Releases: slsa-framework/slsa-verifier
Releases · slsa-framework/slsa-verifier
v2.7.0-rc.1
What's Changed
- chore: v2.6.0: update docs by @ramonpetgrave64 in #789
- chore: Update CODEOWNERS to use teams by @haydentherapper in #793
- chore(deps): bump github.com/docker/docker from 24.0.9+incompatible to 26.1.4+incompatible in the go_modules group by @dependabot in #794
- feat: support npm cli provenance v1 attestations by @ramonpetgrave64 in #776
- chore: pin yamllint, golangci-lint by @ramonpetgrave64 in #783
- feat: refactor: use sigstore-go for fetching TrustedRoot by @ramonpetgrave64 in #791
- chore(deps): update golang:1.21 docker digest to f2eb989 by @renovate-bot in #796
- chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible in the go_modules group by @dependabot in #798
- chore: fix vuln: override autolinker ^4.0.0 by @ramonpetgrave64 in #785
- chore(config): migrate renovate config by @renovate-bot in #800
- feat: set user-agent header on Rekor requests by @bobcallaway in #801
- feat: handle dssev001 tlog entry types by @ramonpetgrave64 in #799
- fix(deps): update golang.org/x/exp digest to 225e2ab by @renovate-bot in #803
- chore(deps): update dependency pyyaml to v6.0.2 by @renovate-bot in #808
- chore(deps): update golang:1.21 docker digest to 4746d26 by @renovate-bot in #802
- fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.9 by @renovate-bot in #809
- chore: update go and golanci lint by @ramonpetgrave64 in #810
- feat(action): Updating to Node20 by @IAreKyleW00t in #811
- fix(deps): update module github.com/sigstore/sigstore-go to v0.6.1 [security] by @renovate-bot in #805
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to e5260be by @renovate-bot in #795
- chore(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 in the go_modules group across 1 directory by @dependabot in #812
- fix: fix method for getting leaf certs in Bundle v0.3 by @ramonpetgrave64 in #813
- chore(deps): update github-actions by @renovate-bot in #817
- chore(deps): update golang docker tag to v1.23 by @renovate-bot in #818
- fix(deps): update dependency @actions/core to v1.11.1 by @renovate-bot in #819
- chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1 in the go_modules group by @dependabot in #820
- chore(deps): bump golang.org/x/crypto from 0.27.0 to 0.31.0 in the go_modules group by @dependabot in #821
- fix(deps): update dependency org.apache.maven:maven-core to v3.9.9 by @renovate-bot in #816
- fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.15.1 by @renovate-bot in #824
- chore(deps): update github-actions by @renovate-bot in #823
- chore(deps): bump golang.org/x/net from 0.27.0 to 0.33.0 in the go_modules group by @dependabot in #826
- fix(deps): update go by @renovate-bot in #825
- chore(deps): update golang:1.23 docker digest to 51a6466 by @renovate-bot in #822
- fix(deps): update golang.org/x/exp digest to 3edf0e9 by @renovate-bot in #815
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to 97d1521 by @renovate-bot in #814
- chore(deps): bump undici from 5.28.4 to 5.28.5 in /actions/installer in the npm_and_yarn group across 1 directory by @dependabot in #827
New Contributors
- @bobcallaway made their first contribution in #801
- @IAreKyleW00t made their first contribution in #811
Full Changelog: v2.6.0...v2.7.0-rc.1
v2.7.0
What's Changed
- chore: v2.6.0: update docs by @ramonpetgrave64 in #789
- chore: Update CODEOWNERS to use teams by @haydentherapper in #793
- chore(deps): bump github.com/docker/docker from 24.0.9+incompatible to 26.1.4+incompatible in the go_modules group by @dependabot in #794
- feat: support npm cli provenance v1 attestations by @ramonpetgrave64 in #776
- chore: pin yamllint, golangci-lint by @ramonpetgrave64 in #783
- feat: refactor: use sigstore-go for fetching TrustedRoot by @ramonpetgrave64 in #791
- chore(deps): update golang:1.21 docker digest to f2eb989 by @renovate-bot in #796
- chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible in the go_modules group by @dependabot in #798
- chore: fix vuln: override autolinker ^4.0.0 by @ramonpetgrave64 in #785
