8000 Comparing v0.13.0...main · sigstore/gitsign · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/gitsign
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.13.0
Choose a base ref
...
head repository: sigstore/gitsign
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
  • 18 commits
  • 9 files changed
  • 3 contributors

Commits on Apr 15, 2025

  1. Bump the gomod group across 1 directory with 5 updates (#665) 

    * Bump the gomod group across 1 directory with 5 updates

Bumps the gomod group with 3 updates in the / directory: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs), [github.com/sigstore/rekor](https://github.com/sigstore/rekor) and [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore).


Updates `github.com/sigstore/protobuf-specs` from 0.4.0 to 0.4.1
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.0...v0.4.1)

Updates `github.com/sigstore/rekor` from 1.3.9 to 1.3.10
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.3.9...v1.3.10)

Updates `github.com/sigstore/sigstore` from 1.9.1 to 1.9.3
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.1...v1.9.3)

Updates `golang.org/x/crypto` from 0.36.0 to 0.37.0
- [Commits](golang/crypto@v0.36.0...v0.37.0)

Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6

---
updated-dependencies:
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.3.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump sigstore-go to v0.7.2

Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
    @dependabot @adityasaky
    dependabot[bot] and adityasaky authored Apr 15, 2025
    Configuration menu
    Copy the full SHA
    bd7dbe5 View commit details
    Browse the repository at this point in the history

Commits on Apr 18, 2025

  1. Bump github.com/coreos/go-oidc/v3 from 3.12.0 to 3.13.0 (#652) 

    Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.12.0 to 3.13.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](coreos/go-oidc@v3.12.0...v3.13.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 18, 2025
    Configuration menu
    Copy the full SHA
    8baf73b View commit details
    Browse the repository at this point in the history

Commits on Apr 21, 2025

  1. Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#667)

    @dependabot
    dependabot[bot] authored Apr 21, 2025
    Configuration menu
    Copy the full SHA
    6d7fd07 View commit details
    Browse the repository at this point in the history

  2. Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (#669) 

    Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.4.3 to 2.5.0.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.4.3...v2.5.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 21, 2025
    Configuration menu
    Copy the full SHA
    dc70a08 View commit details
    Browse the repository at this point in the history

  3. Bump golangci/golangci-lint-action from 6.5.2 to 7.0.0 (#662) 

    * Bump golangci/golangci-lint-action from 6.5.2 to 7.0.0

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.5.2 to 7.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@55c2c14...1481404)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Migrate golangci-lint config to v2

This migration is via golangci-lint migrate. Also, the workflow no
longer passes in a timeout (it's been disabled in golangci-lint), and
doesn't use an explicit version of golangci-lint either.

Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>

* Remove shadow of builtin new function

Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aditya Sirish A Yelgundhalli <ayelgundhall@bloomberg.net>
    @dependabot @adityasaky
    dependabot[bot] and adityasaky authored Apr 21, 2025
    Configuration menu
    Copy the full SHA
    f7423a3 View commit details
    Browse the repository at this point in the history

  4. Bump github.com/go-git/go-git/v5 from 5.14.0 to 5.16.0 (#668) 

    Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.14.0 to 5.16.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.14.0...v5.16.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 21, 2025
    Configuration menu
    Copy the full SHA
    2a29627 View commit details
    Browse the repository at this point in the history

Commits on Apr 28, 2025

  1. Bump the actions group with 2 updates (#670) 

    Bumps the actions group with 2 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [anchore/sbom-action](https://github.com/anchore/sbom-action).


