Releases: in-toto/witness
Releases · in-toto/witness
v0.2.2-beta-1
Changelog
Bug fixes
- 0af9128: fix: update to go-witness with vault fix (@mikhailswift)
Others
- 46b168d: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
- 34563ab: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
- b8f36d6: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
- ea67d31: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
- 88881fa: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
- 2c590bb: Update go-git to resolve vulnerability (#346) (@jkjell)
- 617e15a: chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#349) (@dependabot[bot])
- b9e38d5: Add FOSSA license scanning (@jkjell)
- 494d44a: Add Security MD files an add FOSSA scan badge (@jkjell)
- 93768db: Pin dependencies and restrict permissions (@jkjell)
- 15d9014: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
- abce18b: Add cosign install (@jkjell)
- f2e2a6f: Update cloudflare/circl due to dependabot failure (#352) (@jkjell)
- d2471e6: chore: bump actions/cache from 3.3.2 to 3.3.3 (#355) (@dependabot[bot])
- 70e0b09: chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356) (@dependabot[bot])
- 63cc5d8: chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357) (@dependabot[bot])
- 83ca942: chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358) (@dependabot[bot])
- 1a9b5a2: Initial attempt at PR and Issue templates (#351) (@jkjell)
- 06031da: Checking attestors for duplicates (#361) (@ChaosInTheCRD)
- 272e492: chore: bump actions/cache from 3.3.3 to 4.0.0 (#364) (@dependabot[bot])
- 55418b5: chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363) (@dependabot[bot])
- 9247c81: chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365) (@dependabot[bot])
- 2b872a3: chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366) (@dependabot[bot])
- b90f41b: README and docs restructure (#362) (@ChaosInTheCRD)
- df179e2: Fixing mistakes in the readme (#368) (@ChaosInTheCRD)
- 1bbd0e8: Updating timestamper (#367) (@ChaosInTheCRD)
- cd18d5e: chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369) (@dependabot[bot])
- 58d5516: chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370) (@dependabot[bot])
- dfd64fe: Updated witness to use changes made to
cryptoutil.DigestValueimplemented in go-witness (#371) (@ChaosInTheCRD) - 0e7dda9: Add back license scanning badge (#377) (@jkjell)
Contributors
jkjell, mikhailswift, and 2 other contributors
Assets 18
v0.2.1-beta-1
v0.2.1-beta-1
This tag was signed with the committer’s verified signature.
jkjell
John Kjell
Changelog
Others
- 46b168d: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
- 34563ab: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
- b8f36d6: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
- ea67d31: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
- 88881fa: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
- 2c590bb: Update go-git to resolve vulnerability (#346) (@jkjell)
- ba89120: Add FOSSA license scanning (@jkjell)
- b07cb38: Add Security MD files an add FOSSA scan badge (@jkjell)
- 1f7dd69: Pin dependencies and restrict permissions (@jkjell)
- 6d4eae8: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
- 7aada2e: Add cosign install (@jkjell)
Contributors
jkjell and dependabot
Assets 18
v0.2.0-beta-report-005
v0.2.0
v0.2.0
This tag was signed with the committer’s verified signature.
ChaosInTheCRD
Tom Meadows
Changelog
⚠️ Warning ⚠️
go modules have been renamed from github.com/testifysec/witness => github.com/in-toto/witness
Features
Bug fixes
- be20100: fix: dev/Dockerfile.go-builder to reduce vulnerabilities (@snyk-bot)
- 8e9d798: fix: dev/Dockerfile.go-builder to reduce vulnerabilities (@snyk-bot)
- 2219a76: fix: updating urls to
in-totofromtestifysecand-Lto the curl for version (#297) (@lmco-seth)
Documentation
- edef808: docs: Update key to signer-file-key-path in getting starter .witness.yaml (@blhagadorn)
- 8dde14c: docs: correct sign policy file command in README.md (@shenxianpeng)
Others
- 27f68b9: chore(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 (@dependabot[bot])
- 602dc48: chore(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3 (@dependabot[bot])
- 5beb113: Add maintainers file (@jkjell)
- b3d7207: Add dependabot config and add reusable workflow for calling witness (#298) (@jkjell)
- 21cb944: chore: bump docker/login-action from 2 to 3 (#299) (@dependabot[bot])
- 9380cbe: chore: bump github/codeql-action from 1.0.26 to 2.22.6 (#300) (@dependabot[bot])
- 1880baa: chore: bump ossf/scorecard-action from 2.1.3 to 2.3.1 (#302) (@dependabot[bot])
- 873f55c: chore: bump golangci/golangci-lint-action from 2 to 3 (#303) (@dependabot[bot])
- f49ff8e: chore: bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#304) (@dependabot[bot])
- 5e56558: chore: bump github.com/stretchr/testify from 1.8.1 to 1.8.4 (#305) (@dependabot[bot])
- 932ff1e: chore: bump actions/checkout from 2 to 4 (#301) (@dependabot[bot])
- e7a6f44: chore: bump github/codeql-action from 2.22.6 to 2.22.7 (@dependabot[bot])
- a412c18: chore: bump actions/cache from 2 to 3 (@dependabot[bot])
- 0363ee3: chore: bump actions/setup-go from 2 to 4 (@dependabot[bot])
- 15bec9e: chore: bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (@dependabot[bot])
