Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #119

dependabot · 2022-08-22T06:31:38Z

Bumps github.com/sigstore/cosign from 1.10.1 to 1.11.0.

Release notes

Sourced from github.com/sigstore/cosign's releases.

v1.11.0

What's Changed

Update CHANGELOG for 1.10.1 release by @priyawadhwa in sigstore/cosign#2130

Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in sigstore/cosign#2129

Bump github.com/go-piv/piv-go from 1.9.0 to 1.10.0 by @dependabot in sigstore/cosign#2135

Bump actions/cache from 3.0.5 to 3.0.6 by @dependabot in sigstore/cosign#2136

Bump github.com/xanzy/go-gitlab from 0.70.0 to 0.71.0 by @dependabot in sigstore/cosign#2142

Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 by @dependabot in sigstore/cosign#2140

Bump github.com/hashicorp/go-secure-stdlib/parseutil from 0.1.6 to 0.1.7 by @dependabot in sigstore/cosign#2141

Verify the certificate chain against the Fulcio root trust by default by @wata727 in sigstore/cosign#2139

Add notes to clarify registry use. by @bendory in sigstore/cosign#2145

Use TUF from scaffolding for validating cosign. by @vaikas in sigstore/cosign#2146

Bump actions/cache from 3.0.6 to 3.0.7 by @dependabot in sigstore/cosign#2151

Bump google.golang.org/api from 0.91.0 to 0.92.0 by @dependabot in sigstore/cosign#2150

Bump tests to use scaffolding-0.4.3. by @vaikas in sigstore/cosign#2153

docs: clarify wording in spec about usage of certificate chain by @asraa in sigstore/cosign#2152

Bump github.com/xanzy/go-gitlab from 0.71.0 to 0.72.0 by @dependabot in sigstore/cosign#2148

Bump go.uber.org/atomic from 1.9.0 to 1.10.0 by @dependabot in sigstore/cosign#2155

Bump actions/github-script from 6.1.0 to 6.1.1 by @dependabot in sigstore/cosign#2156

fix: fix blob verification output with sharded rekor tlogs by @asraa in sigstore/cosign#2157

Run tests using Go 1.18 by @imjasonh in sigstore/cosign#2093

Bump sigs.k8s.io/release-utils from 0.6.0 to 0.7.3 by @dependabot in sigstore/cosign#2102

fix: adds envelope hash to in-toto entries in tlog entry creation by @nkreiger in sigstore/cosign#2118

fix handling of verify-attestation types for URIs by @otms61 in sigstore/cosign#2159

bump to scaffolding v0.4.4 by @vaikas in sigstore/cosign#2165

fix oidc post-merge job by @cpanato in sigstore/cosign#2164

Remove third_party by @imjasonh in sigstore/cosign#2166

use updated device flow logic with PKCE by @bobcallaway in sigstore/cosign#2163

fix: rekor get tlog entry with uuid by @asraa in sigstore/cosign#2058

update e2e job to run only when push to main by @cpanato in sigstore/cosign#2169

Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 by @dependabot in sigstore/cosign#2168

fix: add env cmd to root by @developer-guy in sigstore/cosign#2171

Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 by @dependabot in sigstore/cosign#2167

fix panic when os.Stat returns an error besides ErrNotExists by @dsa0x in sigstore/cosign#2162

add changelog for v1.11.0 by @cpanato in sigstore/cosign#2173

update builder image by @cpanato in sigstore/cosign#2174

New Contributors

@wata727 made their first contribution in sigstore/cosign#2139

@bendory made their first contribution in sigstore/cosign#2145

@nkreiger made their first contribution in sigstore/cosign#2118

@dsa0x made their first contribution in sigstore/cosign#2162

Full Changelog: sigstore/cosign@v1.10.1...v1.11.0

Thanks to all contributors!

