Skip to content

Releases: theupdateframework/go-tuf

v2.0.2

01 Oct 12:39
4eb06c8
Compare
Choose a tag to compare

What's Changed

  • Error in case the delegated role is missing from the snapshot by @rdimitrov in #652

Full Changelog: v2.0.1...v2.0.2

v2.0.1

30 Sep 12:59
6c47391
Compare
Choose a tag to compare

What's Changed

Security

Other

Full Changelog: v2.0.0...v2.0.1

v2.0.0

16 Jul 13:54
ecec5d3
Compare
Choose a tag to compare

Breaking changes

  • This is the first release of go-tuf v2 and it's a complete re-write indicated by the new major version.
  • We also decided to leave go-tuf as a library only.

What's Changed

  • chore: fixes the CI status badge and updates the README.md file by @rdimitrov in #569
  • chore(deps): bump securesystemslib from 0.30.0 to 0.31.0 by @dependabot in #570
  • docs: add Marvin Drees to the list of go-tuf maintainers by @rdimitrov in #571
  • chore(deps): bump actions/setup-python from 4.7.1 to 5.0.0 by @dependabot in #572
  • chore: enable grouping of minor and patch updates. by @kommendorkapten in #580
  • fix: update tests.yml bumping golangci-lint by @rdimitrov in #582
  • chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #573
  • chore(deps): bump github/codeql-action from 2 to 3 by @dependabot in #574
  • chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #575
  • chore(deps): bump golang.org/x/term from 0.15.0 to 0.16.0 by @dependabot in #577
  • chore(deps): bump the minor-patch group with 2 updates by @dependabot in #581
  • feat!: move rdimitrov/go-tuf-metadata to github.com/theupdateframework/go-tuf/v2 by @rdimitrov in #583
  • Update license from BSD-2-Clause to Apache-2.0 by @rdimitrov in #585
  • chore(deps): bump github.com/sigstore/sigstore from 1.8.0 to 1.8.1 by @dependabot in #584
  • Replace main with master in workflows by @kipz in #587
  • Do not pin to minor Go versions in go.mod by @rdimitrov in #588
  • Fixes for windows & enable in CI by @kipz in #586
  • Bring back SECURITY.md by @trishankatdatadog in #591
  • remove dependency on golang.org/x/exp by @mikedanese in #600
  • Refactor errors to use pointer receivers by @codysoyland in #602
  • move testutils under an ./internal/ directory by @mikedanese in #601
  • Enable macos and windows runners for examples.yml and tests.yml by @rdimitrov in #604
  • Do not run CI for all Go versions and use caching by @rdimitrov in #606
  • chore(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 by @dependabot in #610
  • Don't rename unless file is in same dir by @jonnystoten in #603
  • Use filepath.Join when combining filesystem components by @kommendorkapten in #611
  • Always use forward slash when splitting target names by @kommendorkapten in #612
  • chore(deps): bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 by @dependabot in #614
  • chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #615
  • chore(deps): use stdlib ed25519 instead of x by @MDr164 in #620
  • chore(deps): bump golang.org/x/crypto from 0.20.0 to 0.21.0 by @dependabot in #621
  • chore(ci): bump action hashes by @MDr164 in #618
  • chore(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @dependabot in #622
  • Silence govulncheck by @MDr164 in #619
  • feat: replace logrus in sim with slog by @MDr164 in #617
  • repository_simulator_setup.go: Use filepath.Join() instead of concatenation by @udf2457 in #624
  • Fixes README references from rdimitrov/go-tuf-metadata to theupdateframework/go-tuf by @rdimitrov in #626
  • fix: use SHA384 for ECDSA P384 by @mrjoelkamp in #629
  • chore(deps): bump github.com/sigstore/sigstore from 1.8.2 to 1.8.3 by @dependabot in #627
  • Remove nil error from being printed in "persist metadata" error message by @malancas in #633
  • fix: deep targets file path by @mrjoelkamp in #632
  • feat: add missing CODEOWNERS and MAINTAINERS file by @MDr164 in #635
  • Update MAINTAINERS by @trishankatdatadog in #636
  • chore(deps): bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 by @dependabot in #637
  • chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot in #640
  • fix: configurable temp file directory by @mrjoelkamp in #638
  • export API to set RefTime of Updater by @AdamKorcz in #641
  • Add the ability to customize the HTTP user agent by @steiza in #642
  • Increase the default value for MaxRootRotations by @kommendorkapten in #645

New Contributors

Full Changelog: v0.7.0...v2.0.0

v0.7.0

28 Nov 16:30
6ad7fe5
Compare
Choose a tag to compare

Changelog

Breaking

Hello,

As a continuation of #485, we are starting the process of deprecating the existing https://github.com/theupdateframework/go-tuf code base in favour of https://github.com/rdimitrov/go-tuf-metadata.

Reasoning:

  • The reasoning behind this is explained in #485, but essentially the new code base is much simpler, easier to work with and last but not least, easier to maintain and contribute to. The last two have been longstanding issues for go-tuf and we are looking forward to address them with this change.
  • Deep thank you to all of the people that helped shaping this effort!

Details:

  • This will not happen straight away!
  • We'll continue to support this version in a separate branch(v0.7.0) until the migration process is considered as completed.
  • We advise all users to pin their dependencies of go-tuf to a certain release version (in case they haven't already) so they don't experience any inconveniences.
  • We'll continue to use the https://github.com/theupdateframework/go-tuf repository, but its content will be updated to accommodate the changes. We'll start introducing the go-tuf-metadata code base to the master branch of go-tuf, so technically there will be times where the master branch might be considered unstable (which is a general practice).
  • Even though go-tuf is pre-v1.0.0 and technically there are no API commitments to be followed, we won't release a v1.0.0 either with the new code base until it is well tested and we are sure of its stability.

Apologies for the disruption and thank you in advance for the understanding!

Yours,
The go-tuf maintainers team.


Features

Bug fixes

Others

v0.6.1

11 Aug 11:27
ca0c316
Compare
Choose a tag to compare

Changelog

Bug fixes

Others

v0.6.0

21 Jul 08:18
9774d79
Compare
Choose a tag to compare

Changelog

Breaking changes

Features

Bug fixes

Others

v0.5.2

24 Jan 16:30
91c85a0
Compare
Choose a tag to compare

Changelog

Features

Bug fixes

Others

v0.5.1

21 Sep 20:44
7f9beab
Compare
Choose a tag to compare

Changelog

Features

Bug fixes

Others

v0.5.0

07 Sep 21:03
61872a3
Compare
Choose a tag to compare

Changelog

Features

v0.3.2

07 Sep 16:09
b6695e4
Compare
Choose a tag to compare

Changelog

Bug fixes

  • b6695e4: fix(verify): backport "Fix a vulnerability in the verification of threshold si… (#375) (@znewman01)