Releases: sigstore/gitsign
Releases · sigstore/gitsign
v0.13.0
What's Changed
- Bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 by @dependabot in #616
- Bump github.com/jonboulle/clockwork from 0.4.0 to 0.5.0 by @dependabot in #615
- Bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 by @dependabot in #614
- Fix non-constant format string error by @TomHennen in #619
- Bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 in the actions group by @dependabot in #622
- Modernize attest statements by @TomHennen in #620
- Bump the actions group with 3 updates by @dependabot in #625
- Enable CGO on riscv64 by @Xeonacid in #631
- Bump the actions group with 2 updates by @dependabot in #628
- goreleaser: Replace deprecated options by @adityasaky in #633
- Fix test for go-git update by @adityasaky in #632
- Bump the actions group with 2 updates by @dependabot in #634
- Bump the gomod group across 1 directory with 8 updates by @dependabot in #635
- Bump the actions group with 2 updates by @dependabot in #638
- Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by @dependabot in #639
- Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @dependabot in #637
- Bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 in the go_modules group by @dependabot in #640
- Bump the gomod group with 6 updates by @dependabot in #636
- Bump the actions group with 2 updates by @dependabot in #641
- Bump golang.org/x/oauth2 from 0.26.0 to 0.27.0 by @dependabot in #644
- Bump github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0 by @dependabot in #643
- Bump golang.org/x/crypto from 0.33.0 to 0.35.0 by @dependabot in #642
- Bump actions/attest-build-provenance from 2.2.2 to 2.2.3 in the actions group by @dependabot in #645
- Bump golang.org/x/crypto from 0.35.0 to 0.36.0 by @dependabot in #648
- Bump github.com/sigstore/sigstore from 1.8.15 to 1.9.0 by @dependabot in #646
- Bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 by @dependabot in #647
- Bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by @dependabot in #649
- Bump the actions group with 2 updates by @dependabot in #650
- Bump github.com/golang-jwt/jw 8000 t/v5 from 5.2.1 to 5.2.2 in the go_modules group by @dependabot in #653
- Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 in the go_modules group by @dependabot in #654
- Bump the actions group with 3 updates by @dependabot in #656
- Enable signing with --detached-sign flag. by @wlynch in #657
- Bump the gomod group with 2 updates by @dependabot in #651
- Bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 in the actions group by @dependabot in #661
- Add verify-tag command for Git tag signature verification by @haya14busa in #659
New Contributors
- @TomHennen made their first contribution in #619
- @Xeonacid made their first contribution in #631
- @haya14busa made their first contribution in #659
Full Changelog: v0.12.0...v0.13.0
Contributors
wlynch, haya14busa, and 4 other contributors
Assets 80
- 4.68 KB
2025-04-09T13:31:41Z - 275 KB
2025-04-09T13:31:36Z - 46.3 KB
2025-04-09T13:31:41Z - 46.3 KB
2025-04-09T13:31:40Z - 11 MB
2025-04-09T13:31:33Z - 3.08 KB
2025-04-09T13:31:43Z - 46 KB
2025-04-09T13:31:41Z - 96 Bytes
2025-04-09T13:31:43Z - 10.6 MB
2025-04-09T13:31:33Z - 3.09 KB
2025-04-09T13:31:43Z -
2025-04-09T13:18:50Z -
2025-04-09T13:18:50Z - Loading
v0.12.0
Contributors
philips and wlynch
Assets 80
v0.11.0
Changelog
- 8e08985 Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.1 (#573)
- 036c118 Fix matching of tlog entries to payload (#584)
- da79e4b Fix unhandled extension issue for cached certs (#583)
- 02af74d Update credential-cache messages to user (#582)
- 51907a6 Support gitsign-credential-cache on Windows (#579)
- 45f647b Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#580)
- 6b63283 Bump anchore/sbom-action from 0.17.3 to 0.17.4 in the actions group (#581)
- 1b11c27 Trigger workflows on push only to main branch (#578)
- 73821e1 Bump the gomod group across 1 directory with 2 updates (#577)
- 0a530d1 Bump github.com/sigstore/fulcio from 1.5.1 to 1.6.5 (#575)
- 3a6b5ff Bump Go to 1.23.2 and golangci-lint to 1.61 (#576)
- ec41a4e Bump anchore/sbom-action from 0.17.2 to 0.17.3 in the actions group (#572)
- a9e5bf9 Bump github.com/docker/docker (#553)
- aa71ea8 Handle GeneralName as SAN (#571)
- 7b9a59e Bump the actions group across 1 directory with 6 updates (#569)
- 6619f72 Fix gitsign env test (#568)
- 512c386 Bump the actions group with 2 updates (#552)
- 7d7b847 e2e tests: Use beacon token. (#549)
- 6ba65fc Bump github.com/sigstore/fulcio from 1.4.5 to 1.5.1 (#541)
- 3a204ff Bump github.com/mattn/go-tty from 0.0.5 to 0.0.7 in the gomod group (#546)
- 0504d6b Bump docker/login-action from 3.2.0 to 3.3.0 in the actions group (#545)
- a7b5867 Bump anchore/sbom-action from 0.16.1 to 0.17.0 in the actions group (#543)
- fdd6e3a update go to 1.22.5 and fix golangci-lint action (#542)
- e999077 Bump github.com/sigstore/sigstore from 1.8.6 to 1.8.7 in the gomod group (#539)
- 94dc609 Bump github.com/coreos/go-oidc/v3 from 3.10.0 to 3.11.0 (#540)
- 7d10c99 Bump the actions group with 3 updates (#538)
- 359a77d Bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#536)
- 1624fdb Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#535)
