search

chainguard-dev / vex

vexctl is a tool to attest VEX impact statements
Apache License 2.0
44 stars 12 forks source link

Bump github.com/sigstore/cosign from 1.13.0 to 1.13.1 #23

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps github.com/sigstore/cosign from 1.13.0 to 1.13.1.

Release notes

Sourced from github.com/sigstore/cosign's releases.

v1.13.1

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/cosign/compare/v1.13.0...v1.13.1

Changelog

Sourced from github.com/sigstore/cosign's changelog.

v1.13.1

Enhancements

  • verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341)
  • Add verify-blob-attestation command and tests (#2337)
  • Add --output-attestation flag to attest-blob and remove experimental signing (#2332)
  • Add attest-blob command (#2286)
  • Add '--cert-identity' flag to support subject alternate names for ver… (#2278)
  • Update Dockerfile section of README (#2323)

Bug Fixes

  • Update warning when users sign images by tag. (#2313)

Others

  • Remove experimental flags from attest-blob and refactor (#2338)

Contributors

  • Alex Cameron
  • Ville Aikas
  • Zack Newman
  • asraa
  • kpk47
  • priyawadhwa
Commits
  • d1c6336 Add CHANGELOG for v1.13.1 (#2349)
  • e79cb5c chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#2326)
  • eba132f chore(deps): bump github.com/go-openapi/runtime from 0.24.1 to 0.24.2 (#2347)
  • 2860144 chore(deps): bump google.golang.org/api from 0.98.0 to 0.99.0 (#2348)
  • ef9cf9d chore(deps): bump google-github-actions/setup-gcloud from 0.6.1 to 0.6.2 (#2344)
  • fc83e43 chore(deps): bump google-github-actions/auth from 0.8.2 to 0.8.3 (#2343)
  • e652561 chore(deps): bump google-github-actions/setup-gcloud from 0.6.0 to 0.6.1 (#2340)
  • d637a3b verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341)
  • a7ad7e7 Nits for #2337 (#2342)
  • 797033c Add verify-blob-attestation command and tests (#2337)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

The following labels could not be found: kind/other, release-note-none.