Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/sigstore
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.8.0
Choose a base ref
...
head repository: sigstore/sigstore
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.8.1
Choose a head ref
  • 15 commits
  • 18 files changed
  • 3 contributors

Commits on Dec 25, 2023

  1. build(deps): Bump the all group in /pkg/signature/kms/gcp with 1 update 

    Bumps the all group in /pkg/signature/kms/gcp with 1 update: google.golang.org/protobuf.


Updates `google.golang.org/protobuf` from 1.31.0 to 1.32.0

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Dec 25, 2023
    Configuration menu
    Copy the full SHA
    a6f2367 View commit details
    Browse the repository at this point in the history

Commits on Dec 26, 2023

  1. build(deps): Bump the all group in /test/fuzz with 2 updates 

    Bumps the all group in /test/fuzz with 2 updates: [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) and [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore).


Updates `github.com/secure-systems-lab/go-securesystemslib` from 0.7.0 to 0.8.0
- [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases)
- [Commits](secure-systems-lab/go-securesystemslib@v0.7.0...v0.8.0)

Updates `github.com/sigstore/sigstore` from 1.7.6 to 1.8.0
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](v1.7.6...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/secure-systems-lab/go-securesystemslib
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Dec 26, 2023
    Configuration menu
    Copy the full SHA
    4180b96 View commit details
    Browse the repository at this point in the history

  2. build(deps): Bump the all group in /pkg/signature/kms/aws with 3 updates 

    Bumps the all group in /pkg/signature/kms/aws with 3 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/kms](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go` from 1.49.4 to 1.49.9
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md)
- [Commits](aws/aws-sdk-go@v1.49.4...v1.49.9)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.26.1 to 1.26.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.26.1...config/v1.26.2)

Updates `github.com/aws/aws-sdk-go-v2/service/kms` from 1.27.6 to 1.27.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.27.6...service/s3/v1.27.7)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/aws/aws-sdk-go-v2/service/kms
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Dec 26, 2023
    Configuration menu
    Copy the full SHA
    93e5c52 View commit details
    Browse the repository at this point in the history

  3. build(deps): Bump the all group with 1 update 

    Bumps the all group with 1 update: [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud).


Updates `google-github-actions/setup-gcloud` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/google-github-actions/setup-gcloud/releases)
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/setup-gcloud@8251968...5a5f7b8)

---
updated-dependencies:
- dependency-name: google-github-actions/setup-gcloud
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Dec 26, 2023
    Configuration menu
    Copy the full SHA
    1064a8d View commit details
    Browse the repository at this point in the history

Commits on Jan 2, 2024

  1. build(deps): Bump the all group in /pkg/signature/kms/aws with 1 update 

    Bumps the all group in /pkg/signature/kms/aws with 1 update: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go).


Updates `github.com/aws/aws-sdk-go` from 1.49.9 to 1.49.13
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](aws/aws-sdk-go@v1.49.9...v1.49.13)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Jan 2, 2024
    Configuration menu
    Copy the full SHA
    e7caf67 View commit details
    Browse the repository at this point in the history

Commits on Jan 4, 2024

  1. Added kms support for AWS China region (#1582) 

    Support for ARN in AWS China uses arn:aws-cn:kms:[region]:[account_id]:key/[kms_id].

Signed-off-by: maaiika <chin@maaiika.com>
    @maaiika
    maaiika authored Jan 4, 2024
    Configuration menu
    Copy the full SHA
    7ae64bc View commit details
    Browse the repository at this point in the history

Commits on Jan 8, 2024

  1. build(deps): Bump the all group 

    Bumps the all group in /pkg/signature/kms/azure with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.17.0 to 0.18.0
- [Commits](golang/crypto@v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Jan 8, 2024
    Configuration menu
    Copy the full SHA
    c201544 View commit details
    Browse the repository at this point in the history

  2. build(deps): Bump the all group with 1 update 

    Bumps the all group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `actions/dependency-review-action` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@01bc870...c74b580)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Jan 8, 2024
    Configuration menu
    Copy the full SHA
    e13edfd View commit details
    Browse the repository at this point in the history