- 0ba49a1 Bump github.com/sigstore/sigstore from 1.8.4 to 1.8.6 in the gomod group (#534)
- 6431500 Support for Client Secret File (#533)
- d911d96 Point to homebrew-core (#531)
- 7819bd0 Bump actions/attest-build-provenance in the actions group (#530)
- 56549b7 Bump actions/attest-build-provenance in the actions group (#529)
- 3e5444a Updates ci/dependabot/release (#528)
- d20b0f0 Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#527)
- 36ec1cc Bump imjasonh/setup-crane from 0.3 to 0.4 (#524)
- bed15d1 Bump actions/checkout from 4.1.6 to 4.1.7 (#525)
- 024ac5f Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#521)
- 42af7c1 Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 (#522)
- 3c280a2 Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#523)
- bc5ec37 resolves #516 adds support for private rekor for gitsign attest (#517)
- d94bdd9 launchctl commands for macOS users (#520)
- 51c08dc Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 (#518)
- 7dbcc46 Bump docker/login-action from 3.1.0 to 3.2.0 (#519)
- 2818752 Bump anchore/sbom-action from 0.15.11 to 0.16.0 (#514)
- 7c3d86d Bump actions/checkout from 4.1.5 to 4.1.6 (#513)
Thanks to all contributors!
v0.10.2
What's Changed
Not much! All dependency bumps.
- Bump golang.org/x/crypto from 0.21.0 to 0.22.0 by @dependabot in #490
- Bump imjasonh/setup-crane from 0.2 to 0.3 by @dependabot in #485
- Bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 by @dependabot in #489
- Bump github.com/sigstore/rekor from 1.3.5 to 1.3.6 by @dependabot in #487
- Bump github.com/sigstore/protobuf-specs from 0.3.0 to 0.3.1 by @dependabot in #486
- Bump github.com/sigstore/fulcio from 1.4.4 to 1.4.5 by @dependabot in #488
- Remove local-user validation. by @wlynch in #491
- Bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 by @dependabot in #492
- Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #493
- Bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #494
- Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #495
- e2e.yaml: Avoid non-versioned TUF metadata by @jku in #496
- Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #500
- Bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 by @dependabot in #503
- Bump google.golang.org/protobuf from 1.33.0 to 1.34.0 by @dependabot in #502
- Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #504
- Bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in #505
- Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #499
- Bump anchore/sbom-action from 0.15.10 to 0.15.11 by @dependabot in #498
- Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #512
- Bump google.golang.org/protobuf from 1.34.0 to 1.34.1 by @dependabot in #508
- Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #511
- Bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #510
- Bump github.com/sigstore/protobuf-specs from 0.3.1 to 0.3.2 by @dependabot in #509
- Bump golang.org/x/crypto from 0.22.0 to 0.23.0 by @dependabot in #507
New Contributors
Full Changelog: v0.10.1...v0.10.2
Contributors
jku, wlynch, and dependabot
Assets 72
v0.10.1
v0.10.0
What's Changed
- Bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 by @dependabot in #468
- Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @dependabot in #467
- Bump anchore/sbom-action from 0.15.8 to 0.15.9 by @dependabot in #475
- Bump golang.org/x/crypto from 0.20.0 to 0.21.0 by @dependabot in #474
- Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #473
- Bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by @dependabot in #472
- Bump github.com/go-openapi/strfmt from 0.22.2 to 0.23.0 by @dependabot in #471
- Bump github.com/go-openapi/swag from 0.22.9 to 0.23.0 by @dependabot in #470
- Bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 by @dependabot in #469
- Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #476
- Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible by @dependabot in #477
- Bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 by @dependabot in #479
- Bump actions/cache from 4.0.1 to 4.0.2 by @dependabot in #478
- Bump github.com/sigstore/sigstore from 1.8.2 to 1.8.3 by @dependabot in #482
- Bump anchore/sbom-action from 0.15.9 to 0.15.10 by @dependabot in #480
- Bump github.com/go-git/go-git/v5 from 5.11.1-0.20240221104814-686a0f7a4928 to 5.12.0 by @dependabot in #481
- add gitsign image by @cpanato in #483
Full Changelog: v0.9.0...v0.10.0
Contributors
cpanato and dependabot
Assets 72
v0.9.0
Changelog
- e20deaa Add config options for Autoclose and AutocloseTimeout (#466)
- 3f2e97e Bump actions/cache from 4.0.0 to 4.0.1 (#456)
- 9ba5809 Bump github.com/go-openapi/strfmt from 0.22.0 to 0.22.2 (#464)
- 98923e1 Update to use go1.22 and ci udpates (#465)
- b3da2e6 Enable autoclose for sigstore confirmation page. (#455)
- c2ac22d CI updates and fix lints (#461)
- cedcc9d Remove GITSIGN_LOG env variable. (#463)
- 2e63fd0 Run e2e Go tests first. (#462)
- 6f20ffd Add go-git based signer implementation. (#454)
- 66e0ff5 Bump github.com/sigstore/protobuf-specs from 0.2.1 to 0.3.0 (#453)
- 57153a0 Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#450)
- 3eafadd Bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (#449)
- ae02bda Add GITSIGN_TOKEN_PROVIDER docs (#447)
- ff05b31 Add tokenProvider configuration for forcing OIDC providers. (#446)
Thanks to all contributors!
