Releases: s4u/pgpverify-maven-plugin
Releases · s4u/pgpverify-maven-plugin
v1.11.0
What's Changed
New features
- Reproducible Builds #213
Bug Fixes
- Reproducible build - sorted javax.inject.Named #221
Maintenance
- Tests cleanup and improvement #212
- RoundRobinRouterPlaner IT to Unit test #223
- pom cleanup, coverage badge #224
Dependency updates
- Bump mockito-testng from 0.1.1 to 0.2.0 #209
- Bump mockito-testng from 0.2.0 to 0.2.2 #210
- Bump guava from 30.0-jre to 30.1-jre #211
- Bump bcpg-jdk15on from 1.67 to 1.68 #214
- Bump parent from 2.7.1 to 2.9.0 #217
- Bump maven-artifact-transfer from 0.12.0 to 0.13.1 #215
- Bump parent from 2.9.0 to 2.10.0 #218
- Bump mockito-testng from 0.2.2 to 0.2.3 #219
- Bump slf4j-mock from 2.0.0 to 2.1.0 #220
- Bump mockito-core from 3.6.28 to 3.7.0 #222
Thanks
Many thanks for collaboration on this release for: @slawekjaranowski
v1.10.1
What's Changed
Bug Fixes
- Fix zero padded key validation. #200 #201
- Broken key file in cache should be refreshed #203
- Broken key file from server should be refreshed #204
Maintenance
- Include invalid key in error message. #206
Dependency updates
- Bump mockito-core from 3.6.0 to 3.6.28 #197
- Bump slf4j-mock from 1.0.4 to 2.0.0 #198
- Bump jackson.version from 2.11.3 to 2.12.0 #199
Thanks
Many thanks for collaboration on this release for: @pavelhoral
v1.10.0
What's Changed
New features
- PGPShowMojo - Show information about artifact signature. #178
Maintenance
- JSR-330 #174
- Addressing Sonar issues #180
- Fix Sonar issues #185
- Build by Github Action #189
- Use Maven Site configuration from parent project #195
Dependency updates
- Bump mockito-core from 3.3.3 to 3.4.0 #137
- Bump mockito-core from 3.4.0 to 3.4.4 #140
- Bump commons-lang3 from 3.10 to 3.11 #138
- Bump bcpg-jdk15on from 1.65 to 1.66 #133
- Bump mockserver-netty from 5.10 to 5.11.1 #142
- Bump snakeyaml from 1.24 to 1.26 #143
- Bump jackson.version from 2.10.2 to 2.11.1 #144
- Bump mockito-core from 3.4.4 to 3.4.6 #145
- Bump jackson.version from 2.11.1 to 2.11.2 #147
- Bump actions/checkout from v2.3.1 to v2.3.2 #148
- Bump mockito-core from 3.4.6 to 3.5.2 #150
- Bump assertj-core from 3.16.1 to 3.17.0 #151
- Bump mockito-core from 3.5.2 to 3.5.7 #154
- Bump assertj-core from 3.17.0 to 3.17.1 #155
- Bump mockito-core from 3.5.7 to 3.5.10 #158
- Bump snakeyaml from 1.26 to 1.27 #162
- Bump assertj-core from 3.17.1 to 3.17.2 #160
- Bump s4u/maven-settings-action from v2.1.0 to v2.1.1 #159
- Bump mockito-core from 3.5.10 to 3.5.11 #163
- Bump actions/checkout from v2.3.2 to v2.3.3 #164
- Bump httpclient from 4.5.12 to 4.5.13 #167
- Bump resilience4j-retry from 1.5.0 to 1.6.0 #168
- Bump commons-codec from 1.14 to 1.15 #170
- Bump commons-io from 2.7 to 2.8.0 #171
- Bump resilience4j-retry from 1.6.0 to 1.6.1 #172
- Bump mockito-core from 3.5.11 to 3.5.13 #165
- Bump jackson.version from 2.11.2 to 2.11.3 #166
- Bump slf4j-mock from 1.0.2 to 1.0.3 #173
- Bump s4u/maven-settings-action from v2.1.1 to v2.2.0 #175
- Bump mockito-core from 3.5.13 to 3.5.15 #177
- Bump guava from 29.0-jre to 30.0-jre #176
- Bump assertj-core from 3.17.2 to 3.18.0 #181
- Bump lombok from 1.18.12 to 1.18.16 #183
- Bump mockito-core from 3.5.15 to 3.6.0 #184
- Bump parent from 2.6.0 to 2.6.1 #182
- Bump actions/checkout from v2.3.3 to v2.3.4 #187
- Bump bcpg-jdk15on from 1.66 to 1.67 #186
- Bump parent from 2.6.1 to 2.7.0 #190
- Bump assertj-core from 3.18.0 to 3.18.1 #191
- Bump slf4j-mock from 1.0.3 to 1.0.4 #192
- Bump mockserver-netty from 5.11.1 to 5.11.2 #188
- Bump parent from 2.7.0 to 2.7.1 #193
- Bump jakarta.xml.bind-api from 2.3.3 to 3.0.0 #194
Thanks
Many thanks for collaboration on this release for: @singloon
v1.9.0
New features
- Report duration of artifact resolution, download and signature validation phases. #111
- Dependabot on GitHub #115
- Extract signature form pgp message #120
- Checksumming #119
