sigstore/cosign (sigstore/cosign)
### [`v2.2.4`](https://togithub.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v224)
[Compare Source](https://togithub.com/sigstore/cosign/compare/v2.2.3...v2.2.4)
#### Bug Fixes
- Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv ([#3661](https://togithub.com/sigstore/cosign/issues/3661))
- ErrNoSignaturesFound should be used when there is no signature attached to an image. ([#3526](https://togithub.com/sigstore/cosign/issues/3526))
- fix semgrep issues for dgryski.semgrep-go ruleset ([#3541](https://togithub.com/sigstore/cosign/issues/3541))
- Honor creation timestamp for signatures again ([#3549](https://togithub.com/sigstore/cosign/issues/3549))
#### Features
- Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly ([#3578](https://togithub.com/sigstore/cosign/issues/3578))
#### Documentation
- add oci bundle spec ([#3622](https://togithub.com/sigstore/cosign/issues/3622))
- Correct help text of triangulate cmd ([#3551](https://togithub.com/sigstore/cosign/issues/3551))
- Correct help text of verify-attestation policy argument ([#3527](https://togithub.com/sigstore/cosign/issues/3527))
- feat: add OVHcloud MPR registry tested with cosign ([#3639](https://togithub.com/sigstore/cosign/issues/3639))
#### Testing
- Refactor e2e-tests.yml workflow ([#3627](https://togithub.com/sigstore/cosign/issues/3627))
- Clean up and clarify e2e scripts ([#3628](https://togithub.com/sigstore/cosign/issues/3628))
- Don't ignore transparency log in tests if possible ([#3528](https://togithub.com/sigstore/cosign/issues/3528))
- Make E2E tests hermetic ([#3499](https://togithub.com/sigstore/cosign/issues/3499))
- add e2e test for pkcs11 token signing ([#3495](https://togithub.com/sigstore/cosign/issues/3495))
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v2.2.3
->v2.2.4
Release Notes
sigstore/cosign (sigstore/cosign)
### [`v2.2.4`](https://togithub.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v224) [Compare Source](https://togithub.com/sigstore/cosign/compare/v2.2.3...v2.2.4) #### Bug Fixes - Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv ([#3661](https://togithub.com/sigstore/cosign/issues/3661)) - ErrNoSignaturesFound should be used when there is no signature attached to an image. ([#3526](https://togithub.com/sigstore/cosign/issues/3526)) - fix semgrep issues for dgryski.semgrep-go ruleset ([#3541](https://togithub.com/sigstore/cosign/issues/3541)) - Honor creation timestamp for signatures again ([#3549](https://togithub.com/sigstore/cosign/issues/3549)) #### Features - Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly ([#3578](https://togithub.com/sigstore/cosign/issues/3578)) #### Documentation - add oci bundle spec ([#3622](https://togithub.com/sigstore/cosign/issues/3622)) - Correct help text of triangulate cmd ([#3551](https://togithub.com/sigstore/cosign/issues/3551)) - Correct help text of verify-attestation policy argument ([#3527](https://togithub.com/sigstore/cosign/issues/3527)) - feat: add OVHcloud MPR registry tested with cosign ([#3639](https://togithub.com/sigstore/cosign/issues/3639)) #### Testing - Refactor e2e-tests.yml workflow ([#3627](https://togithub.com/sigstore/cosign/issues/3627)) - Clean up and clarify e2e scripts ([#3628](https://togithub.com/sigstore/cosign/issues/3628)) - Don't ignore transparency log in tests if possible ([#3528](https://togithub.com/sigstore/cosign/issues/3528)) - Make E2E tests hermetic ([#3499](https://togithub.com/sigstore/cosign/issues/3499)) - add e2e test for pkcs11 token signing ([#3495](https://togithub.com/sigstore/cosign/issues/3495))Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.