search

nicholasdille / docker-setup

Install, configure and update container tools
https://docker-setup.dille.io
MIT License
13 stars 2 forks source link

chore(deps): update dependency notaryproject/notation to v1 - autoclosed #7357

Closed nicholasdille-bot closed 1 year ago

nicholasdille-bot commented 1 year ago

This PR contains the following updates:

Package Update Change
notaryproject/notation major 0.7.1-alpha.1 -> 1.0.0

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

notaryproject/notation (notaryproject/notation) ### [`v1.0.0`](https://togithub.com/notaryproject/notation/releases/tag/v1.0.0) [Compare Source](https://togithub.com/notaryproject/notation/compare/v0.7.1-alpha.1-feat-kv-extensibility...v1.0.0) ### Notation CLI V1 `notation` is a CLI reference implementation of the [Notary Project Specifications `v1.0.0`](https://togithub.com/notaryproject/specifications/tree/v1.0.0) to sign and verify artifacts with signatures as standard items in the OCI registry ecosystem. After a long journey of development, `notation` has reached a notable milestone for its first stable release `v1.0.0`. πŸŽ‰πŸŽ‰πŸŽ‰ > \[!IMPORTANT] > Experimental features are intended for testing and evaluation purposes only and should not be used in production environments. Experimental features can be enabled by setting the environment variable `NOTATION_EXPERIMENTAL=1`. Release blog posts of previous RC versions can be found at [notaryproject.dev](https://notaryproject.dev/blog/). #### Key Features - Sign and verify artifacts as well as list and inspect signatures stored in OCI-compliant registries - Support [JWS](https://togithub.com/notaryproject/specifications/blob/v1.0.0/specs/signature-envelope-jws.md) and [COSE](https://togithub.com/notaryproject/specifications/blob/v1.0.0/specs/signature-envelope-cose.md) signature formats - Compliant with [`image-spec v1.0.2`](https://togithub.com/opencontainers/image-spec/tree/v1.0.2) - Compliant with [`distribution-spec v1.0.1`](https://togithub.com/opencontainers/distribution-spec/tree/v1.0.1) - Compatible with [`image-spec v1.1.0-rc4`](https://togithub.com/opencontainers/image-spec/tree/v1.1.0-rc4) - Compatible with [`distribution-spec v1.1.0-rc3`](https://togithub.com/opencontainers/distribution-spec/tree/v1.1.0-rc3) (limited to [referrers tag schema](https://togithub.com/opencontainers/distribution-spec/blob/v1.1.0-rc3/spec.md#referrers-tag-schema)) - Support signing and verification [plugins](https://togithub.com/notaryproject/specifications/blob/v1.0.0/specs/plugin-extensibility.md) - Support signing using Key Management System (KMS) - Support signing and verification with user-defined metadata - Support authentation to registries using [docker credential stores](https://docs.docker.com/engine/reference/commandline/login/#credential-stores) - Verify artifact using [trust policy and trust store](https://togithub.com/notaryproject/specifications/blob/v1.0.0/specs/trust-store-trust-policy.md) with fine-tuned configurations - Support certificate revocation via [OCSP](https://datatracker.ietf.org/doc/html/rfc6960) #### Experimental Features - Compliant with [`distribution-spec v1.1.0-rc1`](https://togithub.com/opencontainers/distribution-spec/releases/tag/v1.1.0-rc1) - Sign and verify artifacts as well as list signatures stored in [OCI image layout](https://togithub.com/opencontainers/image-spec/blob/v1.1.0-rc4/image-layout.md) #### Security Audit - [Security audit report in 2023](https://togithub.com/notaryproject/specifications/blob/v1.0.0/security/reports/audit/ADA-notation-security-audit-23.pdf) - [Fuzz testing audit in 2023](https://togithub.com/notaryproject/specifications/blob/v1.0.0/security/reports/fuzzing/ADA-fuzzing-audit-22-23.pdf) ### What's Changed Since RC.7 #### Bug Fixes - Fix [#​696](https://togithub.com/notaryproject/notation/issues/696): `desktop.exe` credential store is not supported in WSL - Fix [#​697](https://togithub.com/notaryproject/notation/issues/697): `notation login` fails to detect existing credentials for `docker.io` #### Other Changes - Minor security improvements ([#​746](https://togithub.com/notaryproject/notation/issues/746)) - Better code quality with more E2E tests cases - Better debug tracing - Dependency updates #### Detailed Commits - fix(test): E2E test cases for OCI layout by [@​JeyJeyGao](https://togithub.com/JeyJeyGao) in [https://github.com/notaryproject/notation/pull/692](https://togithub.com/notaryproject/notation/pull/692) - build(deps): Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/702](https://togithub.com/notaryproject/notation/pull/702) - fix: fix the issue with getting credentials for `docker.io` by [@​Wwwsylvia](https://togithub.com/Wwwsylvia) in [https://github.com/notaryproject/notation/pull/703](https://togithub.com/notaryproject/notation/pull/703) - build(deps): Bump github.com/notaryproject/notation-go from 1.0.0-rc.3 to 1.0.0-rc.6 in /test/e2e/plugin by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/710](https://togithub.com/notaryproject/notation/pull/710) - fix: Updating documentation with AWS Plugin support by [@​priteshbandi](https://togithub.com/priteshbandi) in [https://github.com/notaryproject/notation/pull/711](https://togithub.com/notaryproject/notation/pull/711) - fix: `login` and `logout` will leverage docker config and os default store by [@​Wwwsylvia](https://togithub.com/Wwwsylvia) in [https://github.com/notaryproject/notation/pull/712](https://togithub.com/notaryproject/notation/pull/712) - chore: update issue templates by [@​yizha1](https://togithub.com/yizha1) in [https://github.com/notaryproject/notation/pull/594](https://togithub.com/notaryproject/notation/pull/594) - bump: bump oras-credentials-go `v0.2.0` by [@​wangxiaoxuan273](https://togithub.com/wangxiaoxuan273) in [https://github.com/notaryproject/notation/pull/717](https://togithub.com/notaryproject/notation/pull/717) - build(deps): Bump golang.org/x/term from 0.8.0 to 0.9.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/716](https://togithub.com/notaryproject/notation/pull/716) - fix(e2e): update testdata OCI layout images by [@​JeyJeyGao](https://togithub.com/JeyJeyGao) in [https://github.com/notaryproject/notation/pull/727](https://togithub.com/notaryproject/notation/pull/727) - build(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/724](https://togithub.com/notaryproject/notation/pull/724) - \[StepSecurity] ci: Harden GitHub Actions for fixing Pinned-Dependencies by [@​step-security-bot](https://togithub.com/step-security-bot) in [https://github.com/notaryproject/notation/pull/731](https://togithub.com/notaryproject/notation/pull/731) - \[StepSecurity] ci: Harden GitHub Actions for fixing Token-Permissions by [@​step-security-bot](https://togithub.com/step-security-bot) in [https://github.com/notaryproject/notation/pull/730](https://togithub.com/notaryproject/notation/pull/730) - build(deps): Bump oras.land/oras-go/v2 from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/735](https://togithub.com/notaryproject/notation/pull/735) - chore: add license header to files and github action workflow to check license by [@​Two-Hearts](https://togithub.com/Two-Hearts) in [https://github.com/notaryproject/notation/pull/739](https://togithub.com/notaryproject/notation/pull/739) - build(deps): Bump golang.org/x/term from 0.9.0 to 0.10.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/734](https://togithub.com/notaryproject/notation/pull/734) - build(deps): Bump actions/checkout from 3.0.2 to 3.5.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/737](https://togithub.com/notaryproject/notation/pull/737) - build(deps): Bump actions/add-to-project from [`0da8e46`](https://togithub.com/notaryproject/notation/commit/0da8e46333d7b6e01d0e857452a1e99cb47be205) to [`edc057a`](https://togithub.com/notaryproject/notation/commit/edc057aef96b993afe5d68104418f68a536264aa) by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/745](https://togithub.com/notaryproject/notation/pull/745) - build(deps): Bump github/codeql-action from 2.20.1 to 2.20.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/742](https://togithub.com/notaryproject/notation/pull/742) - fix: unset NOTATION_USERNAME and NOTATION_PASSWORD to avoid leaking credentials to plugin by [@​JeyJeyGao](https://togithub.com/JeyJeyGao) in [https://github.com/notaryproject/notation/pull/746](https://togithub.com/notaryproject/notation/pull/746) - feat: add trace for executables by [@​wangxiaoxuan273](https://togithub.com/wangxiaoxuan273) in [https://github.com/notaryproject/notation/pull/744](https://togithub.com/notaryproject/notation/pull/744) - build(deps): Bump github.com/notaryproject/notation-core-go from 1.0.0-rc.4 to 1.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/752](https://togithub.com/notaryproject/notation/pull/752) - build(deps): Bump github/codeql-action from 2.20.4 to 2.21.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/notaryproject/notation/pull/751](https://togithub.com/notaryproject/notation/pull/751) - bump: upgrade notation-go to v1.0.0 by [@​shizhMSFT](https://togithub.com/shizhMSFT) in [https://github.com/notaryproject/notation/pull/754](https://togithub.com/notaryproject/notation/pull/754) - doc: update README to align with the new brand name by [@​FeynmanZhou](https://togithub.com/FeynmanZhou) in [https://github.com/notaryproject/notation/pull/750](https://togithub.com/notaryproject/notation/pull/750) - bump: tag and release v1.0.0 by [@​shizhMSFT](https://togithub.com/shizhMSFT) in [https://github.com/notaryproject/notation/pull/748](https://togithub.com/notaryproject/notation/pull/748) #### New Contributors - [@​wangxiaoxuan273](https://togithub.com/wangxiaoxuan273) made their first contribution in [https://github.com/notaryproject/notation/pull/717](https://togithub.com/notaryproject/notation/pull/717) - [@​step-security-bot](https://togithub.com/step-security-bot) made their first contribution in [https://github.com/notaryproject/notation/pull/731](https://togithub.com/notaryproject/notation/pull/731) **Full Changelog**: https://github.com/notaryproject/notation/compare/v1.0.0-rc.7...v1.0.0

Configuration

πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.