- Jun 09, 2022
-
-
dependabot[bot] authored
* Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/536b37ec5d5b543420bdfd9b744c5965bd4d8730...7e0881f8fe90b25e305bbf0309761e9314607e25 ) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> * updatge version comment Signed-off-by:
cpanato <ctadeu@gmail.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
cpanato <ctadeu@gmail.com>
-
Carlos Tadeu Panato Junior authored
Signed-off-by:
cpanato <ctadeu@gmail.com>
-
- Jun 07, 2022
-
-
priyawadhwa authored
* Print total tree size, including inactive shards Signed-off-by:
Priya Wadhwa <priya@chainguard.dev> * Rename TreeSize to ActiveTreeSize Signed-off-by:
Priya Wadhwa <priya@chainguard.dev>
-
- Jun 06, 2022
-
-
priyawadhwa authored
* Allow retrieving entryIDs or UUIDs Fixes a bug where only 64 char UUIDs were allowed. Also adds in an integration test. Signed-off-by:
Priya Wadhwa <priya@chainguard.dev> * Confirm there are two entries returned in sharding e2e test Signed-off-by:
Priya Wadhwa <priya@chainguard.dev> * Fix regex Signed-off-by:
Priya Wadhwa <priya@chainguard.dev> * Code review comments Signed-off-by:
Priya Wadhwa <priya@chainguard.dev>
-
dependabot[bot] authored
* Bump github.com/spf13/viper from 1.11.0 to 1.12.0 Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.11.0...v1.12.0 ) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> * update cloud.google.com/go/storage / cloud.google.com/go/iam Signed-off-by:
cpanato <ctadeu@gmail.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
cpanato <ctadeu@gmail.com>
-
dependabot[bot] authored
Bumps [github.com/go-openapi/validate](https://github.com/go-openapi/validate) from 0.21.0 to 0.22.0. - [Release notes](https://github.com/go-openapi/validate/releases) - [Commits](https://github.com/go-openapi/validate/compare/v0.21.0...v0.22.0 ) --- updated-dependencies: - dependency-name: github.com/go-openapi/validate dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- Jun 04, 2022
-
-
Hayden B authored
ED25519 signatures are not supported with the hashedrekord type, though they are supported with rekord. The reason is that ED25519 computes the digest as part of its algorithm, so the original artifact is needed to verify a signature. The previous error message was very unclear, complaining about a nil message. Signed-off-by:
Hayden Blauzvern <hblauzvern@google.com>
-
- Jun 03, 2022
-
-
Carlos Tadeu Panato Junior authored
Signed-off-by:
cpanato <ctadeu@gmail.com>
-
Carlos Tadeu Panato Junior authored
Signed-off-by:
cpanato <ctadeu@gmail.com>
-
- Jun 02, 2022
-
-
dependabot[bot] authored
* Bump github/codeql-action from 2.1.11 to 2.1.12 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/a3a6c128d771b6b9bdebb1c9d0583ebd2728a108...27ea8f8fe5977c00f5b37e076ab846c5bd783b96 ) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> * update version comment Signed-off-by:
cpanato <ctadeu@gmail.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
cpanato <ctadeu@gmail.com>
-
dependabot[bot] authored
* Bump ossf/scorecard-action from 1.1.0 to 1.1.1 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/5c8bc69dc88b65c66584e07611df79d3579b0377...3e15ea8318eee9b333819ec77a36aca8d39df13e ) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> * update version comment Signed-off-by:
cpanato <ctadeu@gmail.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
cpanato <ctadeu@gmail.com>
-
- Jun 01, 2022
-
-
dependabot[bot] authored
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.2 to 1.47.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.46.2...v1.47.0 ) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) from 0.3.1 to 0.4.0. - [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases) - [Commits](https://github.com/secure-systems-lab/go-securesystemslib/compare/v0.3.1...v0.4.0 ) --- updated-dependencies: - dependency-name: github.com/secure-systems-lab/go-securesystemslib dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- May 31, 2022
-
-
priyawadhwa authored
This way the e2e tests can be run again production to make sure it's running as expected. This will be useful for the upcoming cluster migration. Signed-off-by:
Priya Wadhwa <priya@chainguard.dev>
-
dependabot[bot] authored
Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.66.5 to 1.66.6. - [Release notes](https://github.com/go-ini/ini/releases) - [Commits](https://github.com/go-ini/ini/compare/v1.66.5...v1.66.6 ) --- updated-dependencies: - dependency-name: gopkg.in/ini.v1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dhaus67 authored
* Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. Signed-off-by:
Daniel Haus <dhaus@redhat.com> * Fix build issue. Signed-off-by:
Daniel Haus <dhaus@redhat.com>
-
- May 30, 2022
-
-
dependabot[bot] authored
Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.66.4 to 1.66.5. - [Release notes](https://github.com/go-ini/ini/releases) - [Commits](https://github.com/go-ini/ini/compare/v1.66.4...v1.66.5 ) --- updated-dependencies: - dependency-name: gopkg.in/ini.v1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- May 27, 2022
-
-
Carlos Tadeu Panato Junior authored
* add changelog for 0.7.0 release Signed-off-by:
cpanato <ctadeu@gmail.com> * update changelog Signed-off-by:
cpanato <ctadeu@gmail.com>
-
- May 26, 2022
-
-
dependabot[bot] authored
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/fcdc43634adb5f7ae75a9d7a9b9361790f7293e2...b22fbbc2921299758641fab08929b4ac52b32923 ) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/c1aec4ac820532bab364f02a81873c555a0ba3a1...5c8bc69dc88b65c66584e07611df79d3579b0377 ) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- May 24, 2022
