Bump github.com/sigstore/rekor from 0.10.0 to 0.11.0 #2181

dependabot · 2022-08-19T16:08:06Z

Bumps github.com/sigstore/rekor from 0.10.0 to 0.11.0.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v0.11.0

What's Changed

Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in sigstore/rekor#946

Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 by @dependabot in sigstore/rekor#947

Bump golang from 6e10f44 to 8a62670 by @dependabot in sigstore/rekor#948

Bump golang from 1.18.4 to 1.18.5 by @dependabot in sigstore/rekor#950

Add rekor harness tests by @priyawadhwa in sigstore/rekor#945

Persist and check attestations across harness tests by @priyawadhwa in sigstore/rekor#952

Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in sigstore/rekor#955

Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 by @dependabot in sigstore/rekor#958

Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in sigstore/rekor#959

Add harness test for getting all entries by UUID and EntryID by @priyawadhwa in sigstore/rekor#957

Bump go.uber.org/zap from 1.21.0 to 1.22.0 by @dependabot in sigstore/rekor#961

Bump gopkg.in/ini.v1 from 1.66.6 to 1.67.0 by @dependabot in sigstore/rekor#960

api: fix inclusion proof verification flake by @asraa in sigstore/rekor#956

change default value for rekor_server.hostname to server's hostname by @bobcallaway in sigstore/rekor#963

Bump github.com/go-openapi/errors from 0.20.2 to 0.20.3 by @dependabot in sigstore/rekor#964

fix nil-pointer error when artifact-hash is passed without artifact by @dsa0x in sigstore/rekor#965

Add prometheus summary to track metric latency by @priyawadhwa in sigstore/rekor#966

compute payload and envelope hashes upon validating intoto proposed entries by @bobcallaway in sigstore/rekor#967

update field documentation on publicKey for hashedrekord by @bobcallaway in sigstore/rekor#969

Bump actions/github-script from 6.1.0 to 6.1.1 by @dependabot in sigstore/rekor#971

Bump github.com/mediocregopher/radix/v4 from 4.1.0 to 4.1.1 by @dependabot in sigstore/rekor#972

Allow sharding config to be written in yaml or json by @priyawadhwa in sigstore/rekor#974

Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 by @dependabot in sigstore/rekor#975

Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 by @dependabot in sigstore/rekor#978

Bump github.com/go-openapi/loads from 0.21.1 to 0.21.2 by @dependabot in sigstore/rekor#977

fix incorrect schema id for cose type by @bobcallaway in sigstore/rekor#979

Bump github.com/go-openapi/spec from 0.20.6 to 0.20.7 by @dependabot in sigstore/rekor#976

fix: make rekor verify work with sharded uuids by @asraa in sigstore/rekor#970

update builder and cosign images by @cpanato in sigstore/rekor#981

remove trailing slash on directories by @bobcallaway in sigstore/rekor#984

add changelog for v0.11.0 release by @cpanato in sigstore/rekor#982

add support for intersection & union in search operations by @dsa0x in sigstore/rekor#968

Update scorecard-action to v2:alpha by @azeemshaikh38 in sigstore/rekor#987

New Contributors

@dsa0x made their first contribution in sigstore/rekor#965

Full Changelog: sigstore/rekor@v0.10.0...v0.11.0

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v0.11.0

Enhancements

add support for intersection & union in search operations (sigstore/rekor#968)

Allow sharding config to be written in yaml or json (sigstore/rekor#974)

update field documentation on publicKey for hashedrekord (sigstore/rekor#969)

compute payload and envelope hashes upon validating intoto proposed entries (sigstore/rekor#967)

Add prometheus summary to track metric latency (sigstore/rekor#966)

Add harness test for getting all entries by UUID and EntryID (sigstore/rekor#957)

Persist and check attestations across harness tests (sigstore/rekor#952)

Add rekor harness tests for adding and getting entries from previous versions (sigstore/rekor#945)