- chore(config): migrate renovate config by @renovate-bot in #800
- feat: set user-agent header on Rekor requests by @bobcallaway in #801
- feat: handle dssev001 tlog entry types by @ramonpetgrave64 in #799
- fix(deps): update golang.org/x/exp digest to 225e2ab by @renovate-bot in #803
- chore(deps): update dependency pyyaml to v6.0.2 by @renovate-bot in #808
- chore(deps): update golang:1.21 docker digest to 4746d26 by @renovate-bot in #802
- fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.9 by @renovate-bot in #809
- chore: update go and golanci lint by @ramonpetgrave64 in #810
- feat(action): Updating to Node20 by @IAreKyleW00t in #811
- fix(deps): update module github.com/sigstore/sigstore-go to v0.6.1 [security] by @renovate-bot in #805
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to e5260be by @renovate-bot in #795
- chore(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 in the go_modules group across 1 directory by @dependabot in #812
- fix: fix method for getting leaf certs in Bundle v0.3 by @ramonpetgrave64 in #813
- chore(deps): update github-actions by @renovate-bot in #817
- chore(deps): update golang docker tag to v1.23 by @renovate-bot in #818
- fix(deps): update dependency @actions/core to v1.11.1 by @renovate-bot in #819
- chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1 in the go_modules group by @dependabot in #820
- chore(deps): bump golang.org/x/crypto from 0.27.0 to 0.31.0 in the go_modules group by @dependabot in #821
- fix(deps): update dependency org.apache.maven:maven-core to v3.9.9 by @renovate-bot in #816
- fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.15.1 by @renovate-bot in #824
- chore(deps): update github-actions by @renovate-bot in #823
- chore(deps): bump golang.org/x/net from 0.27.0 to 0.33.0 in the go_modules group by @dependabot in #826
- fix(deps): update go by @renovate-bot in #825
- chore(deps): update golang:1.23 docker digest to 51a6466 by @renovate-bot in #822
- fix(deps): update golang.org/x/exp digest to 3edf0e9 by @renovate-bot in #815
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to 97d1521 by @renovate-bot in #814
- chore(deps): bump undici from 5.28.4 to 5.28.5 in /actions/installer in the npm_and_yarn group across 1 directory by @dependabot in #827
New Contributors
- @bobcallaway made their first contribution in #801
- @IAreKyleW00t made their first contribution in #811
Full Changelog: v2.6.0...v2.7.0
v2.6.0-rc.1
This is a pre-release. DO NOT install
What's Changed
- chore: Update doc and digests for v2.5.1 by @laurentsimon in #748
- fix(deps): update module google.golang.org/protobuf to v1.33.0 [security] by @renovate-bot in #743
- fix(deps): update dependency org.apache.maven:maven-core to v3.9.6 by @renovate-bot in #718
- chore: Update @actions/github v6 by @laurentsimon in #749
- fix: use sigstore/pkg/fulcioroots to lessen deps by @ramonpetgrave64 in #746
- feat: add ramonpetgrave64 as CODEOWNER by @ramonpetgrave64 in #750
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to 1a8ece8 by @renovate-bot in #701
- chore(deps): update github-actions (major) by @renovate-bot in #719
- fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by @renovate-bot in #751
- chore(deps): update npm dev (major) by @ramonpetgrave64 in #753
- fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.11.0 by @renovate-bot in #752
- feat: fixes #547: add npm sigstore-tuf suport by @ramonpetgrave64 in #731
- fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by @renovate-bot in #723
- chore(deps): update golang:1.21 docker digest to 81811f8 by @renovate-bot in #693
- chore: slsa-framework/slsa-github-generator@v2.0.0: add testdata by @ramonpetgrave64 in #758
- chore(deps): update golang:1.21 docker digest to d83472f by @renovate-bot in #764
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to 53745e9 by @renovate-bot in #763
- feat: workflow to update actions dist by @ramonpetgrave64 in #760
- fix(deps): update dependency @actions/core to v1.10.1 by @renovate-bot in #717
- chore: fix pr-title-checker by @ianlewis in #770
- chore: Update Renovate config by @ianlewis in #769