  3. build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates 

    Bumps the all group in /pkg/signature/kms/aws with 4 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go), [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/kms](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go` from 1.49.13 to 1.49.16
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](aws/aws-sdk-go@v1.49.13...v1.49.16)

Updates `github.com/aws/aws-sdk-go-v2` from 1.24.0 to 1.24.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.24.0...v1.24.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.26.2 to 1.26.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.26.2...config/v1.26.3)

Updates `github.com/aws/aws-sdk-go-v2/service/kms` from 1.27.7 to 1.27.9
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.27.7...service/s3/v1.27.9)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/aws/aws-sdk-go-v2/service/kms
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Jan 8, 2024
    Configuration menu
    Copy the full SHA
    3301ba9 View commit details
    Browse the repository at this point in the history

  4. build(deps): Bump the all group in /pkg/signature/kms/gcp with 1 update 

    Bumps the all group in /pkg/signature/kms/gcp with 1 update: [google.golang.org/api](https://github.com/googleapis/google-api-go-client).


Updates `google.golang.org/api` from 0.154.0 to 0.155.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.154.0...v0.155.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Jan 8, 2024
    Configuration menu
    Copy the full SHA
    519585c View commit details
    Browse the repository at this point in the history

Commits on Jan 15, 2024

  1. build(deps): Bump the all group in /pkg/signature/kms/aws with 1 update 

    Bumps the all group in /pkg/signature/kms/aws with 1 update: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go).


Updates `github.com/aws/aws-sdk-go` from 1.49.16 to 1.49.21
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](aws/aws-sdk-go@v1.49.16...v1.49.21)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    7b743fa View commit details
    Browse the repository at this point in the history

  2. build(deps): Bump the all group with 3 updates 

    Bumps the all group with 3 updates: [actions/cache](https://github.com/actions/cache), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [google-github-actions/auth](https://github.com/google-github-actions/auth).


Updates `actions/cache` from 3.3.2 to 3.3.3
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@704facf...e12d46a)

Updates `actions/upload-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@c7d193f...1eb3cb2)

Updates `google-github-actions/auth` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/auth@67e9c72...f6de816)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    16fcae0 View commit details
    Browse the repository at this point in the history

  3. build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates 

    Bumps the all group in /pkg/signature/kms/gcp with 2 updates: [golang.org/x/oauth2](https://github.com/golang/oauth2) and [google.golang.org/api](https://github.com/googleapis/google-api-go-client).


Updates `golang.org/x/oauth2` from 0.15.0 to 0.16.0
- [Commits](golang/oauth2@v0.15.0...v0.16.0)

Updates `google.golang.org/api` from 0.155.0 to 0.156.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.155.0...v0.156.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @cpanato
    dependabot[bot] authored and cpanato committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    a0ab357 View commit details
    Browse the repository at this point in the history

Commits on Jan 16, 2024

  1. build(deps): Bump golang.org/x/term from 0.15.0 to 0.16.0 (#1592) 

    * build(deps): Bump golang.org/x/term from 0.15.0 to 0.16.0

Bumps [golang.org/x/term](https://github.com/golang/term) from 0.15.0 to 0.16.0.
- [Commits](golang/term@v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* go mod tidy in submodules

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallaway@google.com>
    @dependabot @bobcallaway
    dependabot[bot] and bobcallaway authored Jan 16, 2024
    Configuration menu
    Copy the full SHA
    f383bb0 View commit details
    Browse the repository at this point in the history

  2. build(deps): Bump the all group with 2 updates (#1597) 

    * build(deps): Bump the all group with 2 updates

Bumps the all group with 2 updates: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/oauth2](https://github.com/golang/oauth2).


Updates `golang.org/x/crypto` from 0.17.0 to 0.18.0
- [Commits](golang/crypto@v0.17.0...v0.18.0)

Updates `golang.org/x/oauth2` from 0.15.0 to 0.16.0
- [Commits](golang/oauth2@v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* go mod tidy

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallaway@google.com>
    @dependabot @bobcallaway
    dependabot[bot] and bobcallaway authored Jan 16, 2024
    Configuration menu
    Copy the full SHA
    358f542 View commit details
    Browse the repository at this point in the history
Loading