Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/sigstore
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.9.1
Choose a base ref
...
head repository: sigstore/sigstore
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.9.2
Choose a head ref
  • 13 commits
  • 36 files changed
  • 6 contributors

Commits on Mar 11, 2025

  1. Add tink package (#2024) 

    Copy in the tink package from Rekor v1 so that it can be used by other
services.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
    @cmurphy
    cmurphy authored Mar 11, 2025
    Configuration menu
    Copy the full SHA
    c049f8d View commit details
    Browse the repository at this point in the history

Commits on Mar 12, 2025

  1. build(deps): Bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 (#2019) 

    Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.27.0 to 0.28.0.
- [Commits](golang/oauth2@v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 12, 2025
    Configuration menu
    Copy the full SHA
    04df6e4 View commit details
    Browse the repository at this point in the history

Commits on Mar 13, 2025

  1. build(deps): Bump golang.org/x/net in /pkg/signature/kms/hashivault (#… 

    …2025)
    @dependabot
    dependabot[bot] authored Mar 13, 2025
    Configuration menu
    Copy the full SHA
    0e0ac2e View commit details
    Browse the repository at this point in the history

Commits on Mar 27, 2025

  1. build(deps): Bump the gomod group across 1 directory with 2 updates (#… 

    …2033)

Bumps the gomod group with 2 updates in the /pkg/signature/kms/gcp directory: [cloud.google.com/go/kms](https://github.com/googleapis/google-cloud-go) and google.golang.org/protobuf.


Updates `cloud.google.com/go/kms` from 1.21.0 to 1.21.1
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](googleapis/google-cloud-go@kms/v1.21.0...dlp/v1.21.1)

Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6

---
updated-dependencies:
- dependency-name: cloud.google.com/go/kms
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 27, 2025
    Configuration menu
    Copy the full SHA
    1eddf92 View commit details
    Browse the repository at this point in the history

  2. build(deps): Bump golang.org/x/net in /pkg/signature/kms/azure (#2034) 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.35.0 to 0.36.0.
- [Commits](golang/net@v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 27, 2025
    Configuration menu
    Copy the full SHA
    77973f8 View commit details
    Browse the repository at this point in the history

  3. build(deps): Bump the all group across 1 directory with 3 updates (#2032 

    )

Bumps the all group with 3 updates in the / directory: [actions/setup-go](https://github.com/actions/setup-go), [actions/cache](https://github.com/actions/cache) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/setup-go` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@f111f33...0aaccfd)

Updates `actions/cache` from 4.2.2 to 4.2.3
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@d4323d4...5a3ec84)

Updates `actions/upload-artifact` from 4.6.1 to 4.6.2
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@4cec3d8...ea165f8)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 27, 2025
    Configuration menu
    Copy the full SHA
    d2fa167 View commit details
    Browse the repository at this point in the history

  4. build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2028 

    )

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.224.0 to 0.226.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.224.0...v0.226.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 27, 2025
    Configuration menu
    Copy the full SHA
    8489e15 View commit details
    Browse the repository at this point in the history

Commits on Mar 31, 2025

  1. change how we copy keys (#2036) 

    Signed-off-by: Bob Callaway <bcallaway@google.com>
    @bobcallaway
    bobcallaway authored Mar 31, 2025
    Configuration menu
    Copy the full SHA
    9e5a36c View commit details
    Browse the repository at this point in the history

Commits on Apr 5, 2025

  1. Update linter to v2 (#2041) 

    Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper authored Apr 5, 2025
    Configuration menu
    Copy the full SHA
    ac746e0 View commit details
    Browse the repository at this point in the history

Commits on Apr 8, 2025

  1. pkg/signature: add P384/P521 compatibility algo to algorithm registry ( 

    …#2037)

* Update protobuf-specs

Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com>

* pkg/signature: add P384/P521 compatibility algo to algorithm registry

Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com>

* pkg/signature: fix linting

Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com>

---------

Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com>
    @ret2libc
    ret2libc authored Apr 8, 2025
    Configuration menu
    Copy the full SHA
    e842090 View commit details
    Browse the repository at this point in the history

  2. build(deps): Bump actions/dependency-review-action in the all group (#… 

    …2044)

Bumps the all group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `actions/dependency-review-action` from 4.5.0 to 4.6.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@3b139cf...ce3cf95)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 8, 2025
    Configuration menu
    Copy the full SHA
    a14c5f0 View commit details
    Browse the repository at this point in the history

  3. build(deps): Bump the gomod group across 1 directory with 2 updates (#… 

    …2046)

Bumps the gomod group with 2 updates in the /pkg/signature/kms/aws directory: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/kms](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2/config` from 1.29.9 to 1.29.13
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@config/v1.29.9...config/v1.29.13)

Updates `github.com/aws/aws-sdk-go-v2/service/kms` from 1.38.1 to 1.38.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.38.1...service/s3/v1.38.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.29.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/aws/aws-sdk-go-v2/service/kms
  dependency-version: 1.38.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 8, 2025
    Configuration menu
    Copy the full SHA
    0a5d37c View commit details
    Browse the repository at this point in the history

  4. Bump deps (#2047) 

    * Bump deps

Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>

* go mod tidy

Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>

---------

Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
Co-authored-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper and haydentherapper authored Apr 8, 2025
    Configuration menu
    Copy the full SHA
    404e5b5 View commit details
    Browse the repository at this point in the history
Loading