search

sigstore / cosign-gatekeeper-provider

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Apache License 2.0
75 stars 23 forks source link

Bump github.com/sigstore/rekor from 1.0.1 to 1.1.0 #50

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/sigstore/rekor from 1.0.1 to 1.1.0.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.1.0

Functional Enhancements

  • improve validation on intoto v0.0.2 type (#1351)
  • add feature to limit HTTP request body length to process (#1334)
  • add information about the file size limit (#1313)
  • Add script to backfill Redis from Rekor (#1163)
  • Feature: add search support for sha512 (#1142)

Quality Enhancements

  • fuzzing: refactor OSS-Fuzz build script (#1377)
  • Update cloudbuild for cosign 2.0 (#1375)
  • Tests - Additional sharding tests (#1180)
  • jar type: add fuzzer for 3rd-party dep (#1360)
  • update cosign to 2.0.0 and builder image and also cosign flags (#1368)
  • fuzzing: move alpine utils to fuzz utils (#1335)
  • fuzzing: add seed for alpine fuzzer (#1342)
  • jar: add v001 fuzzer (#1327)
  • fuzzing: open writer later in fuzz utils (#1326)
  • fuzzing: remove tar operations in alpine fuzzer (#1322)
  • alpine: add v001 fuzzer (#1316)
  • hashedrekord: add v001 fuzzer (#1315)
  • fuzzing: add call to IndexKeys in multiple fuzzers (#1302)
  • fuzzing: improve cose fuzzer (#1300)
  • fuzzing: improve fuzz utils (#1298)
  • fuzzing: improve alpine fuzzer (#1273)
  • fuzzing: go mod edit go-fuzz-headers (#1272)
  • fuzzing: add .options file (#1271)
  • fuzzing: build helm fuzzer from correct dir (#1264)
  • types: refactor multiple fuzzers (#1258)
  • helm: add fuzzer for provenance unmarshalling (#1243)
  • pki: add fuzzer (#1256)
  • Fuzzing: Add more bug detectors (#1253)
  • Refactor e2e - part 5 (#1236)
  • Removed unused tool/deps (#1244)
  • Fixed the invalid path (#1245)
  • Run latest fuzzers in OSS-Fuzz (#1221)
  • Fuzz tests - hashedrekord (#1224)
  • Update builder (#1228)
  • Revamping rekor e2e - part 4 of N (#1218)
  • types: add fuzzers (#1225)
  • jar type: add fuzzer (#1215)
  • Revamping rekor e2e - part 3 of N (#1177)
  • modify OSS-Fuzz build script (#1214)
  • move over oss-fuzz build script (#1204)
  • wrap redis client errors to aid debugging (#1176)
  • don't test release candidate builds in harness (#1183)
  • types/alpine: add fuzzer (#1200)
  • logging tweaks to improve usability (#1235)
  • Add backfill-redis to the release artifacts (#1174)

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.1.0

Functional Enhancements

  • improve validation on intoto v0.0.2 type (#1351)
  • add feature to limit HTTP request body length to process (#1334)
  • add information about the file size limit (#1313)
  • Add script to backfill Redis from Rekor (#1163)
  • Feature: add search support for sha512 (#1142)

Quality Enhancements

  • fuzzing: refactor OSS-Fuzz build script (#1377)
  • Update cloudbuild for cosign 2.0 (#1375)
  • Tests - Additional sharding tests (#1180)
  • jar type: add fuzzer for 3rd-party dep (#1360)
  • update cosign to 2.0.0 and builder image and also cosign flags (#1368)
  • fuzzing: move alpine utils to fuzz utils (#1335)
  • fuzzing: add seed for alpine fuzzer (#1342)
  • jar: add v001 fuzzer (#1327)
  • fuzzing: open writer later in fuzz utils (#1326)
  • fuzzing: remove tar operations in alpine fuzzer (#1322)
  • alpine: add v001 fuzzer (#1316)
  • hashedrekord: add v001 fuzzer (#1315)
  • fuzzing: add call to IndexKeys in multiple fuzzers (#1302)
  • fuzzing: improve cose fuzzer (#1300)
  • fuzzing: improve fuzz utils (#1298)
  • fuzzing: improve alpine fuzzer (#1273)
  • fuzzing: go mod edit go-fuzz-headers (#1272)
  • fuzzing: add .options file (#1271)
  • fuzzing: build helm fuzzer from correct dir (#1264)
  • types: refactor multiple fuzzers (#1258)
  • helm: add fuzzer for provenance unmarshalling (#1243)
  • pki: add fuzzer (#1256)
  • Fuzzing: Add more bug detectors (#1253)
  • Refactor e2e - part 5 (#1236)
  • Removed unused tool/deps (#1244)
  • Fixed the invalid path (#1245)
  • Run latest fuzzers in OSS-Fuzz (#1221)
  • Fuzz tests - hashedrekord (#1224)
  • Update builder (#1228)
  • Revamping rekor e2e - part 4 of N (#1218)
  • types: add fuzzers (#1225)
  • jar type: add fuzzer (#1215)
  • Revamping rekor e2e - part 3 of N (#1177)
  • modify OSS-Fuzz build script (#1214)
  • move over oss-fuzz build script (#1204)
  • wrap redis client errors to aid debugging (#1176)
  • don't test release candidate builds in harness (#1183)
  • types/alpine: add fuzzer (#1200)
  • logging tweaks to improve usability (#1235)
  • Add backfill-redis to the release artifacts (#1174)

... (truncated)

Commits
  • 4a65926 update CHANGELOG for v1.1.0 (#1409)
  • 01a2321 remove goroutine usage from SearchLogQuery (#1407)
  • abf7cee drop log messages regarding attestation storage to debug (#1408)
  • 924d5b1 build(deps): bump golang from 1724dc3 to f709934 (#1402)
  • 3f3f4a3 build(deps): bump github/codeql-action from 2.2.8 to 2.2.9 (#1403)
  • ed4fc16 build(deps): bump github.com/go-openapi/strfmt from 0.21.5 to 0.21.7 (#1404)
  • 14e3c4b build(deps): bump golang from 80950aa to 1724dc3 (#1400)
  • a88f219 build(deps): bump go.step.sm/crypto from 0.27.0 to 0.28.0 (#1401)
  • e72e127 build(deps): bump golang from 5990c4f to 80950aa (#1397)
  • 607e029 build(deps): bump actions/checkout from 3.4.0 to 3.5.0 (#1398)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #58.