Bug Fixes

fix: make rekor verify work with sharded uuids (sigstore/rekor#970)

fix incorrect schema id for cose type (sigstore/rekor#979)

fix nil-pointer error when artifact-hash is passed without artifact (sigstore/rekor#965)

change default value for rekor_server.hostname to server's hostname (sigstore/rekor#963)

api: fix inclusion proof verification flake (sigstore/rekor#956)

Others

Update sccorecard-action to v2:alpha (sigstore/rekor#987)

add changelog for v0.11.0 release (sigstore/rekor#982)

remove trailing slash on directories (sigstore/rekor#984)

update builder and cosign images (sigstore/rekor#981)

Bump github.com/go-openapi/spec from 0.20.6 to 0.20.7 (sigstore/rekor#976)

Bump github.com/go-openapi/loads from 0.21.1 to 0.21.2 (sigstore/rekor#977)

Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 (sigstore/rekor#978)

Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (sigstore/rekor#975)

Bump github.com/mediocregopher/radix/v4 from 4.1.0 to 4.1.1 (sigstore/rekor#972)

Bump actions/github-script from 6.1.0 to 6.1.1 (sigstore/rekor#971)

Bump github.com/go-openapi/errors from 0.20.2 to 0.20.3 (sigstore/rekor#964)

Bump gopkg.in/ini.v1 from 1.66.6 to 1.67.0 (sigstore/rekor#960)

Bump go.uber.org/zap from 1.21.0 to 1.22.0 (sigstore/rekor#961)

Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 (sigstore/rekor#959)

Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 (sigstore/rekor#958)

Bump github/codeql-action from 2.1.17 to 2.1.18 (sigstore/rekor#955)

Bump golang from 1.18.4 to 1.18.5 (sigstore/rekor#950)

Bump golang from 6e10f44 to 8a62670 (sigstore/rekor#948)

Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (sigstore/rekor#947)

Contributors

Asra Ali (@asraa)

Azeem Shaikh (@azeemshaikh38)

Bob Callaway (@bobcallaway)

Carlos Tadeu Panato Junior (@cpanato)

Samsondeen (@dsa0x)

... (truncated)

Commits

b902fdc Update sccorecard-action to v2:alpha (#987)
b874488 add support for intersection & union in search operations (#968)
4dd242d add changelog for v0.11.0 release (#982)
9e65c7f remove trailing slash on directories (#984)
ecf2ea8 update builder and cosign images (#981)
a4c88b2 fix: make rekor verify work with sharded uuids (#970)
1c5801d Bump github.com/go-openapi/spec from 0.20.6 to 0.20.7 (#976)
63db2d2 fix incorrect schema id for cose type (#979)
90a69a1 Bump github.com/go-openapi/loads from 0.21.1 to 0.21.2 (#977)
1bde693 Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 (#978)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 0.10.0 to 0.11.0. - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

codecov-commenter · 2022-08-19T16:11:52Z

Codecov Report

Merging #2181 (20b0382) into main (d14412b) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2181   +/-   ##
=======================================
  Coverage   26.70%   26.70%           
=======================================
  Files         131      131           
  Lines        7689     7689           
=======================================
  Hits         2053     2053           
  Misses       5375     5375           
  Partials      261      261

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 19, 2022

dlorenc approved these changes Aug 19, 2022

View reviewed changes

dlorenc merged commit 67116f0 into main Aug 19, 2022

dependabot bot deleted the dependabot/go_modules/github.com/sigstore/rekor-0.11.0 branch August 19, 2022 16:36

github-actions bot added this to the v1.12.0 milestone Aug 19, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/sigstore/rekor from 0.10.0 to 0.11.0 #2181

Bump github.com/sigstore/rekor from 0.10.0 to 0.11.0 #2181

dependabot bot commented on behalf of github Aug 19, 2022

codecov-commenter commented Aug 19, 2022

Bump github.com/sigstore/rekor from 0.10.0 to 0.11.0 #2181

Bump github.com/sigstore/rekor from 0.10.0 to 0.11.0 #2181

Conversation

dependabot bot commented on behalf of github Aug 19, 2022

v0.11.0

What's Changed

New Contributors

v0.11.0

Enhancements

Bug Fixes

Others

Contributors

codecov-commenter commented Aug 19, 2022

Codecov Report