Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/sigstore
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.9.4
Choose a base ref
...
head repository: sigstore/sigstore
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.9.5
Choose a head ref
  • 16 commits
  • 23 files changed
  • 6 contributors

Commits on Apr 25, 2025

  1. Add context from opts to Azure signer (#2070) 

    * Add context from opts to Azure signer

Signed-off-by: ejahnGithub <ejahngithub@github.com>

* Update pkg/signature/kms/azure/signer.go

Co-authored-by: Cody Soyland <codysoyland@github.com>
Signed-off-by: Eugene <108841108+ejahnGithub@users.noreply.github.com>

---------

Signed-off-by: ejahnGithub <ejahngithub@github.com>
Signed-off-by: Eugene <108841108+ejahnGithub@users.noreply.github.com>
Co-authored-by: Cody Soyland <codysoyland@github.com>
    @ejahnGithub @codysoyland
    ejahnGithub and codysoyland authored Apr 25, 2025
    Configuration menu
    Copy the full SHA
    f0b4108 View commit details
    Browse the repository at this point in the history

Commits on May 6, 2025

  1. build(deps): Bump github.com/sigstore/sigstore (#2073) 

    Bumps the tools group with 1 update in the /test/fuzz directory: [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore).


Updates `github.com/sigstore/sigstore` from 1.9.3 to 1.9.4
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](v1.9.3...v1.9.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tools
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 6, 2025
    Configuration menu
    Copy the full SHA
    1928962 View commit details
    Browse the repository at this point in the history

  2. build(deps): Bump github.com/aws/aws-sdk-go (#2072) 

    Bumps the gomod group with 1 update in the /pkg/signature/kms/aws directory: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go).


Updates `github.com/aws/aws-sdk-go` from 1.55.6 to 1.55.7
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md)
- [Commits](aws/aws-sdk-go@v1.55.6...v1.55.7)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-version: 1.55.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 6, 2025
    Configuration menu
    Copy the full SHA
    171e0ec View commit details
    Browse the repository at this point in the history

  3. build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2071 

    )

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.229.0 to 0.230.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.229.0...v0.230.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.230.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 6, 2025
    Configuration menu
    Copy the full SHA
    d6edd37 View commit details
    Browse the repository at this point in the history

  4. build(deps): Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#… 

    …2075)

* build(deps): Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@1481404...4afd733)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update verify.yml

Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
    @dependabot @cpanato
    dependabot[bot] and cpanato authored May 6, 2025
    Configuration menu
    Copy the full SHA
    7e7a90a View commit details
    Browse the repository at this point in the history

  5. add RWMutex around providerMap to protect concurrent ops (#2077) 

    Signed-off-by: Bob Callaway <bcallaway@google.com>
    @bobcallaway
    bobcallaway authored May 6, 2025
    Configuration menu
    Copy the full SHA
    1052595 View commit details
    Browse the repository at this point in the history

Commits on May 13, 2025

  1. build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2084 

    )
    @dependabot
    dependabot[bot] authored May 13, 2025
    Configuration menu
    Copy the full SHA
    e2f3b71 View commit details
    Browse the repository at this point in the history

  2. build(deps): Bump the all group with 2 updates (#2078)

    @dependabot
    dependabot[bot] authored May 13, 2025
    Configuration menu
    Copy the full SHA
    1b0bd69 View commit details
    Browse the repository at this point in the history

  3. build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2082 

    )

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.37.0 to 0.38.0.
- [Commits](golang/crypto@v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 13, 2025
    Configuration menu
    Copy the full SHA
    d771343 View commit details
    Browse the repository at this point in the history

  4. build(deps): Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#2081) 

    Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.29.0 to 0.30.0.
- [Commits](golang/oauth2@v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 13, 2025
    Configuration menu
    Copy the full SHA
    7eafe24 View commit details
    Browse the repository at this point in the history

Commits on May 19, 2025

  1. build(deps): Bump actions/dependency-review-action in the all group (#… 

    …2085)

Bumps the all group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `actions/dependency-review-action` from 4.7.0 to 4.7.1
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@38ecb5b...da24556)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 19, 2025
    Configuration menu
    Copy the full SHA
    0996ba4 View commit details
    Browse the repository at this point in the history

  2. build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2088 

    )

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.232.0 to 0.233.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.232.0...v0.233.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.233.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 19, 2025
    Configuration menu
    Copy the full SHA
    540126b View commit details
    Browse the repository at this point in the history

  3. build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#… 

    …2087)

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/go-mgmt-sdk-release-guideline.md)
- [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.9.0...sdk/azcore/v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored May 19, 2025
    Configuration menu
    Copy the full SHA
    bbd546b View commit details
    Browse the repository at this point in the history

Commits on May 27, 2025

  1. build(deps): Bump the all group in /test/e2e with 3 updates (#2074) 

    * build(deps): Bump the all group in /test/e2e with 3 updates

Bumps the all group in /test/e2e with 3 updates: [dexidp/dex](https://github.com/dexidp/dex), localstack/localstack and hashicorp/vault.


Updates `dexidp/dex` from v2.42.0 to v2.42.1
- [Release notes](https://github.com/dexidp/dex/releases)
- [Commits](dexidp/dex@v2.42.0...v2.42.1)

Updates `localstack/localstack` from 4.2.0 to 4.3.0

Updates `hashicorp/vault` from 1.18.5 to 1.19.2

---
updated-dependencies:
- dependency-name: dexidp/dex
  dependency-version: v2.42.1
  dependency-type: direct:production
  dependency-group: all
- dependency-name: localstack/localstack
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: hashicorp/vault
  dependency-version: 1.19.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* handle prehashed appropriately for v1.19.0

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallaway@google.com>
    @dependabot @bobcallaway
    dependabot[bot] and bobcallaway authored May 27, 2025
    Configuration menu
    Copy the full SHA
    007cd79 View commit details
    Browse the repository at this point in the history

Commits on Jun 3, 2025

  1. build(deps): Bump the all group in /test/e2e with 3 updates (#2091) 

    Bumps the all group in /test/e2e with 3 updates: [dexidp/dex](https://github.com/dexidp/dex), localstack/localstack and hashicorp/vault.


Updates `dexidp/dex` from v2.42.1 to v2.43.1
- [Release notes](https://github.com/dexidp/dex/releases)
- [Commits](dexidp/dex@v2.42.1...v2.43.1)

Updates `localstack/localstack` from 4.3.0 to 4.4.0

Updates `hashicorp/vault` from 1.19.2 to 1.19.5

---
updated-dependencies:
- dependency-name: dexidp/dex
  dependency-version: v2.43.1
  dependency-type: direct:production
  dependency-group: all
- dependency-name: localstack/localstack
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: hashicorp/vault
  dependency-version: 1.19.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 3, 2025
    Configuration menu
    Copy the full SHA
    32d462f View commit details
    Browse the repository at this point in the history

Commits on Jun 9, 2025

  1. build(deps): Bump localstack/localstack in /test/e2e in the all group ( 

    …#2092)

Bumps the all group in /test/e2e with 1 update: localstack/localstack.


Updates `localstack/localstack` from 4.4.0 to 4.5.0

---
updated-dependencies:
- dependency-name: localstack/localstack
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jun 9, 2025
    Configuration menu
    Copy the full SHA
    75efc00 View commit details
    Browse the repository at this point in the history
Loading