Skip to content

v0.4.0
Compare
Choose a tag to compare
@ChaosInTheCRD ChaosInTheCRD released this 17 May 17:00
· 137 commits to main since this release
v0.4.0
This tag was signed with the committer’s verified signature.
ChaosInTheCRD Tom Meadows
GPG key ID: 87942E75F71EF65D
Learn about vigilant mode.
5e04111
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

What's Changed

  • chore: bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in #175
  • chore: bump actions/download-artifact from 4.1.2 to 4.1.4 by @dependabot in #176
  • chore: bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 by @dependabot in #178
  • chore: bump github.com/aws/aws-sdk-go from 1.50.27 to 1.50.30 by @dependabot in #177
  • chore: bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 by @dependabot in #180
  • chore: bump gopkg.in/go-jose/go-jose.v2 from 2.6.2 to 2.6.3 by @dependabot in #179
  • chore: bump softprops/action-gh-release from 1 to 2 by @dependabot in #181
  • chore: bump google.golang.org/grpc from 1.62.0 to 1.62.1 by @dependabot in #182
  • chore: bump github.com/aws/aws-sdk-go-v2/service/kms from 1.29.1 to 1.29.2 by @dependabot in #183
  • chore: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #186
  • chore: bump github/codeql-action from 3.24.6 to 3.24.8 by @dependabot in #187
  • chore: bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #188
  • chore: bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.8 by @dependabot in #189
  • chore: bump github/codeql-action from 3.24.8 to 3.24.9 by @dependabot in #190
  • chore: bump softprops/action-gh-release from 2.0.3 to 2.0.4 by @dependabot in #191
  • chore: bump actions/dependency-review-action from 4.1.3 to 4.2.4 by @dependabot in #192
  • chore: bump github.com/aws/aws-sdk-go-v2/config from 1.27.8 to 1.27.9 by @dependabot in #193
  • chore: bump cloud.google.com/go/kms from 1.15.7 to 1.15.8 by @dependabot in #194
  • chore: bump k8s.io/apimachinery from 0.29.2 to 0.29.3 by @dependabot in #195
  • chore: bump github.com/aws/aws-sdk-go from 1.50.30 to 1.50.38 by @dependabot in #196
  • chore: bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @dependabot in #198
  • chore: bump github.com/aws/aws-sdk-go-v2 from 1.26.0 to 1.26.1 by @dependabot in #199
  • chore: bump github.com/sigstore/sigstore from 1.8.2 to 1.8.3 by @dependabot in #201
  • chore: bump github.com/aws/aws-sdk-go-v2/config from 1.27.9 to 1.27.10 by @dependabot in #200
  • unmarshal the time in the attestation collection correctly by @colek42 in #203
  • chore: bump github/codeql-action from 3.24.9 to 3.25.0 by @dependabot in #211
  • chore: bump github.com/aws/aws-sdk-go-v2/config from 1.27.10 to 1.27.11 by @dependabot in #207
  • chore: bump google.golang.org/grpc from 1.62.1 to 1.62.2 by @dependabot in #206
  • chore: bump github.com/sigstore/fulcio from 1.4.4 to 1.4.5 by @dependabot in #205
  • chore: bump golang.org/x/net from 0.22.0 to 0.23.0 in the go_modules group by @dependabot in #212
  • chore: bump k8s.io/apimachinery from 0.29.3 to 0.29.4 by @dependabot in #213
  • chore: bump github.com/aws/aws-sdk-go-v2/service/kms from 1.30.0 to 1.30.1 by @dependabot in #214
  • chore: bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #216
  • chore: bump actions/upload-artifact from 4.3.1 to 4.3.3 by @dependabot in #217
  • chore: bump go.step.sm/crypto from 0.44.2 to 0.44.8 by @dependabot in #220
  • chore: bump actions/download-artifact from 4.1.4 to 4.1.7 by @dependabot in #221
  • chore: bump github/codeql-action from 3.25.0 to 3.25.3 by @dependabot in #222
  • chore: bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #224
  • chore: bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 by @dependabot in #225
  • chore: bump google.golang.org/api from 0.176.0 to 0.176.1 by @dependabot in #226
  • chore: bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #232
  • chore: bump actions/dependency-review-action from 4.2.5 to 4.3.2 by @dependabot in #233
  • chore: bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #234
  • chore: bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in #235
  • chore: bump cloud.google.com/go/kms from 1.15.8 to 1.15.9 by @dependabot in #236
  • Improve Verify Error Responses by @ChaosInTheCRD in #210
  • verification attestor by @mikhailswift in #55
  • Link & SLSA attestor by @jkjell in #149
  • JSON Schemas for attestors with generation scripts by @ChaosInTheCRD in #197
  • Allow certificate inspection on policy signature verification (including fulcio extensions) by @ChaosInTheCRD in #246
  • chore: bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #237
  • chore: bump github/codeql-action from 3.25.3 to 3.25.5 by @dependabot in #238
  • chore: bump actions/checkout from 4.1.2 to 4.1.5 by @dependabot in #239
  • chore: bump softprops/action-gh-release from 2.0.4 to 2.0.5 by @dependabot in #240
  • chore: bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #241
  • chore: bump github.com/aws/aws-sdk-go-v2/config from 1.27.11 to 1.27.13 by @dependabot in #242
  • chore: bump google.golang.org/protobuf from 1.34.0 to 1.34.1 by @dependabot in #244
  • chore: bump github.com/in-toto/attestation from 1.0.1 to 1.0.2 by @dependabot in #245
  • chore: bump github.com/aws/aws-sdk-go-v2/service/kms from 1.31.0 to 1.31.1 by @dependabot in #243
  • BUG: verifyX509Time should return the verifier even if the verify fails (we want to get information about it later) by @ChaosInTheCRD in #247
  • Fix releaser permissions by @ChaosInTheCRD in #248

Full Changelog: v0.3.1...v0.4.0

Contributors

jkjell, mikhailswift, and 3 other contributors
Assets 2
Loading