- 752b9e0: chore: bump github/codeql-action from 2.22.7 to 2.22.8 (@dependabot[bot])
- bcf7ecf: Update README.md - fixing quickstart url (@clemenko)
- f65b232: [StepSecurity] Apply security best practices (#316) (@step-security-bot)
- 81bdfce: Improve gha (#318) (@kairoaraujo)
- a56715e: Refactoring error messages to use
%wformatting directive and fix logging issue (#314) (@ChaosInTheCRD) - b19afc8: Fix initial pre-commit violations (#319) (@jkjell)
- 862d8c4: chore: bump actions/upload-artifact from 3.0.0 to 3.1.3 (#320) (@dependabot[bot])
- a823f58: chore: bump actions/checkout from 3.6.0 to 4.1.1 (#321) (@dependabot[bot])
- 684fd6a: chore: bump actions/setup-go from 4.1.0 to 5.0.0 (#322) (@dependabot[bot])
- 709ad35: chore: bump github/codeql-action from 2.22.8 to 2.22.9 (#323) (@dependabot[bot])
- 71856fd: chore: bump actions/dependency-review-action from 2.5.1 to 3.1.4 (#324) (@dependabot[bot])
- f0c8f43: Adding help to Makefile and updating
make testtarget (#325) (@ChaosInTheCRD) - 937eab8: Adding the contributing.md from archivista (#327) (@ChaosInTheCRD)
- c0f5843: Migrating go module (#328) (@ChaosInTheCRD)
- c06555d: Migrating to the use of in-toto/go-witness module (#331) (@ChaosInTheCRD)
- b36c96d: Bumping Go version for goreleaser (#333) (@ChaosInTheCRD)
New Contributors
- @blhagadorn made their first contribution in #288
- @jkjell made their first contribution in #294
- @lmco-seth made their first contribution in #297
- @shenxianpeng made their first contribution in #311
- @clemenko made their first contribution in #313
- @step-security-bot made their first contribution in #316
- @kairoaraujo made their first contribution in #318
- @DataDavD made their first contribution in #292
- @ChaosInTheCRD made their first contribution in #314
Full Changelog: v0.1.14...v0.2.0
Contributors
jkjell, kairoaraujo, and 9 other contributors
Assets 10
v0.1.14
Changelog
Features
- 57b29fd: feat: publish ko built images to ghcr (@mikhailswift)
- 4a41144: feat: use signer registry to setup signers for CLI flags (@mikhailswift)
Bug fixes
- 58b3f59: fix: update scorecard version to fix invalid key error (@mikhailswift)
- bde414e: fix: use witness-run-action instead of testifysec-run-action (@mikhailswift)
- 2dc9401: fix: update goreleaser action to use go 1.20.x (@mikhailswift)
- 8a53d68: fix: update github actions to use new fulcio url (@mikhailswift)
- 03ab65f: fix: re-enable verify tests (@mikhailswift)
- f7d7e96: fix: use the pflag.FlagSet.Set function to set values from config files (@mikhailswift)
- aa35c1f: fix: update changed signer flags in tests (@mikhailswift)
Documentation
- 88a8d93: docs: regenerate docs for new cli flags (@mikhailswift)
- 5bf31d7: docs: regenerate docs for new cli flags (@mikhailswift)
Others
- 9bac7df: chore(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3 (@dependabot[bot])
- 0c7a4e5: refactor: use generic registry for attestor options (@mikhailswift)
- d713711: refactor: create helper function to add options from registries (@mikhailswift)
Contributors
mikhailswift and dependabot
Assets 10
v0.1.13-ci-test
v0.1.13-ci-test
This tag was signed with the committer’s verified signature.
mikhailswift
Mikhail Swift
ad37874
This commit was signed with the committer’s verified signature.
mikhailswift
Mikhail Swift
Changelog
Features
- ad37874: feat: publish ko built images to ghcr (@mikhailswift)
Bug fixes
- e9c59bf: fix: update scorecard version to fix invalid key error (@mikhailswift)
- 8adff10: fix: use witness-run-action instead of testifysec-run-action (@mikhailswift)
Contributors
mikhailswift
Assets 10
v0.0.22-test
v0.1.13
What's Changed
- chore: bump to go 1.19 by @mikhailswift in #227
- feat/add install script by @colek42 in #229
- refactor: allow only subjects to be provided to witness verify by @mikhailswift in #252
- docs: add docs for defining timestamp authorities in policy by @mikhailswift in #250
- chore(deps): bump github.com/theupdateframework/go-tuf from 0.3.1 to 0.3.2 by @dependabot in #234
- chore: update archivst -> archivista by @mikhailswift in #251
- chore: replace usage of deprecated cobra function by @mikhailswift in #257
- feat: attestor config by @mikhailswift in #249
- feat: add support for fetching certs with github token by @colek42 in #255
- [Snyk] Security upgrade golang from 1.18 to 1.20.1 by @colek42 in #245
New Contributors
Full Changelog: v0.1.12...v0.1.13
Contributors
kipz, mikhailswift, and 2 other contributors
Assets 10
v0.1.12
v0.1.12
This tag was signed with the committer’s verified signature.
mikhailswift
Mikhail Swift
What's Changed
- [Snyk] Security upgrade golang from 1.17.10 to 1.18 by @colek42 in #198
- chore: add logging when an unknown flag is provided by @mikhailswift in #204
- chore: scorecard workflow added by @developer-guy in #208
- chore: upgrade scorecard version by @developer-guy in #211
- chore: fix url in scorecard badge by @mikhailswift in #209
- [Snyk] Security upgrade golang from 1.17.8-alpine to 1.18.6-alpine by @snyk-bot in #213
- feat: archivist & attestation source integration by @mikhailswift in #201
- chore: temporarily remove sigstore by @mikhailswift in #214
- feat: add timestamping options by @mikhailswift in #215
Full Changelog: v0.1.11...v0.1.12
Contributors
mikhailswift, colek42, and 2 other contributors
Assets 17
v0.0.1002-test
Contributors
colek42