search

sigstore / cosign-gatekeeper-provider

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Apache License 2.0
75 stars 23 forks source link

Bump github.com/sigstore/rekor from 1.0.1 to 1.3.5 #84

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 7 months ago

Bumps github.com/sigstore/rekor from 1.0.1 to 1.3.5.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.3.5

Changelog

  • 488eb97 v1.3.5 changelog (#1987)
  • 19cd558 output trace in slog and override correlation header name (#1986)
  • a0453d5 give log timestamps nanosecond precision (#1985)
  • 907f2b5 bump trillian images to v1.6.0 (#1984)
  • 134ef83 remove trillian images from release process (#1983)
  • 9865ca9 Added support for sha384/sha512 hash algorithms in hashedrekords (#1959)
  • fc28ac1 Change Redis value for locking mechanism (#1957)
  • fa9ab50 Bump sigstore/sigstore version, fix deprecated func (#1936)
  • 6020532 Fix panic for DSSE canonicalization (#1923)
  • fe04993 Drop conditional when verifying entry checkpoint (#1917)
  • a6c25cc Remove timestamp from checkpoint (#1888)
  • 64ab435 Additional unique index correction (#1885)

Thanks for all contributors!

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/rekor/compare/v1.3.4...v1.3.5

v1.3.4

Changelog

  • 5072901 changelog for v1.3.4 (#1868)
  • 9e37c19 fix: Do not check for pubsub.topics.get on initialization (#1853)
  • fb05e16 Update ranges.go (#1852)
  • a7501a6 update indexstorage interface to reduce roundtrips (#1838)
  • 212ebff add functional options for mysql implementation
  • a9de214 s/uuids/uuid
  • 014cfb1 add mysql indexstorage backend
  • 0394bf7 add s3 storage for attestations
  • 29220fb update builder image to use go1.21.4 and bump golangci-lint to v1.55.x (#1851)
  • ff9c3b9 fix optional field in cose schema
  • c3ffda6 use a single validator library in rekor-cli (#1818)
  • b681a14 Remove go-playground/validator dependency from pkg/pki (#1817)

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.3.5

New Features

  • output trace in slog and override correlation header name (#1986)
  • give log timestamps nanosecond precision (#1985)
  • Added support for sha384/sha512 hash algorithms in hashedrekords (#1959)
  • Change Redis value for locking mechanism (#1957)

Bug Fixes

  • Fix panic for DSSE canonicalization (#1923)
  • Drop conditional when verifying entry checkpoint (#1917)
  • Remove timestamp from checkpoint (#1888)
  • Additional unique index correction (#1885)

Quality Enhancements

  • bump trillian images to v1.6.0 (#1984)
  • remove trillian images from release process (#1983)
  • update builder to use go1.21

Contributors

  • Andrew Block
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Hayden Blauzvern
  • Riccardo Schirone

v1.3.4

New Features

  • add mysql indexstorage backend
  • add s3 storage for attestations

Bug Fixes

  • fix: Do not check for pubsub.topics.get on initialization (#1853)
  • fix optional field in cose schema

Quality Enhancements

  • Update ranges.go (#1852)
  • update indexstorage interface to reduce roundtrips (#1838)
  • use a single validator library in rekor-cli (#1818)
  • Remove go-playground/validator dependency from pkg/pki (#1817)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Hayden B
  • James Alseth
  • Kenny Leung
  • Noah Kreiger
  • Zach Steindler

... (truncated)

Commits
  • 488eb97 v1.3.5 changelog (#1987)
  • 19cd558 output trace in slog and override correlation header name (#1986)
  • a0453d5 give log timestamps nanosecond precision (#1985)
  • 907f2b5 bump trillian images to v1.6.0 (#1984)
  • 134ef83 remove trillian images from release process (#1983)
  • 63aa08f build(deps): Bump google.golang.org/api from 0.157.0 to 0.159.0
  • 8ca4eba build(deps): Bump google/cloud-sdk from 460.0.0 to 461.0.0
  • 14608f3 build(deps): Bump google.golang.org/grpc from 1.60.1 to 1.61.0
  • 2b14bf9 build(deps): Bump golang from 5f5d61d to 76aadd9
  • 74311c7 build(deps): Bump cloud.google.com/go/pubsub from 1.34.0 to 1.36.0
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 5 months ago

Superseded by #92.