Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency sigstore/cosign to v2.4.2 #911

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency sigstore/cosign to v2.4.2 #911

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 6, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
sigstore/cosign patch v2.4.0 -> v2.4.2

Release Notes

sigstore/cosign (sigstore/cosign)

v2.4.2

Compare Source

Features

  • Updated open-policy-agent to 1.1.0 library (#​4036)
    • Note that only Rego v0 policies are supported at this time
  • Add UseSignedTimestamps to CheckOpts, refactor TSA options (#​4006)
  • Add support for verifying root checksum in cosign initialize (#​3953)
  • Detect if user supplied a valid protobuf bundle (#​3931)
  • Add a log message if user doesn't provide --trusted-root (#​3933)
  • Support mTLS towards container registry (#​3922)
  • Add bundle create helper command (#​3901)
  • Add trusted-root create helper command (#​3876)

Bug Fixes

  • fix: set tls config while retaining other fields from default http transport (#​4007)
  • policy fuzzer: ignore known panics (#​3993)
  • Fix for multiple WithRemote options (#​3982)
  • Add nightly conformance test workflow (#​3979)
  • Fix copy --only for signatures + update/align docs (#​3904)

Documentation

  • Remove usage.md from spec, point to client spec (#​3918)
  • move reference from gcr to ghcr (#​3897)

Contributors

  • AdamKorcz
  • Aditya Sirish
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Cody Soyland
  • Colleen Murphy
  • Hayden B
  • Jussi Kukkonen
  • Marco Franssen
  • Nianyu Shen
  • Slavek Kabrda
  • Søren Juul
  • Warren Hodgkinson
  • Zach Steindler

v2.4.1

Compare Source

v2.4.1 largely contains bug fixes and updates dependencies.

Features

  • Added fuzzing coverage to multiple packages

Bug Fixes

  • Fix bug in attest-blob when using a timestamp authority with new bundles (#​3877)
  • fix: documentation link for installation guide (#​3884)

Contributors

  • AdamKorcz
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Hayden B
  • Hemil K
  • Sota Sugiura
  • Zach Steindler

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner December 6, 2024 14:44
@renovate renovate bot changed the title chore(deps): update dependency sigstore/cosign to v2.4.1 chore(deps): update dependency sigstore/cosign to v2.4.2 Feb 4, 2025
@renovate renovate bot force-pushed the renovate/sigstore-cosign-2.x branch from 32749ba to 1f08d85 Compare February 4, 2025 22:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants