• Fix db_server Docker image vulnerabilities by @roger2hk in #3049
• Add missing docker and npm Dependabot configs by @roger2hk in #3062
• Add govulncheck GitHub action by @roger2hk in #3089
• Pin Dockerfile base images by hash by @roger2hk in #3090
• Pin golang/govulncheck-action by hash by @roger2hk in #3091
• Pin Dockerfile base images by hash by @roger2hk in #3093
• Add top level read-only permission in govulncheck.yml by @roger2hk in #3092

Dependency updates

• Bump go.etcd.io/etcd/etcdctl/v3 from 3.5.8 to 3.5.9 by @dependabot in #3003
• Bump google.golang.org/api from 0.121.0 to 0.122.0 by @dependabot in #3006
• Bump golang.org/x/tools from 0.8.0 to 0.9.1 by @dependabot in #3005
• Bump github.com/apache/beam/sdks/v2 from 2.47.0-RC3 to 2.47.0 by @dependabot in #3000
• Bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in #3007
• Bump go.etcd.io/etcd/v3 from 3.5.8 to 3.5.9 by @dependabot in #3004
• Bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #3008
• Bump google.golang.org/api from 0.122.0 to 0.123.0 by @dependabot in #3010
• Bump github/codeql-action from 2.3.3 to 2.3.5 by @dependabot in #3013
• Bump github/codeql-action from 2.3.5 to 2.3.6 by @dependabot in #3020
• Bump golang.org/x/tools from 0.9.1 to 0.9.3 by @dependabot in #3016
• Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.3 to 2.3.4 by @dependabot in #3017
• Bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @dependabot in #3021
• Bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot in #3025
• Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @dependabot in #3027
• Bump github/codeql-action from 2.3.6 to 2.13.4 by @dependabot in #3026
• Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #3028
• Bump golang.org/x/tools from 0.9.3 to 0.10.0 by @dependabot in #3029
• Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.4 to 2.3.5 by @dependabot in #3035
• Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in #3030
• Update mysql Dockerfile base image from ubuntu:trusty to ubuntu:jammy by @roger2hk in #3036
• Bump golang.org/x/tools from 0.10.0 to 0.11.0 by @dependabot in #3044
• Bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in #3039
• Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @dependabot in #3041
• Bump golang.org/x/tools from 0.11.0 to 0.12.0 by @dependabot in #3055
• Bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #3059
• Bump google-auth-library from 8.7.0 to 9.0.0 in /scripts/gcb2slack by @dependabot in #3069
• Bump golang from 1.19-buster to 1.20-buster in /examples/deployment/docker/db_client by @dependabot in #3064
• Bump alpine from 3.8 to 3.18 in /examples/deployment/docker/envsubst by @dependabot in #3067
• Bump golang from 1.19-buster to 1.20-buster in /integration/cloudbuild/testbase by @dependabot in #3065
• Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in #3063
• Bump golang from 1.19-buster to 1.20-buster in /examples/deployment/docker/log_server by @dependabot in #3066
• Bump golang from 1.19-buster to 1.20-buster in /examples/deployment/docker/log_signer by @dependabot in #3071
• Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #3076
• Bump go from 1.19 to 1.20 by @mhutchinson in #3080
• Bump golang.org/x/sys from 0.11.0 to 0.12.0 by @dependabot in #3081
• Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #3082
• Bump golang.org/x/crypto from 0.12.0 to 0.13.0 by @dependabot in #3084
• Bump golang.org/x/tools from 0.12.0 to 0.13.0 by @dependabot in #3086
• Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in #3085
• Bump Go version in Docker base images to 1.20.8-bookworm by @roger2hk in #3094
• Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /examples/deployment/docker/db_client by @dependabot in #3100
• Bump gcr.io/kaniko-project/executor from 1.6.0 to 1.15.0 by @roger2hk in #3095
• Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /integration/cloudbuild/testbase by @dependabot in #3098
• Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /examples/deployment/docker/log_signer by @dependabot in #3097
• Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /examples/deployment/docker/log_server by @dependabot in #3099
• Bump golang from d3114db to a0b3bc4 in /integration/cloudbuild/testbase by @dependabot in #3104
• Bump golang from d3114db to a0b3bc4 in /examples/deployment/docker/log_server by @dependabot in #3105
• Bump golang from d3114db to a0b3bc4 in /examples/deployment/docker/log_signer by @dependabot in #3106
• Bump golang from d3114db to a0b3bc4 in /examples/deployment/docker/db_client by @dependabot in #3107
• Bump golang from e06b3a4 to 114b9cc in /examples/deployment/docker/log_signer by @dependabot in #3108
• Bump trillian-opensource-ci/mysql5 from 51cc6df to edf7def in /examples/deployment/docker/db_server by @dependabot in #3110
• Bump golang from a0b3bc4 to 114b9cc in /examples/deployment/docker/log_server by @dependabot in #3109
• Bump golang from a0b3bc4 to 114b9cc in /integration/cloudbuild/testbase by @dependabot in #3111
• Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #3117
• Bump golang from 114b9cc to 9c7ea4a in /examples/deployment/docker/db_client by @dependabot in #3116
• Bump golang from 114b9cc to 9c7ea4a in /examples/deployment/docker/log_server by @dependabot in #3114
• Bump golang from 114b9cc to 9c7ea4a in /examples/deployment/docker/log_signer by @dependabot in #3115
• Bump nick-fields/retry from 2.8.3 to 2.9.0 by @dependabot in #3119
• Bump trillian-opensource-ci/mysql5 from edf7def to f45c849 in /examples/deployment/docker/db_server by @dependabot in #3120
• Bump golang from 9c7ea4a to 61f84bc in /examples/deployment/docker/db_client by @dependabot in #3121
• Bump golang from 9c7ea4a to 61f84bc in /integration/cloudbuild/testbase by @dependabot in #3124
• Bump golang from 9c7ea4a to 61f84bc in /examples/deployment/docker/log_server by @dependabot in #3122
• Bump alpine from 7144f7b to eece025 in /examples/deployment/docker/envsubst by @dependabot in #3125
• Bump golang from 9c7ea4a to 61f84bc in /examples/deployment/docker/log_signer by @dependabot in #3123
• Bump ubuntu from aabed32 to 9b8dec3 in /examples/deployment/kubernetes/mysql/image by @dependabo...

v1.5.2

Repo magagement

• Fix Token-Permissions code scanning alert by @roger2hk in #2973
• Update and rename scorecards.yml to scorecard.yml by @AlCutter in #2986
• Enable all lint checks in trillian repo by @mhutchinson in #2979

Cleanups

• remove left over bazel BUILD file by @malt3 in #2906
• Remove use of rand.Seed by @AlCutter in #2918
• Remove deprecated use of math/rand.Read by @mhutchinson in #2958
• Fixed all lint errcheck in number of TLDs by @mhutchinson in #2978

Claimant model

• More precise wording in SumDB claimant model by @mhutchinson in #2928
• Prototype tooling for Claimant Models by @mhutchinson in #2974

Misc

• Prepare CHANGELOG.md for v1.5.2 release by @phbnf #2997

Dependency updates

• Bump google.golang.org/api from 0.104.0 to 0.105.0 by @dependabot in #2878
• Bump ossf/scorecard-action from 2.0.6 to 2.1.1 by @dependabot in #2879
• Bump github/codeql-action from 2.1.36 to 2.1.37 by @dependabot in #2880
• Bump actions/setup-go from 3.4.0 to 3.5.0 by @dependabot in #2881
• Bump ossf/scorecard-action from 2.1.1 to 2.1.2 by @dependabot in #2882
• Bump github.com/cockroachdb/cockroach-go/v2 from 2.2.19 to 2.2.20 by @dependabot in #2883
• Bump nick-fields/retry from 2.8.2 to 2.8.3 by @dependabot in #2884
• Bump golang.org/x/crypto from 0.4.0 to 0.5.0 by @dependabot in #2886
• Bump actions/upload-artifact from 3.1.1 to 3.1.2 by @dependabot in #2889
• Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #2890
• Bump google.golang.org/api from 0.105.0 to 0.106.0 by @dependabot in #2885
• Bump golang.org/x/tools from 0.4.0 to 0.5.0 by @dependabot in #2888
• Bump google.golang.org/api from 0.106.0 to 0.107.0 by @dependabot in #2891
• Bump github/codeql-action from 2.1.37 to 2.1.38 by @dependabot in #2893
• Bump google.golang.org/grpc from 1.51.0 to 1.52.0 by @dependabot in #2892
• Bump Go version from 1.17 to 1.19 by @roger2hk in #2894
• Bump go.etcd.io/etcd/v3 from 3.5.6 to 3.5.7 by @dependabot in #2898
• Bump google.golang.org/api from 0.107.0 to 0.108.0 by @dependabot in #2896
• Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 by @dependabot in #2901
• Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #2902
• Bump github/codeql-action from 2.1.38 to 2.1.39 by @dependabot in #2903
• Bump github/codeql-action from 2.1.39 to 2.2.1 by @dependabot in #2905
• Bump google.golang.org/grpc from 1.52.0 to 1.52.3 by @dependabot in #2904
• Bump github/codeql-action from 2.2.1 to 2.2.2 by @dependabot in #2908
• Bump google.golang.org/api from 0.108.0 to 0.109.0 by @dependabot in #2907
• Bump golang.org/x/tools from 0.5.0 to 0.6.0 by @dependabot in #2914
• Bump github/codeql-action from 2.2.2 to 2.2.4 by @dependabot in #2915
• Bump google.golang.org/api from 0.109.0 to 0.110.0 by @dependabot in #2913
• Bump golang.org/x/crypto from 0.5.0 to 0.6.0 by @dependabot in #2910
• bump golang.org/x/net from 0.6.0 to 0.7.0 by @dependabot in #2917
• Bump github/codeql-action from 2.2.4 to 2.2.5 by @dependabot in #2921
• Bump github.com/google/go-licenses from 0.0.0-20210329231322-ce1d9163b77d to 1.6.0 by @dependabot in #2920
• Bump golang.org/x/crypto from 0.6.0 to 0.7.0 by @dependabot in #2926
• Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 by @dependabot in #2925
• Bump github.com/cockroachdb/cockroach-go/v2 from 2.2.20 to 2.3.0 by @dependabot in #2927
• Bump google.golang.org/api from 0.110.0 to 0.111.0 by @dependabot in #2924
• Bump golang.org/x/tools from 0.6.0 to 0.7.0 by @dependabot in #2932
• Bump github/codeql-action from 2.2.5 to 2.2.6 by @dependabot in #2934
• Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.0 to 2.3.2 by @dependabot in #2930
• Bump google.golang.org/protobuf from 1.28.1 to 1.29.1 by @dependabot in #2935
• Bump google.golang.org/grpc/cmd/protoc-gen-go-grpc from 1.2.0 to 1.3.0 by @dependabot in #2923
• Bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #2942
• Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.2 to 2.3.3 by @dependabot in #2938
• Bump github/codeql-action from 2.2.6 to 2.2.7 by @dependabot in #2943
• Bump github.com/grpc-ecosystem/go-grpc-middleware from 1.3.0 to 1.4.0 by @dependabot in #2941
• Bump actions/setup-go from 3.5.0 to 4.0.0 by @dependabot in #2944
• Pin all usages of golangci-lint to same rule version by @mhutchinson in #2945
• Bump google.golang.org/grpc from 1.53.0 to 1.54.0 by @dependabot in #2946
• Bump github/codeql-action from 2.2.7 to 2.2.9 by @dependabot in #2948
• Bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #2947
• Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #2949
• Bump github/codeql-action from 2.2.9 to 2.2.11 by @dependabot in #2956
• Bump golang.org/x/sys from 0.6.0 to 0.7.0 by @dependabot in #2953
• Bump golang.org/x/crypto from 0.7.0 to 0.8.0 by @dependabot in #2955
• Bump golang.org/x/tools from 0.7.0 to 0.8.0 by @dependabot in #2954
• Update linter to 1.51.1 by @mhutchinson in #2959
• Bump contrib.go.opencensus.io/exporter/stackdriver to v0.13.14 by @samuelattwood in #2950
• Bumped etcd deps from v3.5.7 to v3.5.8 by @mhutchinson in #2966
• Bump google.golang.org/protobuf from 1.29.1 to 1.30.0 by @dependabot in #2939
• Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 by @dependabot in #2961
• Bump cloud.google.com/go/spanner from 1.42.0 to 1.45.1-0.20230421054906-c65254ce3c22 by @dependabot in #2957
• Bump github.com/apache/beam/sdks/v2 from 2.0.0-20211012030016-ef4364519c94 to 2.47.0-RC1 by @dependabot in #2968
• Pin the version of cockroach for tests to a specific version by @mhutchinson in #2971
• Bump google.golang.org/api from 0.114.0 to 0.119.0 by @dependabot in #2975
• Bump github/codeql-action from 2.2.12 to 2.3.0 by @dependabot in #2977
• Bump cloud.google.com/go/spanner from 1.45.1-0.20230421054906-c65254ce3c22 to 1.45.1 by @dependabot in #2976
• Bump github.com/lib/pq from 1.10.7 to 1.10.8 by @dependabot in #2967
• Bump github/codeql-action from 2.2.11 to 2.2.12 by @dependabot in #2970
• Bump actions/checkout from 3.5.0 to 3.5.2 by @dependabot in #2969
• Bump github/codeql-action from 2.3.0 to 2.3.2 by @dependabot in #2985
• Bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 by @dependabot in #2984
• Bump github.com/lib/pq from 1.10.8 to 1.10.9 by @dependabot in #2981
• Bump google.golang.org/api from 0.119.0 to 0.120.0 by @dependabot in #2983
• Bump github.com/go-sql-driver/mysql from 1.7.0 to 1.7.1 by @dependabot in #2982
• Bump github.com/transparency-dev/merkle from 0.0.1 to 0.0.2 by @dependabot in #2990
• Bump github/codeql-action from 2.3.2 to 2.3.3 by @dependabot in https://github.com/google/trillia...

v1.5.1

What's Changed

• Switch from glog to klog by @jdolitsky in #2787
• Bump google.golang.org/api from 0.92.0 to 0.93.0 by @dependabot in #2800
• Bump cloud.google.com/go/spanner from 1.36.0 to 1.37.0 by @dependabot in #2803
• Bump google.golang.org/grpc from 1.48.0 to 1.49.0 by @dependabot in #2804
• Bump google.golang.org/api from 0.93.0 to 0.94.0 by @dependabot in #2802
• Bump cloud.google.com/go/spanner from 1.37.0 to 1.38.0 by @dependabot in #2806
• Bump k8s.io/klog/v2 from 2.70.1 to 2.80.0 by @dependabot in #2807
• Fix log server not exiting properly on SIGINT by @gregoire-mullvad in #2805
• Bump k8s.io/klog/v2 from 2.80.0 to 2.80.1 by @dependabot in #2808
• Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 by @dependabot in #2809
• Bump google.golang.org/api from 0.94.0 to 0.95.0 by @dependabot in #2810
• Update docs by @AlCutter in #2811
• Bump go.etcd.io/etcd/etcdctl/v3 from 3.5.4 to 3.5.5 by @dependabot in #2812
• Bump go.etcd.io/etcd/v3 from 3.5.4 to 3.5.5 by @dependabot in #2816
• Bump google.golang.org/api from 0.95.0 to 0.96.0 by @dependabot in #2813
• Bump google.golang.org/api from 0.96.0 to 0.97.0 by @dependabot in #2819
• Bump cloud.google.com/go/spanner from 1.38.0 to 1.39.0 by @dependabot in #2818
• Bump google.golang.org/api from 0.97.0 to 0.98.0 by @dependabot in #2820
• Bump google.golang.org/grpc from 1.49.0 to 1.50.0 by @dependabot in #2821
• Bump google.golang.org/grpc from 1.50.0 to 1.50.1 by @dependabot in #2823
• Bump google.golang.org/api from 0.98.0 to 0.99.0 by @dependabot in #2822
• Bump google.golang.org/api from 0.99.0 to 0.100.0 by @dependabot in #2824
• Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 by @dependabot in #2825
• Bump golang.org/x/tools from 0.1.12 to 0.2.0 by @dependabot in #2826
• Bump google.golang.org/api from 0.100.0 to 0.101.0 by @dependabot in #2827
• Bump github.com/prometheus/client_golang from 1.13.0 to 1.13.1 by @dependabot in #2828
• Bump golang.org/x/sys from 0.1.0 to 0.2.0 by @dependabot in #2829
• Bump google.golang.org/api from 0.101.0 to 0.102.0 by @dependabot in #2830
• Bump go.opencensus.io from 0.23.0 to 0.24.0 by @dependabot in #2832
• Bump cloud.google.com/go/spanner from 1.39.0 to 1.40.0 by @dependabot in #2831
• Create codeql.yml by @AlCutter in #2835
• Mollify CodeQL by @AlCutter in #2837
• Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 by @dependabot in #2838
• Bump google.golang.org/api from 0.102.0 to 0.103.0 by @dependabot in #2839
• Bump golang.org/x/crypto from 0.1.0 to 0.2.0 by @dependabot in #2841
• Bump golang.org/x/tools from 0.2.0 to 0.3.0 by @dependabot in #2840
• Dependabot: Also keep GitHub actions up-to-date by @JAORMX in #2842
• Bump actions/upload-artifact from 3.1.0 to 3.1.1 by @dependabot in #2843
• Add initial schema, storage provider and quota manager for CockroachDB by @JAORMX in #2834
• Bump golang.org/x/crypto from 0.2.0 to 0.3.0 by @dependabot in #2847
• Bump google.golang.org/grpc from 1.50.1 to 1.51.0 by @dependabot in #2845
• Bump github.com/cockroachdb/cockroach-go/v2 from 2.2.16 to 2.2.18 by @dependabot in #2846
• Bump go.etcd.io/etcd/v3 from 3.5.5 to 3.5.6 by @dependabot in #2849
• Restrict CodeQL action scope to read-only access by @AlCutter in #2844
• Upgrade golangci-lint version by @JAORMX in #2852
• CockroachDB: Optimize quota manager by using follower reads by @JAORMX in #2853
• Bump github.com/cockroachdb/cockroach-go/v2 from 2.2.18 to 2.2.19 by @dependabot in #2856
• Provide cockroach in test env by @AlCutter in #2855
• Pin GitHub actions to git hashes by @AlCutter in #2854
• Bump golang.org/x/sys from 0.2.0 to 0.3.0 by @dependabot in #2858
• Bump cloud.google.com/go/spanner from 1.40.0 to 1.41.0 by @dependabot in #2857
• Bump actions/setup-go from 3.3.1 to 3.4.0 by @dependabot in #2862
• Bump github/codeql-action from 2.1.34 to 2.1.35 by @dependabot in #2861
• Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 by @dependabot in #2860
• Bump github.com/go-sql-driver/mysql from 1.6.0 to 1.7.0 by @dependabot in #2859
• Create Slack integration for Google Cloud Build by @AlCutter in #2863
• Bump qs, body-parser and express in /scripts/gcb2slack by @dependabot in #2867
• Bump minimist from 1.2.0 to 1.2.7 in /scripts/gcb2slack by @dependabot in #2864
• Bump axios and @slack/webhook in /scripts/gcb2slack by @dependabot in #2868
• Bump json-bigint and google-auth-library in /scripts/gcb2slack by @dependabot in #2869
• Bump node-fetch from 2.6.0 to 2.6.7 in /scripts/gcb2slack by @dependabot in #2866
• Bump golang.org/x/tools from 0.3.0 to 0.4.0 by @dependabot in #2870
• Bump github/codeql-action from 2.1.35 to 2.1.36 by @dependabot in #2874
• Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #2873
• Bump golang.org/x/crypto from 0.3.0 to 0.4.0 by @dependabot in #2872
• Bump google.golang.org/api from 0.103.0 to 0.104.0 by @dependabot in #2871
• Bump cloud.google.com/go/spanner from 1.41.0 to 1.42.0 by @dependabot in #2877
• Prepare for v1.5.1 release by @AlCutter in #2875

New Contributors

• @jdolitsky made their first contribution in #2787
• @gregoire-mullvad made their first contribution in #2805
• @JAORMX made their first contribution in #2842

Full Changelog: v1.5.0...v1.5.1

v1.5.0

Storage

• Ephemeral nodes are no-longer written for any tree by default (and have not been read since the v1.4.0 release), the corresponding --tree_ids_with_no_ephemeral_nodes flag is now deprecated (and will be removed in a future release).