Changelog

Sourced from github.com/sigstore/cosign's changelog.

v1.11.0

Enhancements

use updated device flow logic with PKCE (sigstore/cosign#2163)

Bug Fixes

fix panic when os.Stat returns an error besides ErrNotExists (sigstore/cosign#2162)

fix: add env cmd to root (sigstore/cosign#2171)

fix: rekor get tlog entry with uuid (sigstore/cosign#2058)

fix oidc post-merge job (sigstore/cosign#2164)

fix handling of verify-attestation types for URIs (sigstore/cosign#2159)

fix: adds envelope hash to in-toto entries in tlog entry creation (sigstore/cosign#2118)

fix: fix blob verification output (sigstore/cosign#2157)

Verify the certificate chain against the Fulcio root trust by default (sigstore/cosign#2139)

Documention

docs: clarify wording in spec about usage of certificate chain (sigstore/cosign#2152)

Add notes to clarify registry use. (sigstore/cosign#2145)

Others

Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 (sigstore/cosign#2167)

Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (sigstore/cosign#2168)

update e2e job to run only when push to main (sigstore/cosign#2169)

Remove third_party (sigstore/cosign#2166)

bump to scaffolding v0.4.4 (sigstore/cosign#2165)

Bump sigs.k8s.io/release-utils from 0.6.0 to 0.7.3 (sigstore/cosign#2102)

Run tests using Go 1.18 (sigstore/cosign#2093)

Bump actions/github-script from 6.1.0 to 6.1.1 (sigstore/cosign#2156)

Bump go.uber.org/atomic from 1.9.0 to 1.10.0 (sigstore/cosign#2155)

Bump github.com/xanzy/go-gitlab from 0.71.0 to 0.72.0 (sigstore/cosign#2148)

Bump tests to use scaffolding-0.4.3. (sigstore/cosign#2153)

Bump google.golang.org/api from 0.91.0 to 0.92.0 (sigstore/cosign#2150)

Bump actions/cache from 3.0.6 to 3.0.7 (sigstore/cosign#2151)

Use TUF from scaffolding for validating cosign. (sigstore/cosign#2146)

Bump github.com/hashicorp/go-secure-stdlib/parseutil from 0.1.6 to 0.1.7 (sigstore/cosign#2141)

Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 (sigstore/cosign#2140)

Bump github.com/xanzy/go-gitlab from 0.70.0 to 0.71.0 (sigstore/cosign#2142)

Bump actions/cache from 3.0.5 to 3.0.6 (sigstore/cosign#2136)

Bump github.com/go-piv/piv-go from 1.9.0 to 1.10.0 (sigstore/cosign#2135)

Bump github/codeql-action from 2.1.17 to 2.1.18 (sigstore/cosign#2129)

Update CHANGELOG for 1.10.1 release (sigstore/cosign#2130)

Contributors

Asra Ali (@asraa)

Batuhan Apaydın (@developer-guy)

... (truncated)

Commits

6bfac1a update builder image (#2174)
3dfe253 add changelog for v1.11.0 (#2173)
cb4898b fix panic when os.Stat returns an error besides ErrNotExists (#2162)
50153d1 Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 (#2167)
93284d6 fix: add env cmd to root (#2171)
83c8134 Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#2168)
c504f45 update e2e job to run only when push to main (#2169)
339c0d7 fix: rekor get tlog entry with uuid (#2058)
f84052f use updated device flow logic with PKCE (#2163)
026523a Remove third_party (#2166)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.10.1 to 1.11.0. - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v1.10.1...v1.11.0) --- updated-dependencies: - dependency-name: github.com/sigstore/cosign dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 22, 2022

cpanato approved these changes Aug 22, 2022

View reviewed changes

cpanato merged commit ec2da04 into main Aug 22, 2022

cpanato deleted the dependabot/go_modules/github.com/sigstore/cosign-1.11.0 branch August 22, 2022 11:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #119

Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #119

dependabot bot commented on behalf of github Aug 22, 2022

Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #119

Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #119

Conversation

dependabot bot commented on behalf of github Aug 22, 2022

v1.11.0

What's Changed

New Contributors

Thanks to all contributors!

v1.11.0

Enhancements

Bug Fixes

Documention

Others

Contributors