v0.8.1
What's Changed
Not much! All dependency bumps. 😎
- Bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 by @dependabot in #403
- Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 by @dependabot in #401
- Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 by @d 6D47 ependabot in #404
- Bump anchore/sbom-action from 0.14.3 to 0.15.0 by @dependabot in #405
- Bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 by @dependabot in #407
- Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 by @dependabot in #406
- Bump github.com/coreos/go-oidc/v3 from 3.7.0 to 3.8.0 by @dependabot in #408
- Bump github.com/sigstore/rekor from 1.3.3 to 1.3.4 by @dependabot in #409
- Bump github.com/go-openapi/strfmt from 0.21.7 to 0.21.8 by @dependabot in #410
- Bump github.com/coreos/go-oidc/v3 from 3.8.0 to 3.9.0 by @dependabot in #415
- Bump github.com/go-openapi/strfmt from 0.21.8 to 0.21.9 by @dependabot in #419
- Bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 by @dependabot in #418
- Bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 by @dependabot in #417
- Bump anchore/sbom-action from 0.15.0 to 0.15.1 by @dependabot in #413
- Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #412
- Bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.2 by @dependabot in #416
- Bump github.com/go-openapi/runtime from 0.26.0 to 0.26.2 by @dependabot in #414
- Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #420
- Bump github.com/go-openapi/swag from 0.22.4 to 0.22.5 by @dependabot in #421
- Bump github.com/go-openapi/strfmt from 0.21.9 to 0.21.10 by @dependabot in #422
- Bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #423
- Bump google.golang.org/protobuf from 1.31.0 to 1.32.0 by @dependabot in #427
- Bump github.com/go-openapi/swag from 0.22.5 to 0.22.6 by @dependabot in #425
- Bump github.com/sigstore/sigstore from 1.7.6 to 1.8.0 by @dependabot in #424
- Bump github.com/go-openapi/swag from 0.22.6 to 0.22.7 by @dependabot in #429
- Bump github.com/go-openapi/strfmt from 0.21.10 to 0.22.0 by @dependabot in #428
- Bump anchore/sbom-action from 0.15.1 to 0.15.2 by @dependabot in #430
- Bump github.com/cloudflare/circl from 1.3.5 to 1.3.7 by @dependabot in #431
- Bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 by @dependabot in #433
- Bump actions/cache from 3.3.2 to 3.3.3 by @dependabot in #434
- Bump anchore/sbom-action from 0.15.2 to 0.15.3 by @dependabot in #435
- Bump actions/cache from 3.3.3 to 4.0.0 by @dependabot in #436
- Bump anchore/sbom-action from 0.15.3 to 0.15.4 by @dependabot in #437
- Bump github.com/sigstore/sigstore from 1.8.0 to 1.8.1 by @dependabot in #438
- Bump github.com/go-openapi/runtime from 0.26.2 to 0.27.1 by @dependabot in #439
- Bump github.com/go-openapi/swag from 0.22.7 to 0.22.9 by @dependabot in #440
- Bump anchore/sbom-action from 0.15.4 to 0.15.5 by @dependabot in #441
- Bump anchore/sbom-action from 0.15.5 to 0.15.8 by @dependabot in #445
- Bump github.com/sigstore/cosign/v2 from 2.2.2 to 2.2.3 by @dependabot in #442
- Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #444
- Bump github.com/sigstore/rekor from 1.3.4 to 1.3.5 by @dependabot in #443
Full Changelog: v0.8.0...v0.8.1
Contributors
dependabot
Assets 72
v0.8.0
Rekor: https://search.sigstore.dev/?commitSha=01375268d822f8299a3d9c23f4fbd796c84bcaa5
Highlights
- cd66ccb Add options for Rekor client, make public key fetcher configurable. (#399)
- 530e976 Add gitsign initialize. (#321)
- 4bda12e Fix offline verification marshalling, add e2e tests. (#330)