Cleanup

• Format code according to go1.19rc2 by @mhutchinson in #2785
• Delete merkle package, use github.com/transparency-dev/merkle instead.
• #2792: Fixed order-dependent unit test.

Misc

• Fix order-dependent test by @hickford in #2792

Dependency updates

• Updated golangci-lint to v1.47.3 (developers should update to this version) by @mhutchinson in #2791
• Bump google.golang.org/api from 0.87.0 to 0.88.0 by @dependabot in #2783
• Bump cloud.google.com/go/spanner from 1.35.0 to 1.36.0 by @dependabot in #2784
• Bump google.golang.org/api from 0.88.0 to 0.90.0 by @dependabot in #2789
• Bump golang.org/x/tools from 0.1.11 to 0.1.12 by @dependabot in #2790
• Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 by @dependabot in #2788
• Bump google.golang.org/api from 0.90.0 to 0.91.0 by @dependabot in #2796
• Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #2795
• Bump github.com/fullstorydev/grpcurl from 1.8.6 to 1.8.7 by @dependabot in #2794
• Bump google.golang.org/api from 0.91.0 to 0.92.0 by @dependabot in #2798

v1.4.2

Allow disabling the writes of ephemeral nodes to storage via the --tree_ids_with_no_ephemeral_nodes flag to the sequencer.

• Allow not storing ephemeral node hashes by @pavelkalinnikov in #2568
• Log skipped ephemeral nodes writes by @pavelkalinnikov in #2756

Developer updates

• #2765 copies the required protos from googleapis into third_party in this repository. This simplifies the preconditions in order to compile the proto definitions, and removes a big dependency on $GOPATH/src which was archaic; $GOPATH/src/github.com/googleapis/googleapis is no longer required.

Minor fixes

• Fix flag initialization by @pavelkalinnikov in #2755
• Propagate Log Update Failures in AddSequencedLeaves by @therealdrake in #1544

Maintenance

• --cloudspanner_max_burst_sessions deprecated (it hasn't had any effect for a while, now it's more explicit) in by @mhutchinson #2748
• Documentation that the prefix should be terminated with a separator character by @mhutchinson in #2745
• Refresh CODEOWNERS by @AlCutter in #2746
• Updated README to better document required tools by @mhutchinson in #2764
• Add mhutchinson to CONTRIBUTORS by @mhutchinson in #2770
• Remove export GO111MODULE=auto in README.md by @roger2hk in #2773

Dependency updates

• Removed support for Bazel by @mhutchinson in #2743
• Copied in tls lib from ct-go and removed project dependency by @mhutchinson in #2744
• Bump google.golang.org/api from 0.77.0 to 0.78.0 by @dependabot in #2736
• Bump cloud.google.com/go/spanner from 1.31.0 to 1.32.0 by @dependabot in #2735
• Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #2739
• Bump google.golang.org/api from 0.78.0 to 0.80.0 by @dependabot in #2742
• Bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #2737
• Bump google.golang.org/api from 0.80.0 to 0.81.0 by @dependabot in #2749
• Bump cloud.google.com/go/spanner from 1.32.0 to 1.33.0 by @dependabot in #2750
• Bump github.com/google/btree from 1.0.1 to 1.1.1 by @dependabot in #2753
• Bump google.golang.org/api from 0.81.0 to 0.82.0 by @dependabot in #2751
• Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #2752
• Upgrade to glog@v1 by @pavelkalinnikov in #2757
• Bump google.golang.org/api from 0.82.0 to 0.83.0 by @dependabot in #2758
• Bump golang.org/x/tools from 0.1.10 to 0.1.11 by @dependabot in #2759
• Bump google.golang.org/api from 0.83.0 to 0.84.0 by @dependabot in #2760
• Bump github.com/google/btree from 1.1.1 to 1.1.2 by @dependabot in #2762
• Bump cloud.google.com/go/spanner from 1.33.0 to 1.34.0 by @dependabot in #2761
• Change broken installation instructions to just run the binary directly by @mhutchinson in #2766
• Bump google.golang.org/api from 0.84.0 to 0.85.0 by @dependabot in #2767
• Update go mod to 1.17 with: go mod tidy -go=1.17 by @vaikas in #2768
• Update the minimum go version in README.md to 1.17 by @roger2hk in #2769
• Bump google.golang.org/api from 0.85.0 to 0.86.0 by @dependabot in #2771
• Bump github.com/Masterminds/goutils from 1.1.0 to 1.1.1 by @roger2hk in #2772
• Bump cloud.google.com/go/spanner from 1.34.0 to 1.34.1 by @dependabot in #2776
• Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #2777
• Bump google.golang.org/api from 0.86.0 to 0.87.0 by @dependabot in #2778
• Bump cloud.google.com/go/spanner from 1.34.1 to 1.35.0 by @dependabot in #2780