-
-
Bob Callaway authored
* store attestations by digest instead of by UUID Signed-off-by:
Bob Callaway <bcallaway@google.com> * fix typo Signed-off-by:
Bob Callaway <bcallaway@google.com> * remove github.com/pkg/errors Signed-off-by:
Bob Callaway <bcallaway@google.com>
-
dependabot[bot] authored
* Bump google-github-actions/auth from 0.7.3 to 0.8.0 Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.3 to 0.8.0. - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/81012c2689e66f7f020ed6d8ab43596a0f8b503a...ceee102ec2387dd9e844e01b530ccd4ec87ce955 ) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> * update version comment Signed-off-by:
cpanato <ctadeu@gmail.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
cpanato <ctadeu@gmail.com>
-
dependabot[bot] authored
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/39e692fa323107ef86d8fdac0067ce647f239bd7...a9c83d3af6b9031e20feba03b904645bb23d1dab ) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- May 23, 2022
-
-
dependabot[bot] authored
* Bump goreleaser/goreleaser-action from 2.9.1 to 3 Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.9.1 to 3. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/b953231f81b8dfd023c58e0854a721e35037f28b...68acf3b1adf004ac9c2f0a4259e85c5f66e99bef ) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by:
dependabot[bot] <support@github.com> * update version comment Signed-off-by:
cpanato <ctadeu@gmail.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
cpanato <ctadeu@gmail.com>
-
dependabot[bot] authored
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/6673cd052c4cd6fcf4b4e6e60ea986c889389535...3cea5372237819ed00197afe530f5a7ea3e805c8 ) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- May 20, 2022
-
-
Koichi Shiraishi authored
* all: remove dependency on deprecated github.com/pkg/errors $ pkgerrors -fix ./... $ goimports -w . Signed-off-by:
Koichi Shiraishi <zchee.io@gmail.com> * all: fix missing convert Signed-off-by:
Koichi Shiraishi <zchee.io@gmail.com> * pkg/types/hashedrekord: fix lint sugggestion Signed-off-by:
Koichi Shiraishi <zchee.io@gmail.com> * go.mod: go mod tidy Signed-off-by:
Koichi Shiraishi <zchee.io@gmail.com> * pkg/types/hashedrekord: fix unconverted by pkgerrors Signed-off-by:
Koichi Shiraishi <zchee.io@gmail.com>
-
- May 19, 2022
-
-
Hayden B authored
Accidentally deleted in previous PR Signed-off-by:
Hayden Blauzvern <hblauzvern@google.com>
-
dependabot[bot] authored
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.2 to 0.7.3. - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/dafc92490a98acbdec38e6eb649f05d55e632447...81012c2689e66f7f020ed6d8ab43596a0f8b503a ) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Hayden B authored
See #812 for more discussion. Signed-off-by:
Hayden Blauzvern <hblauzvern@google.com>
-
- May 17, 2022
-
-
dependabot[bot] authored
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.10 to 2.1.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2f58583a1b24a7d3c7034f6bf9fa506d23b1183b...a3a6c128d771b6b9bdebb1c9d0583ebd2728a108 ) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.1 to 0.7.2. - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/b258a9f230b36c9fa86dfaa43d1906bd76399edb...dafc92490a98acbdec38e6eb649f05d55e632447 ) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- May 16, 2022
-
-
dependabot[bot] authored
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.0 to 1.46.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.46.0...v1.46.2 ) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- May 13, 2022
-
-
dependabot[bot] authored
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1. This release includes the previously tagged commit. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/3f943b86c9a289f4e632c632695e2e0898d9d67d...39e692fa323107ef86d8fdac0067ce647f239bd7 ) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/9ac08808f993958e9de277fe43a64532a609130e...7a5c598405937d486b0331594b5da2b14db670da ) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Hayden B authored
This closes a vector for denial of service. Signed-off-by:
Hayden Blauzvern <hblauzvern@google.com>
-
dependabot[bot] authored
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/v1.12.2/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2 ) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- May 12, 2022
-
-
Carlos Tadeu Panato Junior authored
Signed-off-by:
cpanato <ctadeu@gmail.com>
-
dependabot[bot] authored
Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/google/trillian/releases) - [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/trillian/compare/v1.4.0...v1.4.1 ) --- updated-dependencies: - dependency-name: github.com/google/trillian dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/google/trillian/releases) - [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/trillian/compare/v1.4.0...v1.4.1 ) --- updated-dependencies: - dependency-name: github.com/google/trillian dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
* Bump actions/setup-go from 3.0.0 to 3.1.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/f6164bd8c8acb4a71fb2791a8b6c4024ff038dab...fcdc43634adb5f7ae75a9d7a9b9361790f7293e2 ) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com> * update version comments Signed-off-by:
cpanato <ctadeu@gmail.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by:
cpanato <ctadeu@gmail.com>
-