- Add hkps://keyserver.ubuntu.com to default key servers #122
- Use Issuer Fingerprint signature subpacket to obtain key fingerprint #86
Deprecated feature
- deprecates strictNoSignature #129
Improvements / bug fixes
- Key not found - shouldn't break verification #113
- Show, fix and start failing on compiler warnings. #109
- Broken signature - shouldn't break verification #114
- Separate weak-algorithm logic into utility and private method. #112
- Misc small improvements and simplifications #121
- Multiple key servers brake noKey feature #126
- verifyPluginDependencies should enable verifyPlugins #128
Dependency updates
- Bump vavr from 0.10.2 to 0.10.3 #108
- Bump plexus-classworlds from 2.5.2 to 2.6.0 #107
- Bump s4u/maven-settings-action from v2 to v2.1.0 #117
- Bump actions/cache from v1 to v2 #116
- Bump resilience4j-retry from 1.4.0 to 1.5.0 #118
- Bump actions/checkout from v2 to v2.3.1 #123, #124
- Bump parent from 2.5.0 to 2.6.0 #125
- Bump slf4j-mock from 1.0.1 to 1.0.2 #127
Thanks
Many thanks for collaboration on this release for: @cobratbq
v1.8.0
New features
- Add packaging to GAV in key map #82
- Extend key map for special case with signature #83
- Inherit proxy configuration from Maven #24, #93
- Validate transitive closure of dependencies of build plug-ins and atypical dependencies #59, #80
- Detect maven-surefire-plugin dynamic dependency loading #106
Improvements / bug fixes
- Verify build and running on jdk 8, 11, 14 - remove jdk 13
- Rename pom in IT tests - in order to prevent scanning test pom by automatic tools
- Concurrent cache access on windows #92, #110
- Emit warning for missing keysmap #99
- Fix control flow error and use catch-syntax for instance checking #101
Dependency updates
- httpclient from 4.5.11 to 4.5.12
- mockito-core from 3.3.0 to 3.3.3
- guice from 4.2.2 to 4.2.3
- mockserver-netty from 5.9.0 to 5.10
- commons-lang3 from 3.9 to 3.10
- parent pom from 2.4.4 to 2.5.0
- bcpg-jdk15on from 1.64 to 1.65
- guava from 28.2-jre to 29.0-jre
- resilience4j-retry from 1.3.1 to 1.4.0
- assertj-core from 3.15.0 to 3.16.1
- upate maven-fluido-skin from 1.8 to 1.9
Thanks
Many thanks for collaboration on this release for: @cobratbq, @fabianfrz, @pzygielo
v1.7.0
New features
- Add reporting plugins to artifact validation list when 'verifyPlugins' #79
- Support for multiple keyserver #78
Improvements / bug fixes
- Invalid UTF-8 chars in pgp uid #61
- Recommends master key for adding instead of subkey #60
- Improve verification of subkey signature #72, #73, #74
- Verify build and running on linux, win, mac, jdk 8, 11, 13
Dependency updates
- mockito-core from 3.2.0 to 3.2.4
- guava from 20.0 to 28.2-jre
- slf4j from 1.7.29 to 1.7.30
- resilience4j-retry from 1.2.0 to 1.3.1
- httpclient from 4.5.10 to 4.5.11
- guice from 4.1.0 to 4.2.2
- mockito-core from 3.2.4 to 3.3.0
- testng from 7.0.0 to 7.1.0
Thanks
Many thanks for collaboration on this release for: @cobratbq @pzygielo @ruud-de-jong
v1.6.0
- #53 warning during artifact signature download
- #54 Validate dependencies of build plug-ins
- #56 Add all build plug-in dependencies to the artifacts list whenever build plugins are validated
- #57 Remove excessive newline for error log entry
- #58 Validate annotation processors in maven-compiler-plugin
- #30 Can't specify master key fingerprint in keys map file if sub key is used for signing
- confirm working on java 13
- confirm working ECDSA key
v1.5.1
- improvement of retry mechanism for pgp keys download
- ignore checksum during pgp signature resolving
v1.5.0
- required maven 3.5 or newer
- moved build from travis.org to travis.com
- #44 Add parameter 'strictNoSignature' to make missing signatures explicit in keys map
- #43 Make pgpverify-maven-plugin thread-safe
- #5 Also verify the pgp signatures of maven plugins
- support multiline in keys map
- support maven version range syntax in keys map
https://github.com/s4u/pgpverify-maven-plugin/milestone/4?closed=1