New Contributors

• @vaikas made their first contribution in #2768
• @roger2hk made their first contribution in #2769

Full Changelog: v1.4.1...v1.4.2

v1.4.1

This release mostly contains refactoring and dependency updates, and some improvements in log operation cycle.

Improved log operation

• Add undeletetree command [#2638]
• Query information_schema compatible with MySQL 8 [#2652]
• Gracefully exit the program when lease expires [#2655]
• Fix MySQL world-writable config warning [#2713]
• Update provision tree script in k8s to use createtree [#2676]

Merkle refactoring

• Packages under merkle are deprecated and to be removed in the next releases [#2636, #2646, #2715].
• Use https://github.com/transparency-dev/merkle repository instead.

Minor refactoring

• Check the tile height invariant stricter [#2726]
• Remake dumplib into integration test [#2710]
• Remove unused code and data [#2709, #2711]

Some changes technically break semver, but most of this code was not intended for external use. E.g.:

• Unexport helper [#2720]

Dependency updates

• bitbucket.org/creachadair/shell: 0.0.6 -> 0.0.7 [#2637]
• cloud.google.com/go/spanner: 1.25.0 -> 1.31.0 [#2630, #2639, #2650, #2697]
• contrib.go.opencensus.io/exporter/stackdriver: 0.13.8 -> 0.13.12 [#2634, #2699, #2723]
• github.com/apache/beam: 2.32.0+incompatible -> 2.33.0+incompatible [#2620]
• github.com/fullstorydev/grpcurl: 1.8.2 -> 1.8.6 [#2621, #2674]
• github.com/google/go-cmp: 0.5.7 -> 0.5.8 [#2729]
• github.com/prometheus/client_golang: 1.11.0 -> 1.12.1 [#2662]
• github.com/pseudomuto/protoc-gen-doc: 1.5.0 -> 1.5.1 [#2677]
• github.com/transparency-dev/merkle: v0.0.1 [#2734]
• go.etcd.io/etcd/*/v3: 3.5.0 -> 3.5.4 [#2631, #2667, #2716]
• golang.org/x/tools: 0.1.5 -> 0.1.10 [#2615, #2618, ..., #2684]
• google.golang.org/api: 0.54.0 -> 0.77.0 [#2613, #2619, ..., #2728]
• google.golang.org/grpc: 1.40.0 -> 1.44.0 [#2617, #2635, #2643, #2661]
• google.golang.org/grpc/cmd/protoc-gen-go-grpc: 1.1.0 -> 1.2.0 [#2645]
• google.golang.org/protobuf: 1.27.1 -> 1.28.0 [#2686]
• protoc: 3.12.4 -> 3.20.1 [#2731]

Full Changelog: v1.4.0...v1.4.1

v1.4.0

v1.4.0

• Recommended go version for development: 1.17
  This is the version used by the cloudbuild presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.
• GCP terraform script updated. GKE 1.19 and updated CPU type to E2

Dependency updates

Many dep updates, including:

• Upgraded to etcd v3 in order to allow grpc to be upgraded (#2195)
• etcd was v0.5.0-alpha.5, now v3.5.0
• grpc upgraded from v1.29.1 to v1.40.0
• certificate-transparency-go from v1.0.21 to v1.1.2-0.20210512142713-bed466244fa6
• protobuf upgraded from v1 to v2
• MySQL driver from 1.5.0 to 1.6.0

