8000 Comparing v0.13.0...main · sigstore/gitsign · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/gitsign
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.13.0
Choose a base ref
...
head repository: sigstore/gitsign
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
  • 18 commits
  • 9 files changed
  • 3 contributors

Commits on Apr 15, 2025

  1. Bump the gomod group across 1 directory with 5 updates (#665)

    * Bump the gomod group across 1 directory with 5 updates
    
    Bumps the gomod group with 3 updates in the / directory: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs), [github.com/sigstore/rekor](https://github.com/sigstore/rekor) and [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore).
    
    
    Updates `github.com/sigstore/protobuf-specs` from 0.4.0 to 0.4.1
    - [Release notes](https://github.com/sigstore/protobuf-specs/releases)
    - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
    - [Commits](sigstore/protobuf-specs@v0.4.0...v0.4.1)
    
    Updates `github.com/sigstore/rekor` from 1.3.9 to 1.3.10
    - [Release notes](https://github.com/sigstore/rekor/releases)
    - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
    - [Commits](sigstore/rekor@v1.3.9...v1.3.10)
    
    Updates `github.com/sigstore/sigstore` from 1.9.1 to 1.9.3
    - [Release notes](https://github.com/sigstore/sigstore/releases)
    - [Commits](sigstore/sigstore@v1.9.1...v1.9.3)
    
    Updates `golang.org/x/crypto` from 0.36.0 to 0.37.0
    - [Commits](golang/crypto@v0.36.0...v0.37.0)
    
    Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6
    
    ---
    updated-dependencies:
    - dependency-name: github.com/sigstore/protobuf-specs
      dependency-version: 0.4.1
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: gomod
    - dependency-name: github.com/sigstore/rekor
      dependency-version: 1.3.10
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: gomod
    - dependency-name: github.com/sigstore/sigstore
      dependency-version: 1.9.3
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: gomod
    - dependency-name: golang.org/x/crypto
      dependency-version: 0.37.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: gomod
    - dependency-name: google.golang.org/protobuf
      dependency-version: 1.36.6
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: gomod
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    * Bump sigstore-go to v0.7.2
    
    Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
    dependabot[bot] and adityasaky authored Apr 15, 2025
    Configuration menu
    Copy the full SHA
    bd7dbe5 View commit details
    Browse the repository at this point in the history

Commits on Apr 18, 2025

  1. Bump github.com/coreos/go-oidc/v3 from 3.12.0 to 3.13.0 (#652)

    Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.12.0 to 3.13.0.
    - [Release notes](https://github.com/coreos/go-oidc/releases)
    - [Commits](coreos/go-oidc@v3.12.0...v3.13.0)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/coreos/go-oidc/v3
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Apr 18, 2025
    Configuration menu
    Copy the full SHA
    8baf73b View commit details
    Browse the repository at this point in the history

Commits on Apr 21, 2025

  1. Configuration menu
    Copy the full SHA
    6d7fd07 View commit details
    Browse the repository at this point in the history
  2. Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (#669)

    Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.4.3 to 2.5.0.
    - [Release notes](https://github.com/sigstore/cosign/releases)
    - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
    - [Commits](sigstore/cosign@v2.4.3...v2.5.0)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/sigstore/cosign/v2
      dependency-version: 2.5.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Apr 21, 2025
    Configuration menu
    Copy the full SHA
    dc70a08 View commit details
    Browse the repository at this point in the history
  3. Bump golangci/golangci-lint-action from 6.5.2 to 7.0.0 (#662)

    * Bump golangci/golangci-lint-action from 6.5.2 to 7.0.0
    
    Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.5.2 to 7.0.0.
    - [Release notes](https://github.com/golangci/golangci-lint-action/releases)
    - [Commits](golangci/golangci-lint-action@55c2c14...1481404)
    
    ---
    updated-dependencies:
    - dependency-name: golangci/golangci-lint-action
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    * Migrate golangci-lint config to v2
    
    This migration is via golangci-lint migrate. Also, the workflow no
    longer passes in a timeout (it's been disabled in golangci-lint), and
    doesn't use an explicit version of golangci-lint either.
    
    Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
    
    * Remove shadow of builtin new function
    
    Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
    dependabot[bot] and adityasaky authored Apr 21, 2025
    Configuration menu
    Copy the full SHA
    f7423a3 View commit details
    Browse the repository at this point in the history
  4. Bump github.com/go-git/go-git/v5 from 5.14.0 to 5.16.0 (#668)

    Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.14.0 to 5.16.0.
    - [Release notes](https://github.com/go-git/go-git/releases)
    - [Commits](go-git/go-git@v5.14.0...v5.16.0)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/go-git/go-git/v5
      dependency-version: 5.16.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Apr 21, 2025
    Configuration menu
    Copy the full SHA
    2a29627 View commit details
    Browse the repository at this point in the history

Commits on Apr 28, 2025

  1. Bump the actions group with 2 updates (#670)

    Bumps the actions group with 2 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [anchore/sbom-action](https://github.com/anchore/sbom-action).
    
    
    Updates `sigstore/cosign-installer` from 3.8.1 to 3.8.2
    - [Release notes](https://github.com/sigstore/cosign-installer/releases)
    - [Commits](sigstore/cosign-installer@d7d6bc7...3454372)
    
    Updates `anchore/sbom-action` from 0.18.0 to 0.19.0
    - [Release notes](https://github.com/anchore/sbom-action/releases)
    - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
    - [Commits](anchore/sbom-action@f325610...9f73021)
    
    ---
    updated-dependencies:
    - dependency-name: sigstore/cosign-installer
      dependency-version: 3.8.2
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: actions
    - dependency-name: anchore/sbom-action
      dependency-version: 0.19.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: actions
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Apr 28, 2025
    Configuration menu
    Copy the full SHA
    41ec75e View commit details
    Browse the repository at this point in the history

Commits on Apr 30, 2025

  1. Bump github.com/sigstore/fulcio from 1.6.6 to 1.7.0 (#666)

    * Bump github.com/sigstore/fulcio from 1.6.6 to 1.7.0
    
    Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.6.6 to 1.7.0.
    - [Release notes](https://github.com/sigstore/fulcio/releases)
    - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
    - [Commits](sigstore/fulcio@v1.6.6...v1.7.0)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/sigstore/fulcio
      dependency-version: 1.7.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    
    * upgrade gomod
    
    Signed-off-by: Carlos Panato <ctadeu@gmail.com>
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Signed-off-by: Carlos Panato <ctadeu@gmail.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Carlos Panato <ctadeu@gmail.com>
    dependabot[bot] and cpanato authored Apr 30, 2025
    Configuration menu
    Copy the full SHA
    353ed4a View commit details
    Browse the repository at this point in the history
  2. Bump the gomod group across 1 directory with 2 updates (#672)

    Bumps the gomod group with 2 updates in the / directory: [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) and [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore).
    
    
    Updates `github.com/sigstore/fulcio` from 1.7.0 to 1.7.1
    - [Release notes](https://github.com/sigstore/fulcio/releases)
    - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
    - [Commits](sigstore/fulcio@v1.7.0...v1.7.1)
    
    Updates `github.com/sigstore/sigstore` from 1.9.3 to 1.9.4
    - [Release notes](https://github.com/sigstore/sigstore/releases)
    - [Commits](sigstore/sigstore@v1.9.3...v1.9.4)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/sigstore/fulcio
      dependency-version: 1.7.1
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: gomod
    - dependency-name: github.com/sigstore/sigstore
      dependency-version: 1.9.4
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: gomod
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Apr 30, 2025
    Configuration menu
    Copy the full SHA
    d153cbb View commit details
    Browse the repository at this point in the history

Commits on May 5, 2025

  1. Bump actions/attest-build-provenance in the actions group (#673)

    dependabot[bot] authored May 5, 2025
    Configuration menu
    Copy the full SHA
    ff96393 View commit details
    Browse the repository at this point in the history
  2. Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#674)

    Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 7.0.0 to 8.0.0.
    - [Release notes](https://github.com/golangci/golangci-lint-action/releases)
    - [Commits](golangci/golangci-lint-action@1481404...4afd733)
    
    ---
    updated-dependencies:
    - dependency-name: golangci/golangci-lint-action
      dependency-version: 8.0.0
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored May 5, 2025
    Configuration menu
    Copy the full SHA
    19b0397 View commit details
    Browse the repository at this point in the history

Commits on May 12, 2025

  1. Bump actions/setup-go from 5.4.0 to 5.5.0 in the actions group (#678)

    Bumps the actions group with 1 update: [actions/setup-go](https://github.com/actions/setup-go).
    
