Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #793

dependabot · 2022-08-22T01:32:04Z

Bumps github.com/sigstore/cosign from 1.10.1 to 1.11.0.

Release notes

Sourced from github.com/sigstore/cosign's releases.

v1.11.0

What's Changed

Update CHANGELOG for 1.10.1 release by @priyawadhwa in sigstore/cosign#2130

Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in sigstore/cosign#2129

Bump github.com/go-piv/piv-go from 1.9.0 to 1.10.0 by @dependabot in sigstore/cosign#2135

Bump actions/cache from 3.0.5 to 3.0.6 by @dependabot in sigstore/cosign#2136

Bump github.com/xanzy/go-gitlab from 0.70.0 to 0.71.0 by @dependabot in sigstore/cosign#2142

Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 by @dependabot in sigstore/cosign#2140

Bump github.com/hashicorp/go-secure-stdlib/parseutil from 0.1.6 to 0.1.7 by @dependabot in sigstore/cosign#2141

Verify the certificate chain against the Fulcio root trust by default by @wata727 in sigstore/cosign#2139

Add notes to clarify registry use. by @bendory in sigstore/cosign#2145

Use TUF from scaffolding for validating cosign. by @vaikas in sigstore/cosign#2146

Bump actions/cache from 3.0.6 to 3.0.7 by @dependabot in sigstore/cosign#2151

Bump google.golang.org/api from 0.91.0 to 0.92.0 by @dependabot in sigstore/cosign#2150

Bump tests to use scaffolding-0.4.3. by @vaikas in sigstore/cosign#2153

docs: clarify wording in spec about usage of certificate chain by @asraa in sigstore/cosign#2152

Bump github.com/xanzy/go-gitlab from 0.71.0 to 0.72.0 by @dependabot in sigstore/cosign#2148

Bump go.uber.org/atomic from 1.9.0 to 1.10.0 by @dependabot in sigstore/cosign#2155

Bump actions/github-script from 6.1.0 to 6.1.1 by @dependabot in sigstore/cosign#2156

fix: fix blob verification output with sharded rekor tlogs by @asraa in sigstore/cosign#2157

Run tests using Go 1.18 by @imjasonh in sigstore/cosign#2093

Bump sigs.k8s.io/release-utils from 0.6.0 to 0.7.3 by @dependabot in sigstore/cosign#2102

fix: adds envelope hash to in-toto entries in tlog entry creation by @nkreiger in sigstore/cosign#2118

fix handling of verify-attestation types for URIs by @otms61 in sigstore/cosign#2159

bump to scaffolding v0.4.4 by @vaikas in sigstore/cosign#2165

fix oidc post-merge job by @cpanato in sigstore/cosign#2164

Remove third_party by @imjasonh in sigstore/cosign#2166

use updated device flow logic with PKCE by @bobcallaway in sigstore/cosign#2163

fix: rekor get tlog entry with uuid by @asraa in sigstore/cosign#2058

update e2e job to run only when push to main by @cpanato in sigstore/cosign#2169

Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 by @dependabot in sigstore/cosign#2168

fix: add env cmd to root by @developer-guy in sigstore/cosign#2171

Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 by @dependabot in sigstore/cosign#2167

fix panic when os.Stat returns an error besides ErrNotExists by @dsa0x in sigstore/cosign#2162

add changelog for v1.11.0 by @cpanato in sigstore/cosign#2173

update builder image by @cpanato in sigstore/cosign#2174

New Contributors

@wata727 made their first contribution in sigstore/cosign#2139

@bendory made their first contribution in sigstore/cosign#2145

@nkreiger made their first contribution in sigstore/cosign#2118

@dsa0x made their first contribution in sigstore/cosign#2162

Full Changelog: sigstore/cosign@v1.10.1...v1.11.0

Thanks to all contributors!

