v1.13.0

Highlights

• For users who have deployed a private instance of Fulcio release v0.6.x and issue certificates with the Username identity, you will need to upgrade to use this version."

What's Changed

• add changelog for v1.12.1 by @cpanato in #2270
• deps: update sigstore/sigstore by @asraa in #2271
• chore(deps): bump github/codeql-action from 2.1.24 to 2.1.25 by @dependabot in #2274
• feat: use stdin as an input for predicate by @developer-guy in #2269
• feat: improve the verification message by @developer-guy in #2268
• use scaffolding 0.4.8 for tests. by @vaikas in #2280
• chore(deps): bump actions/dependency-review-action from 2.3.0 to 2.4.0 by @dependabot in #2281
• fix pivtool generate key touch policy by @cpanato in #2282
• Check error on chain verification failure by @haydentherapper in #2284
• Fix: Remove an extra registry request from verification path. by @mattmoor in #2285
• Fix: Create a static copy of signatures as part of verification. by @mattmoor in #2287
• Data race in FetchSignaturesForReference by @RTann in #2283
• Add support for Fulcio username identity in SAN by @haydentherapper in #2291
• fix: make tlog entry lookups for online verification shard-aware by @asraa in #2297
• Better help text to sign and verify SBOM by @ChristianCiach in #2308
• Adding warning to pin to digest by @ChaosInTheCRD in #2311
• Add annotations for upload blob. by @cldmnky in #2188
• replace deprecate package by @cpanato in #2314
• update release images to use go1.19.2 and cosign v1.12.1 by @cpanato in #2315

New Contributors

• @RTann made their first contribution in #2283
• @ChristianCiach made their first contribution in #2308
• @ChaosInTheCRD made their first contribution in #2311
• @cldmnky made their first contribution in #2188

Full Changelog: v1.12.1...v1.13.0