- fix: use pr_number as env variable by @ramonpetgrave64 in #771
- fix: signoff commit by @ramonpetgrave64 in #767
- chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #781
- chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 by @dependabot in #782
- chore(deps): bump undici from 5.28.3 to 5.28.4 in /actions/installer by @dependabot in #779
- chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /actions/installer by @dependabot in #780
- chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by @dependabot in #784
- fix(deps): update golang.org/x/exp digest to 7f521ea by @renovate-bot in #775
- fix: make download-artifacts.sh more flexible by @ramonpetgrave64 in #761
- chore(deps): update golang:1.21 docker digest to b405b62 by @renovate-bot in #774
- chore(deps): update npm dev by @renovate-bot in #650
- fix(deps): update dependency org.apache.maven:maven-core to v3.9.8 by @renovate-bot in #787
- chore(deps): update github-actions by @renovate-bot in #786
- feat: vsa support by @ramonpetgrave64 in #777
- fix: use tag for the builder in the release workflow by @ramonpetgrave64 in #788
Full Changelog: v2.5.1...v2.6.0-rc.1
v2.6.0
What's Changed
- chore: Update doc and digests for v2.5.1 by @laurentsimon in #748
- fix(deps): update module google.golang.org/protobuf to v1.33.0 [security] by @renovate-bot in #743
- fix(deps): update dependency org.apache.maven:maven-core to v3.9.6 by @renovate-bot in #718
- chore: Update @actions/github v6 by @laurentsimon in #749
- fix: use sigstore/pkg/fulcioroots to lessen deps by @ramonpetgrave64 in #746
- feat: add ramonpetgrave64 as CODEOWNER by @ramonpetgrave64 in #750
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to 1a8ece8 by @renovate-bot in #701
- chore(deps): update github-actions (major) by @renovate-bot in #719
- fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by @renovate-bot in #751
- chore(deps): update npm dev (major) by @ramonpetgrave64 in #753
- fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.11.0 by @renovate-bot in #752
- feat: fixes #547: add npm sigstore-tuf suport by @ramonpetgrave64 in #731
- fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by @renovate-bot in #723
- chore(deps): update golang:1.21 docker digest to 81811f8 by @renovate-bot in #693
- chore: slsa-framework/slsa-github-generator@v2.0.0: add testdata by @ramonpetgrave64 in #758
- chore(deps): update golang:1.21 docker digest to d83472f by @renovate-bot in #764
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to 53745e9 by @renovate-bot in #763
- feat: workflow to update actions dist by @ramonpetgrave64 in #760
- fix(deps): update dependency @actions/core to v1.10.1 by @renovate-bot in #717
- chore: fix pr-title-checker by @ianlewis in #770
- chore: Update Renovate config by @ianlewis in #769
- fix: use pr_number as env variable by @ramonpetgrave64 in #771
- fix: signoff commit by @ramonpetgrave64 in #767
- chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #781
- chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 by @dependabot in #782
- chore(deps): bump undici from 5.28.3 to 5.28.4 in /actions/installer by @dependabot in #779
- chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /actions/installer by @dependabot in #780
- chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by @dependabot in #784
- fix(deps): update golang.org/x/exp digest to 7f521ea by @renovate-bot in #775
- fix: make download-artifacts.sh more flexible by @ramonpetgrave64 in #761
- chore(deps): update golang:1.21 docker digest to b405b62 by @renovate-bot in #774
- chore(deps): update npm dev by @renovate-bot in #650
- fix(deps): update dependency org.apache.maven:maven-core to v3.9.8 by @renovate-bot in #787
- chore(deps): update github-actions by @renovate-bot in #786
- feat: vsa support by @ramonpetgrave64 in #777
- fix: use tag for the builder in the release workflow by @ramonpetgrave64 in #788
Full Changelog: v2.5.1...v2.6.0
v2.6.0-dev.1
Development release containing pending support for VSAs #777. This is not meant to pass our official release process.