Changelog

Sourced from github.com/sigstore/cosign's changelog.

v1.11.0

Enhancements

use updated device flow logic with PKCE (sigstore/cosign#2163)

Bug Fixes

fix panic when os.Stat returns an error besides ErrNotExists (sigstore/cosign#2162)

fix: add env cmd to root (sigstore/cosign#2171)

fix: rekor get tlog entry with uuid (sigstore/cosign#2058)

fix oidc post-merge job (sigstore/cosign#2164)

fix handling of verify-attestation types for URIs (sigstore/cosign#2159)

fix: adds envelope hash to in-toto entries in tlog entry creation (sigstore/cosign#2118)

fix: fix blob verification output (sigstore/cosign#2157)

Verify the certificate chain against the Fulcio root trust by default (sigstore/cosign#2139)

Documention

docs: clarify wording in spec about usage of certificate chain (sigstore/cosign#2152)

Add notes to clarify registry use. (sigstore/cosign#2145)

Others

Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 (sigstore/cosign#2167)

Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (sigstore/cosign#2168)

update e2e job to run only when push to main (sigstore/cosign#2169)

Remove third_party (sigstore/cosign#2166)

bump to scaffolding v0.4.4 (sigstore/cosign#2165)

Bump sigs.k8s.io/release-utils from 0.6.0 to 0.7.3 (sigstore/cosign#2102)

Run tests using Go 1.18 (sigstore/cosign#2093)

Bump actions/github-script from 6.1.0 to 6.1.1 (sigstore/cosign#2156)

Bump go.uber.org/atomic from 1.9.0 to 1.10.0 (sigstore/cosign#2155)

Bump github.com/xanzy/go-gitlab from 0.71.0 to 0.72.0 (sigstore/cosign#2148)

Bump tests to use scaffolding-0.4.3. (sigstore/cosign#2153)

Bump google.golang.org/api from 0.91.0 to 0.92.0 (sigstore/cosign#2150)

Bump actions/cache from 3.0.6 to 3.0.7 (sigstore/cosign#2151)

Use TUF from scaffolding for validating cosign. (sigstore/cosign#2146)

Bump github.com/hashicorp/go-secure-stdlib/parseutil from 0.1.6 to 0.1.7 (sigstore/cosign#2141)

Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 (sigstore/cosign#2140)

Bump github.com/xanzy/go-gitlab from 0.70.0 to 0.71.0 (sigstore/cosign#2142)

Bump actions/cache from 3.0.5 to 3.0.6 (sigstore/cosign#2136)

Bump github.com/go-piv/piv-go from 1.9.0 to 1.10.0 (sigstore/cosign#2135)

Bump github/codeql-action from 2.1.17 to 2.1.18 (sigstore/cosign#2129)

Update CHANGELOG for 1.10.1 release (sigstore/cosign#2130)

Contributors

Asra Ali (@asraa)

Batuhan Apaydın (@developer-guy)

... (truncated)

Commits

6bfac1a update builder image (#2174)
3dfe253 add changelog for v1.11.0 (#2173)
cb4898b fix panic when os.Stat returns an error besides ErrNotExists (#2162)
50153d1 Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 (#2167)
93284d6 fix: add env cmd to root (#2171)
83c8134 Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#2168)
c504f45 update e2e job to run only when push to main (#2169)
339c0d7 fix: rekor get tlog entry with uuid (#2058)
f84052f use updated device flow logic with PKCE (#2163)
026523a Remove third_party (#2166)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.10.1 to 1.11.0. - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v1.10.1...v1.11.0) --- updated-dependencies: - dependency-name: github.com/sigstore/cosign dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

codecov-commenter · 2022-08-22T01:34:19Z

Codecov Report

Merging #793 (c1f7b18) into main (cbe2784) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #793   +/-   ##
=======================================
  Coverage   51.45%   51.45%           
=======================================
  Files          44       44           
  Lines        3339     3339           
=======================================
  Hits         1718     1718           
  Misses       1401     1401           
  Partials      220      220

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 22, 2022

imjasonh approved these changes Aug 22, 2022

View reviewed changes

imjasonh merged commit 497ac17 into main Aug 22, 2022

dependabot bot deleted the dependabot/go_modules/github.com/sigstore/cosign-1.11.0 branch August 22, 2022 13:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #793

Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #793

dependabot bot commented on behalf of github Aug 22, 2022

codecov-commenter commented Aug 22, 2022

Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #793

Bump github.com/sigstore/cosign from 1.10.1 to 1.11.0 #793

Conversation

dependabot bot commented on behalf of github Aug 22, 2022

v1.11.0

What's Changed

New Contributors

Thanks to all contributors!

v1.11.0

Enhancements

Bug Fixes

Documention

Others

Contributors

codecov-commenter commented Aug 22, 2022

Codecov Report