    
    Updates `actions/setup-go` from 5.4.0 to 5.5.0
    - [Release notes](https://github.com/actions/setup-go/releases)
    - [Commits](actions/setup-go@0aaccfd...d35c59a)
    
    ---
    updated-dependencies:
    - dependency-name: actions/setup-go
      dependency-version: 5.5.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: actions
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored May 12, 2025
    Configuration menu
    Copy the full SHA
    1835b39 View commit details
    Browse the repository at this point in the history
  2. Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#677)

    Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.29.0 to 0.30.0.
    - [Commits](golang/oauth2@v0.29.0...v0.30.0)
    
    ---
    updated-dependencies:
    - dependency-name: golang.org/x/oauth2
      dependency-version: 0.30.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored May 12, 2025
    Configuration menu
    Copy the full SHA
    5fee3a2 View commit details
    Browse the repository at this point in the history
  3. Bump golang.org/x/crypto from 0.37.0 to 0.38.0 (#676)

    Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.37.0 to 0.38.0.
    - [Commits](golang/crypto@v0.37.0...v0.38.0)
    
    ---
    updated-dependencies:
    - dependency-name: golang.org/x/crypto
      dependency-version: 0.38.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored May 12, 2025
    Configuration menu
    Copy the full SHA
    d8b78ce View commit details
    Browse the repository at this point in the history

Commits on May 19, 2025

  1. Bump anchore/sbom-action from 0.19.0 to 0.20.0 in the actions group (#…

    …680)
    
    Bumps the actions group with 1 update: [anchore/sbom-action](https://github.com/anchore/sbom-action).
    
    
    Updates `anchore/sbom-action` from 0.19.0 to 0.20.0
    - [Release notes](https://github.com/anchore/sbom-action/releases)
    - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
    - [Commits](anchore/sbom-action@9f73021...e11c554)
    
    ---
    updated-dependencies:
    - dependency-name: anchore/sbom-action
      dependency-version: 0.20.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: actions
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored May 19, 2025
    Configuration menu
    Copy the full SHA
    4147cea View commit details
    Browse the repository at this point in the history
  2. Bump github.com/sigstore/protobuf-specs in the gomod group (#679)

    Bumps the gomod group with 1 update: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs).
    
    
    Updates `github.com/sigstore/protobuf-specs` from 0.4.1 to 0.4.2
    - [Release notes](https://github.com/sigstore/protobuf-specs/releases)
    - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
    - [Commits](sigstore/protobuf-specs@v0.4.1...v0.4.2)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/sigstore/protobuf-specs
      dependency-version: 0.4.2
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: gomod
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored May 19, 2025
    Configuration menu
    Copy the full SHA
    a49bf9e View commit details
    Browse the repository at this point in the history

Commits on Jun 9, 2025

  1. Bump golang.org/x/crypto from 0.38.0 to 0.39.0 (#682)

    Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.38.0 to 0.39.0.
    - [Commits](golang/crypto@v0.38.0...v0.39.0)
    
    ---
    updated-dependencies:
    - dependency-name: golang.org/x/crypto
      dependency-version: 0.39.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jun 9, 2025
    Configuration menu
    Copy the full SHA
    89fabad View commit details
    Browse the repository at this point in the history
  2. Bump github.com/go-git/go-git/v5 in the gomod group (#681)

    Bumps the gomod group with 1 update: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git).
    
    
    Updates `github.com/go-git/go-git/v5` from 5.16.0 to 5.16.2
    - [Release notes](https://github.com/go-git/go-git/releases)
    - [Commits](go-git/go-git@v5.16.0...v5.16.2)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/go-git/go-git/v5
      dependency-version: 5.16.2
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: gomod
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jun 9, 2025
    Configuration menu
    Copy the full SHA
    ef67984 View commit details
    Browse the repository at this point in the history
Loading
0