Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/theupdateframework/go-tuf from 0.3.1 to 0.4.0 #669

Merged
merged 2 commits into from Sep 7, 2022
Merged

Bump github.com/theupdateframework/go-tuf from 0.3.1 to 0.4.0 #669

merged 2 commits into from Sep 7, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 6, 2022

Bumps github.com/theupdateframework/go-tuf from 0.3.1 to 0.4.0.

Release notes

Sourced from github.com/theupdateframework/go-tuf's releases.

v0.4.0

Changelog

Features

  • af3c7d6a7dff051e9ef4b965a1258df09249a13f: feat: Add new status command (#342) (@​doanac)
  • 4febe4c81aa17b39a87c1bab1c6592b347ff4a56: feat(keys): JSON unmarshal hardening. (#275) (@​Zenithar)

Bug fixes

  • 9020b3c884ca1456eaaa0656c3b2c25774a8d204: fix: Remove typo in Alternate signing flow (#344) (@​elfotografo007)
  • 9334b3fef99a16358f59895a47563f3061733c87: fix: Redirect passphrase output to Standard error (#343) (@​elfotografo007)
  • 2e6c62191fb27ac26b10dd7312d239ffd6c1e498: fix: require length and hashes for target metadata (#345) (@​asraa)
  • 37601e1635fdcf696f3f7bd6ad4ffbfd3f4488be: fix: filesystemStore fails to prepend target file hashes on Windows (#274) (@​torin-carey)
  • 2b415d0f0043dc434c63fb89321d3fa8638df78f: fix: update leveldb dependency (#350) (@​mfmarche)
  • 1b070ee8b8b11c15e1d54a69786e110a1d409715: fix: add leveldb recover ability (#352) (@​mfmarche)
  • 64ded1864de9e448e174d7270c66364d368eefe5: fix(verify): Fix a vulnerability in the verification of threshold signatures (due to handling of keys with multiple IDs) (#369) (@​cedricvanrompay-datadog)

Others

  • 529fccafdd0d27ca9741802ab8d5fb84f6c3476d: chore(deps): bump arnested/go-version-action from 1.1.3 to 1.1.4 (#334) (@​dependabot[bot])
  • f5f12b16b4267ab3b6c957db6e868a5a4345cc71: docs: Misc. docs fixes (#337) (@​znewman01)
  • 0f17236394883185030fd84d85c9bbb0af9cabe8: docs: Add release process info for maintainers (#336) (@​znewman01)
  • 40b67d26c82534912ab45fd734d5be26a852c64a: chore(deps): bump actions/setup-python from 4.0.0 to 4.1.0 (#340) (@​dependabot[bot])
  • 9d0031b6e8ba3115cdea083aad6f1398180659bf: chore(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#339) (@​dependabot[bot])
  • 768b63a553669a0f238c20fe532fc15a836b85ba: chore(deps): bump actions/setup-python from 4.1.0 to 4.2.0 (#351) (@​dependabot[bot])
  • 8124e8ab6c862f978e48d83c2947b491f41a527d: chore!: Remove deprecated client Init() function (#353) (@​znewman01)
  • 8b2d2abc064c267d218138b2cbb0c7fe301507e1: ci: Fix typo in Pull Request template (#355) (@​znewman01)
  • f3a48f74a347ab1a01fca80c370be423620ff499: refactor!: rename "InitLocal" to "Init" (#354) (@​znewman01)
  • ebbc6b8d12d861335a3fc6e7fd8c69a53acaa1e6: chore(deps): bump arnested/go-version-action from 1.1.4 to 1.1.5 (#359) (@​dependabot[bot])
  • 9b6c5030165254dce97ff510f01026b8d8336242: chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#361) (@​dependabot[bot])
  • d7ff71b6b12ef371ab654c45c15bae8fe2d79d84: test: Update Python interop tests to python-tuf v1.0.0 (#228) (@​znewman01)
  • ac7b5d7bce18cca5a84a28b021bd6372f450b35b: chore(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#366) (@​dependabot[bot])
  • 06ed59941769f55b7d54158a0be85a16a7475fa7: build: Use Go 1.17 for golangci linting and update golangci/golangci-lint-action (#364) (@​ethan-lowman-dd)
Commits
  • 06ed599 build: Use Go 1.17 for golangci linting and update golangci/golangci-lint-act...
  • 64ded18 fix(verify): Fix a vulnerability in the verification of threshold signatures...
  • ac7b5d7 chore(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#366)
  • d7ff71b test: Update Python interop tests to python-tuf v1.0.0 (#228)
  • 9b6c503 chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#361)
  • ebbc6b8 chore(deps): bump arnested/go-version-action from 1.1.4 to 1.1.5 (#359)
  • f3a48f7 refactor!: rename "InitLocal" to "Init" (#354)
  • 8b2d2ab ci: Fix typo in Pull Request template (#355)
  • 8124e8a chore!: Remove deprecated client Init() function (#353)
  • 1b070ee fix: add leveldb recover ability (#352)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/theupdateframework/go-tuf from 0.3.1 to 0.4.0
c41809c 
Bumps [github.com/theupdateframework/go-tuf](https://github.com/theupdateframework/go-tuf) from 0.3.1 to 0.4.0.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](theupdateframework/go-tuf@v0.3.1...v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Sep 6, 2022
@cpanato
InitLocal was renamed to Init
01652de 
Signed-off-by: cpanato <ctadeu@gmail.com>
@dlorenc dlorenc merged commit 56bd9cd into main Sep 7, 2022
@dlorenc dlorenc deleted the dependabot/go_modules/github.com/theupdateframework/go-tuf-0.4.0 branch September 7, 2022 11:05
mtrmac pushed a commit to mtrmac/sigstore that referenced this pull request Mar 10, 2023
add -allow-insecure-registry flag to permit unsecured container reg…
cd781b5 
…istries (sigstore#669)

Signed-off-by: Jake Sanders <jsand@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

@dekkagaijin dekkagaijin Awaiting requested review from dekkagaijin

@haydentherapper haydentherapper Awaiting requested review from haydentherapper

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cpanato @dlorenc