Skip to content

Releases: s4u/pgpverify-maven-plugin

v1.11.0

05 Jan 20:28
974a3bf
Compare
Choose a tag to compare

What's Changed

New features

  • Reproducible Builds #213

Bug Fixes

  • Reproducible build - sorted javax.inject.Named #221

Maintenance

  • Tests cleanup and improvement #212
  • RoundRobinRouterPlaner IT to Unit test #223
  • pom cleanup, coverage badge #224

Dependency updates

  • Bump mockito-testng from 0.1.1 to 0.2.0 #209
  • Bump mockito-testng from 0.2.0 to 0.2.2 #210
  • Bump guava from 30.0-jre to 30.1-jre #211
  • Bump bcpg-jdk15on from 1.67 to 1.68 #214
  • Bump parent from 2.7.1 to 2.9.0 #217
  • Bump maven-artifact-transfer from 0.12.0 to 0.13.1 #215
  • Bump parent from 2.9.0 to 2.10.0 #218
  • Bump mockito-testng from 0.2.2 to 0.2.3 #219
  • Bump slf4j-mock from 2.0.0 to 2.1.0 #220
  • Bump mockito-core from 3.6.28 to 3.7.0 #222

Thanks

Many thanks for collaboration on this release for: @slawekjaranowski

v1.10.1

08 Dec 20:33
f860eb6
Compare
Choose a tag to compare

What's Changed

Bug Fixes

  • Fix zero padded key validation. #200 #201
  • Broken key file in cache should be refreshed #203
  • Broken key file from server should be refreshed #204

Maintenance

  • Include invalid key in error message. #206

Dependency updates

  • Bump mockito-core from 3.6.0 to 3.6.28 #197
  • Bump slf4j-mock from 1.0.4 to 2.0.0 #198
  • Bump jackson.version from 2.11.3 to 2.12.0 #199

Thanks

Many thanks for collaboration on this release for: @pavelhoral

v1.10.0

14 Nov 13:31
1899c72
Compare
Choose a tag to compare

What's Changed

New features

  • PGPShowMojo - Show information about artifact signature. #178

Maintenance

  • JSR-330 #174
  • Addressing Sonar issues #180
  • Fix Sonar issues #185
  • Build by Github Action #189
  • Use Maven Site configuration from parent project #195

Dependency updates

  • Bump mockito-core from 3.3.3 to 3.4.0 #137
  • Bump mockito-core from 3.4.0 to 3.4.4 #140
  • Bump commons-lang3 from 3.10 to 3.11 #138
  • Bump bcpg-jdk15on from 1.65 to 1.66 #133
  • Bump mockserver-netty from 5.10 to 5.11.1 #142
  • Bump snakeyaml from 1.24 to 1.26 #143
  • Bump jackson.version from 2.10.2 to 2.11.1 #144
  • Bump mockito-core from 3.4.4 to 3.4.6 #145
  • Bump jackson.version from 2.11.1 to 2.11.2 #147
  • Bump actions/checkout from v2.3.1 to v2.3.2 #148
  • Bump mockito-core from 3.4.6 to 3.5.2 #150
  • Bump assertj-core from 3.16.1 to 3.17.0 #151
  • Bump mockito-core from 3.5.2 to 3.5.7 #154
  • Bump assertj-core from 3.17.0 to 3.17.1 #155
  • Bump mockito-core from 3.5.7 to 3.5.10 #158
  • Bump snakeyaml from 1.26 to 1.27 #162
  • Bump assertj-core from 3.17.1 to 3.17.2 #160
  • Bump s4u/maven-settings-action from v2.1.0 to v2.1.1 #159
  • Bump mockito-core from 3.5.10 to 3.5.11 #163
  • Bump actions/checkout from v2.3.2 to v2.3.3 #164
  • Bump httpclient from 4.5.12 to 4.5.13 #167
  • Bump resilience4j-retry from 1.5.0 to 1.6.0 #168
  • Bump commons-codec from 1.14 to 1.15 #170
  • Bump commons-io from 2.7 to 2.8.0 #171
  • Bump resilience4j-retry from 1.6.0 to 1.6.1 #172
  • Bump mockito-core from 3.5.11 to 3.5.13 #165
  • Bump jackson.version from 2.11.2 to 2.11.3 #166
  • Bump slf4j-mock from 1.0.2 to 1.0.3 #173
  • Bump s4u/maven-settings-action from v2.1.1 to v2.2.0 #175
  • Bump mockito-core from 3.5.13 to 3.5.15 #177
  • Bump guava from 29.0-jre to 30.0-jre #176
  • Bump assertj-core from 3.17.2 to 3.18.0 #181
  • Bump lombok from 1.18.12 to 1.18.16 #183
  • Bump mockito-core from 3.5.15 to 3.6.0 #184
  • Bump parent from 2.6.0 to 2.6.1 #182
  • Bump actions/checkout from v2.3.3 to v2.3.4 #187
  • Bump bcpg-jdk15on from 1.66 to 1.67 #186
  • Bump parent from 2.6.1 to 2.7.0 #190
  • Bump assertj-core from 3.18.0 to 3.18.1 #191
  • Bump slf4j-mock from 1.0.3 to 1.0.4 #192
  • Bump mockserver-netty from 5.11.1 to 5.11.2 #188
  • Bump parent from 2.7.0 to 2.7.1 #193
  • Bump jakarta.xml.bind-api from 2.3.3 to 3.0.0 #194