Updates `sigstore/cosign-installer` from 3.8.1 to 3.8.2
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@d7d6bc7...3454372)

Updates `anchore/sbom-action` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@f325610...9f73021)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 3.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: anchore/sbom-action
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 28, 2025
    Configuration menu
    Copy the full SHA
    41ec75e View commit details
    Browse the repository at this point in the history

Commits on Apr 30, 2025

  1. Bump github.com/sigstore/fulcio from 1.6.6 to 1.7.0 (#666) 

    * Bump github.com/sigstore/fulcio from 1.6.6 to 1.7.0

Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.6.6 to 1.7.0.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](sigstore/fulcio@v1.6.6...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade gomod

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>
    @dependabot @cpanato
    dependabot[bot] and cpanato authored Apr 30, 2025
    Configuration menu
    Copy the full SHA
    353ed4a View commit details
    Browse the repository at this point in the history

  2. Bump the gomod group across 1 directory with 2 updates (#672) 

    Bumps the gomod group with 2 updates in the / directory: [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) and [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore).


Updates `github.com/sigstore/fulcio` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](sigstore/fulcio@v1.7.0...v1.7.1)

Updates `github.com/sigstore/sigstore` from 1.9.3 to 1.9.4
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.3...v1.9.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 30, 2025
    Configuration menu
    Copy the full SHA
    d153cbb View commit details
    Browse the repository at this point in the history

Commits on May 5, 2025

  1. Bump actions/attest-build-provenance in the actions group (#673)

    @dependabot
    dependabot[bot] authored May 5, 2025
    Configuration menu
    Copy the full SHA
    ff96393 View commit details
    Browse the repository at this point in the history

  2. Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#674) 

    Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@1481404...4afd733)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 5, 2025
    Configuration menu
    Copy the full SHA
    19b0397 View commit details
    Browse the repository at this point in the history

Commits on May 12, 2025

  1. Bump actions/setup-go from 5.4.0 to 5.5.0 in the actions group (#678) 

    Bumps the actions group with 1 update: [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/setup-go` from 5.4.0 to 5.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@0aaccfd...d35c59a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 5.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 12, 2025
    Configuration menu
    Copy the full SHA
    1835b39 View commit details
    Browse the repository at this point in the history

  2. Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#677) 

    Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.29.0 to 0.30.0.
- [Commits](golang/oauth2@v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 12, 2025
    Configuration menu
    Copy the full SHA
    5fee3a2 View commit details
    Browse the repository at this point in the history

  3. Bump golang.org/x/crypto from 0.37.0 to 0.38.0 (#676) 

    Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.37.0 to 0.38.0.
- [Commits](golang/crypto@v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 12, 2025
    Configuration menu
    Copy the full SHA
    d8b78ce View commit details
    Browse the repository at this point in the history

Commits on May 19, 2025

  1. Bump anchore/sbom-action from 0.19.0 to 0.20.0 in the actions group (#… 

    …680)

Bumps the actions group with 1 update: [anchore/sbom-action](https://github.com/anchore/sbom-action).


Updates `anchore/sbom-action` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@9f73021...e11c554)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 19, 2025
    Configuration menu
    Copy the full SHA
    4147cea View commit details
    Browse the repository at this point in the history

  2. Bump github.com/sigstore/protobuf-specs in the gomod group (#679) 

    Bumps the gomod group with 1 update: [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs).


Updates `github.com/sigstore/protobuf-specs` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.1...v0.4.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 19, 2025
    Configuration menu
    Copy the full SHA
    a49bf9e View commit details
    Browse the repository at this point in the history

Commits on Jun 9, 2025

  1. Bump golang.org/x/crypto from 0.38.0 to 0.39.0 (#682) 

    Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.38.0 to 0.39.0.
- [Commits](golang/crypto@v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 9, 2025
    Configuration menu
    Copy the full SHA
    89fabad View commit details
    Browse the repository at this point in the history

  2. Bump github.com/go-git/go-git/v5 in the gomod group (#681) 

    Bumps the gomod group with 1 update: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git).


Updates `github.com/go-git/go-git/v5` from 5.16.0 to 5.16.2
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.16.0...v5.16.2)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 9, 2025
    Configuration menu
    Copy the full SHA
    ef67984 View commit details
    Browse the repository at this point in the history
Loading
0