Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/sigstore/rekor from 1.0.1 to 1.1.0 #270

Merged
merged 1 commit into from Apr 3, 2023
Merged

Bump github.com/sigstore/rekor from 1.0.1 to 1.1.0 #270

merged 1 commit into from Apr 3, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 3, 2023
edited

Bumps github.com/sigstore/rekor from 1.0.1 to 1.1.0.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.1.0

Functional Enhancements

  • improve validation on intoto v0.0.2 type (#1351)
  • add feature to limit HTTP request body length to process (#1334)
  • add information about the file size limit (#1313)
  • Add script to backfill Redis from Rekor (#1163)
  • Feature: add search support for sha512 (#1142)

Quality Enhancements

  • fuzzing: refactor OSS-Fuzz build script (#1377)
  • Update cloudbuild for cosign 2.0 (#1375)
  • Tests - Additional sharding tests (#1180)
  • jar type: add fuzzer for 3rd-party dep (#1360)
  • update cosign to 2.0.0 and builder image and also cosign flags (#1368)
  • fuzzing: move alpine utils to fuzz utils (#1335)
  • fuzzing: add seed for alpine fuzzer (#1342)
  • jar: add v001 fuzzer (#1327)
  • fuzzing: open writer later in fuzz utils (#1326)
  • fuzzing: remove tar operations in alpine fuzzer (#1322)
  • alpine: add v001 fuzzer (#1316)
  • hashedrekord: add v001 fuzzer (#1315)
  • fuzzing: add call to IndexKeys in multiple fuzzers (#1302)
  • fuzzing: improve cose fuzzer (#1300)
  • fuzzing: improve fuzz utils (#1298)
  • fuzzing: improve alpine fuzzer (#1273)
  • fuzzing: go mod edit go-fuzz-headers (#1272)
  • fuzzing: add .options file (#1271)
  • fuzzing: build helm fuzzer from correct dir (#1264)
  • types: refactor multiple fuzzers (#1258)
  • helm: add fuzzer for provenance unmarshalling (#1243)
  • pki: add fuzzer (#1256)
  • Fuzzing: Add more bug detectors (#1253)
  • Refactor e2e - part 5 (#1236)
  • Removed unused tool/deps (#1244)
  • Fixed the invalid path (#1245)
  • Run latest fuzzers in OSS-Fuzz (#1221)
  • Fuzz tests - hashedrekord (#1224)
  • Update builder (#1228)
  • Revamping rekor e2e - part 4 of N (#1218)
  • types: add fuzzers (#1225)
  • jar type: add fuzzer (#1215)
  • Revamping rekor e2e - part 3 of N (#1177)
  • modify OSS-Fuzz build script (#1214)
  • move over oss-fuzz build script (#1204)
  • wrap redis client errors to aid debugging (#1176)
  • don't test release candidate builds in harness (#1183)
  • types/alpine: add fuzzer (#1200)
  • logging tweaks to improve usability (#1235)
  • Add backfill-redis to the release artifacts (#1174)

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.1.0

Functional Enhancements

  • improve validation on intoto v0.0.2 type (#1351)
  • add feature to limit HTTP request body length to process (#1334)
  • add information about the file size limit (#1313)
  • Add script to backfill Redis from Rekor (#1163)
  • Feature: add search support for sha512 (#1142)

Quality Enhancements

  • fuzzing: refactor OSS-Fuzz build script (#1377)
  • Update cloudbuild for cosign 2.0 (#1375)
  • Tests - Additional sharding tests (#1180)
  • jar type: add fuzzer for 3rd-party dep (#1360)
  • update cosign to 2.0.0 and builder image and also cosign flags (#1368)
  • fuzzing: move alpine utils to fuzz utils (#1335)
  • fuzzing: add seed for alpine fuzzer (#1342)
  • jar: add v001 fuzzer (#1327)
  • fuzzing: open writer later in fuzz utils (#1326)
  • fuzzing: remove tar operations in alpine fuzzer (#1322)
  • alpine: add v001 fuzzer (#1316)
  • hashedrekord: add v001 fuzzer (#1315)
  • fuzzing: add call to IndexKeys in multiple fuzzers (#1302)
  • fuzzing: improve cose fuzzer (#1300)
  • fuzzing: improve fuzz utils (#1298)
  • fuzzing: improve alpine fuzzer (#1273)
  • fuzzing: go mod edit go-fuzz-headers (#1272)
  • fuzzing: add .options file (#1271)
  • fuzzing: build helm fuzzer from correct dir (#1264)
  • types: refactor multiple fuzzers (#1258)
  • helm: add fuzzer for provenance unmarshalling (#1243)
  • pki: add fuzzer (#1256)
  • Fuzzing: Add more bug detectors (#1253)
  • Refactor e2e - part 5 (#1236)
  • Removed unused tool/deps (#1244)
  • Fixed the invalid path (#1245)
  • Run latest fuzzers in OSS-Fuzz (#1221)
  • Fuzz tests - hashedrekord (#1224)
  • Update builder (#1228)
  • Revamping rekor e2e - part 4 of N (#1218)
  • types: add fuzzers (#1225)
  • jar type: add fuzzer (#1215)
  • Revamping rekor e2e - part 3 of N (#1177)
  • modify OSS-Fuzz build script (#1214)
  • move over oss-fuzz build script (#1204)
  • wrap redis client errors to aid debugging (#1176)
  • don't test release candidate builds in harness (#1183)
  • types/alpine: add fuzzer (#1200)
  • logging tweaks to improve usability (#1235)
  • Add backfill-redis to the release artifacts (#1174)

... (truncated)

Commits
  • 4a65926 update CHANGELOG for v1.1.0 (#1409)
  • 01a2321 remove goroutine usage from SearchLogQuery (#1407)
  • abf7cee drop log messages regarding attestation storage to debug (#1408)
  • 924d5b1 build(deps): bump golang from 1724dc3 to f709934 (#1402)
  • 3f3f4a3 build(deps): bump github/codeql-action from 2.2.8 to 2.2.9 (#1403)
  • ed4fc16 build(deps): bump github.com/go-openapi/strfmt from 0.21.5 to 0.21.7 (#1404)
  • 14e3c4b build(deps): bump golang from 80950aa to 1724dc3 (#1400)
  • a88f219 build(deps): bump go.step.sm/crypto from 0.27.0 to 0.28.0 (#1401)
  • e72e127 build(deps): bump golang from 5990c4f to 80950aa (#1397)
  • 607e029 build(deps): bump actions/checkout from 3.4.0 to 3.5.0 (#1398)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 3, 2023
@github-actions github-actions bot enabled auto-merge (squash) April 3, 2023 07:02
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/sigstore/rekor-1.1.0 branch 2 times, most recently from cfcfc5b to 97bb81e Compare April 3, 2023 09:42
@dependabot
Bump github.com/sigstore/rekor from 1.0.1 to 1.1.0
87ef60f 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.0.1...v1.1.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/sigstore/rekor-1.1.0 branch from 97bb81e to 87ef60f Compare April 3, 2023 09:44
@github-actions github-actions bot merged commit 5c5ad79 into main Apr 3, 2023
12 checks passed
@github-actions github-actions bot deleted the dependabot/go_modules/github.com/sigstore/rekor-1.1.0 branch April 3, 2023 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wlynch wlynch wlynch approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@wlynch