Thanks

Many thanks for collaboration on this release for: @singloon

v1.9.0

07 Jul 16:57
02fedc0
Compare
Choose a tag to compare

New features

  • Report duration of artifact resolution, download and signature validation phases. #111
  • Dependabot on GitHub #115
  • Extract signature form pgp message #120
  • Checksumming #119
  • Add hkps://keyserver.ubuntu.com to default key servers #122
  • Use Issuer Fingerprint signature subpacket to obtain key fingerprint #86

Deprecated feature

  • deprecates strictNoSignature #129

Improvements / bug fixes

  • Key not found - shouldn't break verification #113
  • Show, fix and start failing on compiler warnings. #109
  • Broken signature - shouldn't break verification #114
  • Separate weak-algorithm logic into utility and private method. #112
  • Misc small improvements and simplifications #121
  • Multiple key servers brake noKey feature #126
  • verifyPluginDependencies should enable verifyPlugins #128

Dependency updates

  • Bump vavr from 0.10.2 to 0.10.3 #108
  • Bump plexus-classworlds from 2.5.2 to 2.6.0 #107
  • Bump s4u/maven-settings-action from v2 to v2.1.0 #117
  • Bump actions/cache from v1 to v2 #116
  • Bump resilience4j-retry from 1.4.0 to 1.5.0 #118
  • Bump actions/checkout from v2 to v2.3.1 #123, #124
  • Bump parent from 2.5.0 to 2.6.0 #125
  • Bump slf4j-mock from 1.0.1 to 1.0.2 #127

Thanks

Many thanks for collaboration on this release for: @cobratbq

v1.8.0

19 May 19:49
cb385c5
Compare
Choose a tag to compare

New features

  • Add packaging to GAV in key map #82
  • Extend key map for special case with signature #83
  • Inherit proxy configuration from Maven #24, #93
  • Validate transitive closure of dependencies of build plug-ins and atypical dependencies #59, #80
  • Detect maven-surefire-plugin dynamic dependency loading #106

Improvements / bug fixes

  • Verify build and running on jdk 8, 11, 14 - remove jdk 13
  • Rename pom in IT tests - in order to prevent scanning test pom by automatic tools
  • Concurrent cache access on windows #92, #110
  • Emit warning for missing keysmap #99
  • Fix control flow error and use catch-syntax for instance checking #101

Dependency updates

  • httpclient from 4.5.11 to 4.5.12
  • mockito-core from 3.3.0 to 3.3.3
  • guice from 4.2.2 to 4.2.3
  • mockserver-netty from 5.9.0 to 5.10
  • commons-lang3 from 3.9 to 3.10
  • parent pom from 2.4.4 to 2.5.0
  • bcpg-jdk15on from 1.64 to 1.65
  • guava from 28.2-jre to 29.0-jre
  • resilience4j-retry from 1.3.1 to 1.4.0
  • assertj-core from 3.15.0 to 3.16.1
  • upate maven-fluido-skin from 1.8 to 1.9

Thanks

Many thanks for collaboration on this release for: @cobratbq, @fabianfrz, @pzygielo

v1.7.0

08 Mar 21:50
3ee2d75
Compare
Choose a tag to compare

New features

  • Add reporting plugins to artifact validation list when 'verifyPlugins' #79
  • Support for multiple keyserver #78

Improvements / bug fixes

  • Invalid UTF-8 chars in pgp uid #61
  • Recommends master key for adding instead of subkey #60
  • Improve verification of subkey signature #72, #73, #74
  • Verify build and running on linux, win, mac, jdk 8, 11, 13

Dependency updates

  • mockito-core from 3.2.0 to 3.2.4
  • guava from 20.0 to 28.2-jre
  • slf4j from 1.7.29 to 1.7.30
  • resilience4j-retry from 1.2.0 to 1.3.1
  • httpclient from 4.5.10 to 4.5.11
  • guice from 4.1.0 to 4.2.2
  • mockito-core from 3.2.4 to 3.3.0
  • testng from 7.0.0 to 7.1.0

Thanks

Many thanks for collaboration on this release for: @cobratbq @pzygielo @ruud-de-jong

v1.6.0

19 Jan 20:56
83437b7
Compare
Choose a tag to compare
  • #53 warning during artifact signature download
  • #54 Validate dependencies of build plug-ins
  • #56 Add all build plug-in dependencies to the artifacts list whenever build plugins are validated
  • #57 Remove excessive newline for error log entry
  • #58 Validate annotation processors in maven-compiler-plugin
  • #30 Can't specify master key fingerprint in keys map file if sub key is used for signing
  • confirm working on java 13
  • confirm working ECDSA key

v1.5.1

20 Dec 14:39
459aa0c
Compare
Choose a tag to compare
  • improvement of retry mechanism for pgp keys download
  • ignore checksum during pgp signature resolving

v1.5.0

07 Dec 14:20
5a30fbc
Compare
Choose a tag to compare
  • required maven 3.5 or newer
  • moved build from travis.org to travis.com
  • #44 Add parameter 'strictNoSignature' to make missing signatures explicit in keys map
  • #43 Make pgpverify-maven-plugin thread-safe
  • #5 Also verify the pgp signatures of maven plugins
  • support multiline in keys map
  • support maven version range syntax in keys map

https://github.com/s4u/pgpverify-maven-plugin/milestone/4?closed=1

v1.4.0

15 Mar 16:39
Compare
Choose a tag to compare
  • #40 "quiet" flag to reduce noise on successful builds
  • sonarcloud.io for static code analysis
  • build and run on Java 11
  • required minimum Java 8 for build and run