search

sigstore / cosign-gatekeeper-provider

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Apache License 2.0
75 stars 23 forks source link

Bump github.com/sigstore/rekor from 1.0.1 to 1.3.4 #77

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 8 months ago

Bumps github.com/sigstore/rekor from 1.0.1 to 1.3.4.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.3.4

Changelog

  • 5072901 changelog for v1.3.4 (#1868)
  • 9e37c19 fix: Do not check for pubsub.topics.get on initialization (#1853)
  • fb05e16 Update ranges.go (#1852)
  • a7501a6 update indexstorage interface to reduce roundtrips (#1838)
  • 212ebff add functional options for mysql implementation
  • a9de214 s/uuids/uuid
  • 014cfb1 add mysql indexstorage backend
  • 0394bf7 add s3 storage for attestations
  • 29220fb update builder image to use go1.21.4 and bump golangci-lint to v1.55.x (#1851)
  • ff9c3b9 fix optional field in cose schema
  • c3ffda6 use a single validator library in rekor-cli (#1818)
  • b681a14 Remove go-playground/validator dependency from pkg/pki (#1817)

Thanks for all contributors!

New Contributors

Full Changelog: https://github.com/sigstore/rekor/compare/v1.3.3...v1.3.4

v1.3.3

Changelog

  • 12d546c Update signer flag description (#1804)
  • 16e2323 update trillian to 1.5.3 (#1803)
  • 9f49d7b adds redis_auth (#1627)
  • b719942 Add method to get artifact hash for an entry (#1777)
  • 05cca49 make e2e tests more usable with docker-compose (#1770)
  • 6f96ee3 install go at correct version for codeql (#1762)

Thanks for all contributors!

What's Changed

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.3.4

New Features

  • add mysql indexstorage backend
  • add s3 storage for attestations

Bug Fixes

  • fix: Do not check for pubsub.topics.get on initialization (#1853)
  • fix optional field in cose schema

Quality Enhancements

  • Update ranges.go (#1852)
  • update indexstorage interface to reduce roundtrips (#1838)
  • use a single validator library in rekor-cli (#1818)
  • Remove go-playground/validator dependency from pkg/pki (#1817)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Hayden B
  • James Alseth
  • Kenny Leung
  • Noah Kreiger
  • Zach Steindler

v1.3.3

New Features

  • update trillian to 1.5.3 (#1803)
  • adds redis_auth (#1627)
  • Add method to get artifact hash for an entry (#1777)

Bug Fixes

  • Update signer flag description (#1804)
  • install go at correct version for codeql (#1762)

Quality Enhancements

  • make e2e tests more usable with docker-compose (#1770)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Hayden B
  • ian hundere
  • Kenny Leung

v1.3.2

  • move to go 1.21.3 to pick up fixes for CVE-2023-39325

... (truncated)

Commits
  • 5072901 changelog for v1.3.4 (#1868)
  • 9e37c19 fix: Do not check for pubsub.topics.get on initialization (#1853)
  • 1ffdfd8 build(deps): Bump github.com/go-openapi/validate from 0.22.2 to 0.22.3 (#1867)
  • ffb14b5 build(deps): Bump github.com/go-openapi/spec from 0.20.9 to 0.20.11 (#1866)
  • 36bf57b build(deps): Bump google/cloud-sdk from d87dbc0 to 824ae11 (#1865)
  • 6faec1c build(deps): Bump google/cloud-sdk from d91626c to d87dbc0
  • d946bc4 build(deps): Bump google/cloud-sdk from 026a0bd to d91626c
  • c2a67f4 build(deps): Bump github.com/theupdateframework/go-tuf
  • fdf809c build(deps): Bump go.step.sm/crypto from 0.37.0 to 0.38.0
  • 7a44a11 build(deps): Bump google-github-actions/auth from 1.2.0 to 2.0.0
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 7 months ago

Superseded by #84.