Cleanup

• Removed signatures from LogRoot and EntryTimestamps returned by RPCs (reflecting that there should not be a trust boundary between Trillian and the personality.)
• Removed the deprecated crypto.NewSHA256Signer function.
• Finish removing the LogMetadata.GetUnsequencedCounts() method.
• Removed the following APIs:
  • TrillianLog.GetLeavesByHash
  • TrillianLog.GetLeavesByIndex
  • TrillianLog.QueueLeaves
• Removed the incomplete Postgres storage backend (#1298).
• Deprecated LogRootV1.Revision field.
• Moved rfc6962 hasher one directory up to eliminate empty leftover package.
• Removed unused log_client tool.
• Various tidyups and improvements to merke & proof generation code.
• Remove some remnants of experimental map.

Storage refactoring

• NodeReader.GetMerkleNodes does not accept revisions anymore. The implementations must use the transaction's ReadRevision
  instead.
• TreeStorage migrated to using compact.NodeID type suitable for logs.
• Removed the tree storage ReadRevision and WriteRevision methods.
  Revisions are now an implementation detail of the current storages. The change allows log implementations which don't need revisions.
• Removed Rollback methods from storage interfaces, as Close is enough to cover the use-case.
• Removed the unused IsOpen and IsClosed methods from transaction interfaces.
• Removed the ReadOnlyLogTX interface, and put its only used GetActiveLogIDs method to LogStorage.
• Inlined the LogMetadata interface to ReadOnlyLogStorage.
• Inlined the TreeStorage interfaces to LogStorage.
• Removed the need for the storage layer to return ephemeral node hashes. The application layer always requests for complete subtree nodes comprising the compact ranges corresponding to the requests.
• Removed the single-tile callback from SubtreeCache, it uses only GetSubtreesFunc now.
• Removed SetSubtreesFunc callback from SubtreeCache. The tiles should be written by the caller now, i.e. the caller must invoke the callback.

v1.3.13

Cleanup

• Removed the experimental map API.

v1.3.12

Misc improvements

• Removed unused PeekTokens method from the quota.Manager interface.
• Ensure goroutines never block in the subtree cache (#2272).
• Breaking unnecessary dependencies for Trillian clients:
  • Moved verifiers from merkle into merkle/{log,map}verifiersub-pacakges,
    reducing the amount of extra baggage inadvertently pulled in by clients.
• Concrete hashers have been moved into subpackages, separating them from their
  registration code, allowing clients to directly pull just the hasher they're
  interested in and avoid the Trillian/hasher registry+protobuf deps.
• Moved some packages intended for internal-only use into internal packages:
  • InMemoryMerkleTree (indended to only be used by Trillian tests)
• Removed wrapper for etcd client (#2288).
• Moved --quota_system and --storage_system flags to main.go so that they
  are initialised properly. It might break depending builds relying on these
  flags. Suggested fix: add the flags to main.go.
• Made signer tolerate mastership election failures [#1150].
• testdb no longer accepts the --test_mysql_uri flag, and instead honours the
  TEST_MYSQL_URI ENV var. This makes it easier to blanket configure tests to use a
  specific test DB instance.
• Removed experimental Skylog folder (#2297).
• Fixed a race condition in the operation manager that should only affect tests
  (#2302).
• Run gofumpt formatter on the whole repository (#2315).
• Refactor signer operation loop (#2294).

Upgrades

• Dockerfiles are now based on Go 1.13 image.
• The etcd is now pinned to v3.4.12.
• The golangci-lint suite is now at v1.36.0.
• CI/CD has migrated from Travis to Google Cloud Build.
• prometheus from 1.7.1 to 1.9.0 (#2239, #2270).
• go-cmp from 0.5.2 to 0.5.4 (#2262).
• apache/beam from 2.26.0+incompatible to 2.27.0+incompatible (#2273).
• lib/pq from 1.8.0 to 1.9.0 (#2264).
• go-redis from 6.15.8+incompatible to 6.15.9+incompatible (#2215).

Process

• Recognise that we do not follow strict semantic versioning practices.