Bump github.com/sigstore/cosign/v2 from 2.0.1 to 2.0.2 #299

dependabot · 2023-05-01T07:05:04Z

Bumps github.com/sigstore/cosign/v2 from 2.0.1 to 2.0.2.

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.0.2

Installation
go install github.com/sigstore/cosign/v2/cmd/cosign@v2.0.2
Enhancements

Update sigstore/sigstore to v1.6.2 to pick up TUF CDN change (#2891)

feat: Make cosign copy faster (#2901)

remove sget (#2885)

Require a payload to be provided with a signature (#2785)

Bug Fixes

cmd: Change error message from KeyParseError to PubKeyParseError for verify-blob. (#2876)

Use SOURCE_DATE_EPOCH for OCI CreatedAt times (#2878)

Documentation

Remove experimental warning from Fulcio flags (#2923)

add missing oidc provider (#2922)

Add zot as a supported registry (#2920)

deprecates kms_support docs (#2900)

chore(docs) deprecate note for usage docs (#2906)

adds note of deprecation for examples.md docs (#2899)

Contributors

Carlos Tadeu Panato Junior

Chris Burns

Dmitry Savintsev

eiffel-fl

Hayden B

Hector Fernandez

Jon Johnson

Miloslav Trmač

priyawadhwa

Ramkumar Chinchani

Full Changelog: sigstore/cosign@v2.0.1...v2.0.2

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.0.2

Enhancements

Update sigstore/sigstore to v1.6.2 to pick up TUF CDN change (#2891)

feat: Make cosign copy faster (#2901)

remove sget (#2885)

Require a payload to be provided with a signature (#2785)

Bug Fixes

cmd: Change error message from KeyParseError to PubKeyParseError for verify-blob. (#2876)

Use SOURCE_DATE_EPOCH for OCI CreatedAt times (#2878)

Documentation

Remove experimental warning from Fulcio flags (#2923)

add missing oidc provider (#2922)

Add zot as a supported registry (#2920)

deprecates kms_support docs (#2900)

chore(docs) deprecate note for usage docs (#2906)

adds note of deprecation for examples.md docs (#2899)

Contributors

Carlos Tadeu Panato Junior

Chris Burns

Dmitry Savintsev

eiffel-fl

Hayden B

Hector Fernandez

Jon Johnson

Miloslav Trmač

priyawadhwa

Ramkumar Chinchani

Commits

8714480 chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#2924)
dc22795 Remove experimental warning from Fulcio flags (#2923)
0da5bc0 add missing oidc provider (#2922)
37f75f6 Add zot as a supported registry (#2920)
dc101a1 Bump sigstore/sigstore dependency to 1.6.3 (#2918)
a1d40cd chore(deps): bump codecov/codecov-action from 3.1.2 to 3.1.3 (#2917)
80c035f chore(deps): bump google.golang.org/api from 0.118.0 to 0.119.0 (#2916)
08e9a86 minor comments changes (#2913)
771e323 chore(deps): bump github.com/go-openapi/runtime from 0.25.0 to 0.26.0 (#2911)
57eff08 chore(deps): bump google-github-actions/auth from 1.0.0 to 1.1.0 (#2912)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v2.0.1...v2.0.2) --- updated-dependencies: - dependency-name: github.com/sigstore/cosign/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

cpanato · 2023-05-01T12:02:38Z

Lgtm

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 1, 2023

github-actions bot approved these changes May 1, 2023

View reviewed changes

github-actions bot enabled auto-merge (squash) May 1, 2023 07:05

github-actions bot merged commit df022a6 into main May 1, 2023
12 checks passed

github-actions bot deleted the dependabot/go_modules/github.com/sigstore/cosign/v2-2.0.2 branch May 1, 2023 07:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/sigstore/cosign/v2 from 2.0.1 to 2.0.2 #299

Bump github.com/sigstore/cosign/v2 from 2.0.1 to 2.0.2 #299

dependabot bot commented on behalf of github May 1, 2023

cpanato commented May 1, 2023

Bump github.com/sigstore/cosign/v2 from 2.0.1 to 2.0.2 #299

Bump github.com/sigstore/cosign/v2 from 2.0.1 to 2.0.2 #299

Conversation

dependabot bot commented on behalf of github May 1, 2023

v2.0.2

Installation

Enhancements

Bug Fixes

Documentation

Contributors

v2.0.2

Enhancements

Bug Fixes

Documentation

Contributors

cpanato commented May 1, 2023