What's Changed
- chore: Update doc and digests for v2.5.1 by @laurentsimon in #748
- fix(deps): update module google.golang.org/protobuf to v1.33.0 [security] by @renovate-bot in #743
- fix(deps): update dependency org.apache.maven:maven-core to v3.9.6 by @renovate-bot in #718
- chore: Update @actions/github v6 by @laurentsimon in #749
- fix: use sigstore/pkg/fulcioroots to lessen deps by @ramonpetgrave64 in #746
- feat: add ramonpetgrave64 as CODEOWNER by @ramonpetgrave64 in #750
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to 1a8ece8 by @renovate-bot in #701
- chore(deps): update github-actions (major) by @renovate-bot in #719
- fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by @renovate-bot in #751
- chore(deps): update npm dev (major) by @ramonpetgrave64 in #753
- fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.11.0 by @renovate-bot in #752
- feat: fixes #547: add npm sigstore-tuf suport by @ramonpetgrave64 in #731
- fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by @renovate-bot in #723
- chore(deps): update golang:1.21 docker digest to 81811f8 by @renovate-bot in #693
- chore: slsa-framework/slsa-github-generator@v2.0.0: add testdata by @ramonpetgrave64 in #758
- chore(deps): update golang:1.21 docker digest to d83472f by @renovate-bot in #764
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to 53745e9 by @renovate-bot in #763
- feat: workflow to update actions dist by @ramonpetgrave64 in #760
- fix(deps): update dependency @actions/core to v1.10.1 by @renovate-bot in #717
- chore: fix pr-title-checker by @ianlewis in #770
- chore: Update Renovate config by @ianlewis in #769
- fix: use pr_number as env variable by @ramonpetgrave64 in #771
- fix: signoff commit by @ramonpetgrave64 in #767
- chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #781
- chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 by @dependabot in #782
- chore(deps): bump undici from 5.28.3 to 5.28.4 in /actions/installer by @dependabot in #779
- chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /actions/installer by @dependabot in #780
- chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by @dependabot in #784
- fix(deps): update golang.org/x/exp digest to 7f521ea by @renovate-bot in #775
- fix: make download-artifacts.sh more flexible by @ramonpetgrave64 in #761
- chore(deps): update golang:1.21 docker digest to b405b62 by @renovate-bot in #774
- chore(deps): update npm dev by @renovate-bot in #650
- fix(deps): update dependency org.apache.maven:maven-core to v3.9.8 by @renovate-bot in #787
- chore(deps): update github-actions by @renovate-bot in #786
Full Changelog: v2.5.1...v2.6.0-dev.1
v2.5.1
What's Changed
- feat: Add cosign registry opts for provenance registry by @saisatishkarra in #729 and #736
- feat: Add support for DSSE Rekor type by @haydentherapper in #742
New Contributors
- @saisatishkarra made their first contribution in #729
- @ramonpetgrave64 made their first contribution in #737
- @haydentherapper made their first contribution in #742
Full Changelog: v2.4.1...v2.5.1
v2.5.1-rc.0
This is a pre-release. DO NOT install
What's Changed
- feat: Add cosign registry opts for provenance registry by @saisatishkarra in #729 and #736
- feat: Add support for DSSE Rekor type by @haydentherapper in #742
New Contributors
- @saisatishkarra made their first contribution in #729
- @ramonpetgrave64 made their first contribution in #737
- @haydentherapper made their first contribution in #742
Full Changelog: v2.4.1...v2.5.1-rc.0
v2.4.1
What's Changed
- Fix a verification issue when verifying npm's publish attestations - Low severity GHSA-r2xv-vpr2-42m9. This part of the code remains experimental.
New Contributors
- @trishankatdatadog made their first contribution in #702
Full Changelog: v2.4.0...v2.4.1
v2.4.1-rc.1
Pre-release, do not use
v2.4.1-rc.0
Pre-release, do not use.