-
Notifications
You must be signed in to change notification settings - Fork 68
Comparing changes
Open a pull request
base repository: sigstore/gitsign
base: v0.13.0
head repository: sigstore/gitsign
compare: main
- 18 commits
- 9 files changed
- 3 contributors
Commits on Apr 15, 2025
-
Bump the gomod group across 1 directory with 5 updates (#665)
* Bump the gomod group across 1 directory with 5 updates Bumps the gomod group with 3 updates in the / directory: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs), [github.com/sigstore/rekor](https://github.com/sigstore/rekor) and [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore). Updates `github.com/sigstore/protobuf-specs` from 0.4.0 to 0.4.1 - [Release notes](https://github.com/sigstore/protobuf-specs/releases) - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md) - [Commits](sigstore/protobuf-specs@v0.4.0...v0.4.1) Updates `github.com/sigstore/rekor` from 1.3.9 to 1.3.10 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.3.9...v1.3.10) Updates `github.com/sigstore/sigstore` from 1.9.1 to 1.9.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.1...v1.9.3) Updates `golang.org/x/crypto` from 0.36.0 to 0.37.0 - [Commits](golang/crypto@v0.36.0...v0.37.0) Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6 --- updated-dependencies: - dependency-name: github.com/sigstore/protobuf-specs dependency-version: 0.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/rekor dependency-version: 1.3.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore dependency-version: 1.9.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: golang.org/x/crypto dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: google.golang.org/protobuf dependency-version: 1.36.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sigstore-go to v0.7.2 Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
Configuration menu - View commit details
-
Copy full SHA for bd7dbe5 - Browse repository at this point
Copy the full SHA bd7dbe5View commit details
Commits on Apr 18, 2025
-
Bump github.com/coreos/go-oidc/v3 from 3.12.0 to 3.13.0 (#652)
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.12.0 to 3.13.0. - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](coreos/go-oidc@v3.12.0...v3.13.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-oidc/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 8baf73b - Browse repository at this point
Copy the full SHA 8baf73bView commit details
Commits on Apr 21, 2025
-
Configuration menu - View commit details
-
Copy full SHA for 6d7fd07 - Browse repository at this point
Copy the full SHA 6d7fd07View commit details -
Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (#669)
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.4.3 to 2.5.0. - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v2.4.3...v2.5.0) --- updated-dependencies: - dependency-name: github.com/sigstore/cosign/v2 dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for dc70a08 - Browse repository at this point
Copy the full SHA dc70a08View commit details -
Bump golangci/golangci-lint-action from 6.5.2 to 7.0.0 (#662)
* Bump golangci/golangci-lint-action from 6.5.2 to 7.0.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.5.2 to 7.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@55c2c14...1481404) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Migrate golangci-lint config to v2 This migration is via golangci-lint migrate. Also, the workflow no longer passes in a timeout (it's been disabled in golangci-lint), and doesn't use an explicit version of golangci-lint either. Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net> * Remove shadow of builtin new function Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
Configuration menu - View commit details
-
Copy full SHA for f7423a3 - Browse repository at this point
Copy the full SHA f7423a3View commit details -
Bump github.com/go-git/go-git/v5 from 5.14.0 to 5.16.0 (#668)
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.14.0 to 5.16.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.14.0...v5.16.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 2a29627 - Browse repository at this point
Copy the full SHA 2a29627View commit details
Commits on Apr 28, 2025
-
Bump the actions group with 2 updates (#670)
Bumps the actions group with 2 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `sigstore/cosign-installer` from 3.8.1 to 3.8.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@d7d6bc7...3454372) Updates `anchore/sbom-action` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@f325610...9f73021) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: anchore/sbom-action dependency-version: 0.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 41ec75e - Browse repository at this point
Copy the full SHA 41ec75eView commit details
Commits on Apr 30, 2025
-
Bump github.com/sigstore/fulcio from 1.6.6 to 1.7.0 (#666)
* Bump github.com/sigstore/fulcio from 1.6.6 to 1.7.0 Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.6.6 to 1.7.0. - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.6.6...v1.7.0) --- updated-dependencies: - dependency-name: github.com/sigstore/fulcio dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * upgrade gomod Signed-off-by: Carlos Panato <ctadeu@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos Panato <ctadeu@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Panato <ctadeu@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 353ed4a - Browse repository at this point
Copy the full SHA 353ed4aView commit details -
Bump the gomod group across 1 directory with 2 updates (#672)
Bumps the gomod group with 2 updates in the / directory: [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) and [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore). Updates `github.com/sigstore/fulcio` from 1.7.0 to 1.7.1 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.7.0...v1.7.1) Updates `github.com/sigstore/sigstore` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/sigstore/fulcio dependency-version: 1.7.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for d153cbb - Browse repository at this point
Copy the full SHA d153cbbView commit details
Commits on May 5, 2025
-
Bump actions/attest-build-provenance in the actions group (#673)
Configuration menu - View commit details
-
Copy full SHA for ff96393 - Browse repository at this point
Copy the full SHA ff96393View commit details Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#674)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 7.0.0 to 8.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@1481404...4afd733) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 19b0397 - Browse repository at this point
Copy the full SHA 19b0397View commit details
Commits on May 12, 2025
-
Bump actions/setup-go from 5.4.0 to 5.5.0 in the actions group (#678)
Bumps the actions group with 1 update: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/setup-go` from 5.4.0 to 5.5.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0aaccfd...d35c59a) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 5.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 1835b39 - Browse repository at this point
Copy the full SHA 1835b39View commit details -
Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#677)
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.29.0 to 0.30.0. - [Commits](golang/oauth2@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 5fee3a2 - Browse repository at this point
Copy the full SHA 5fee3a2View commit details -
Bump golang.org/x/crypto from 0.37.0 to 0.38.0 (#676)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.37.0 to 0.38.0. - [Commits](golang/crypto@v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for d8b78ce - Browse repository at this point
Copy the full SHA d8b78ceView commit details
Commits on May 19, 2025
-
Bump anchore/sbom-action from 0.19.0 to 0.20.0 in the actions group (#…
…680) Bumps the actions group with 1 update: [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `anchore/sbom-action` from 0.19.0 to 0.20.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@9f73021...e11c554) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 4147cea - Browse repository at this point
Copy the full SHA 4147ceaView commit details -
Bump github.com/sigstore/protobuf-specs in the gomod group (#679)
Bumps the gomod group with 1 update: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs). Updates `github.com/sigstore/protobuf-specs` from 0.4.1 to 0.4.2 - [Release notes](https://github.com/sigstore/protobuf-specs/releases) - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md) - [Commits](sigstore/protobuf-specs@v0.4.1...v0.4.2) --- updated-dependencies: - dependency-name: github.com/sigstore/protobuf-specs dependency-version: 0.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for a49bf9e - Browse repository at this point
Copy the full SHA a49bf9eView commit details
Commits on Jun 9, 2025
-
Bump golang.org/x/crypto from 0.38.0 to 0.39.0 (#682)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.38.0 to 0.39.0. - [Commits](golang/crypto@v0.38.0...v0.39.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 89fabad - Browse repository at this point
Copy the full SHA 89fabadView commit details -
Bump github.com/go-git/go-git/v5 in the gomod group (#681)
Bumps the gomod group with 1 update: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git). Updates `github.com/go-git/go-git/v5` from 5.16.0 to 5.16.2 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.0...v5.16.2) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for ef67984 - Browse repository at this point
Copy the full SHA ef67984View commit details
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v0.13.0...main