KEMBAR78
Comparing v1.1.0...v1.1.1 · sigstore/sigstore-go · GitHub
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/sigstore-go
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.1.0
Choose a base ref
...
head repository: sigstore/sigstore-go
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.1.1
Choose a head ref
  • 5 commits
  • 14 files changed
  • 4 contributors

Commits on Jul 29, 2025

  1. Make conformance compatible with rekor v2 (#505) 

    Bundles with entries from rekor v2 will not have inclusion
promises or integrated time

Signed-off-by: Appu Goundan <appu@google.com>
    @loosebazooka
    loosebazooka authored Jul 29, 2025
    Configuration menu
    Copy the full SHA
    f8877fc View commit details
    Browse the repository at this point in the history

  2. Update GetSigningConfig to use signing_config.v0.2.json (#506) 

    Signed-off-by: Facundo Tuesca <facundo.tuesca@trailofbits.com>
    @facutuesca
    facutuesca authored Jul 29, 2025
    Configuration menu
    Copy the full SHA
    3bd742e View commit details
    Browse the repository at this point in the history

Commits on Aug 1, 2025

  1. Refactor SelectService to return Service rather than URL, add support… 

    …ed API versions (#503)

Each signing service implementation sets a global variable for the list
of URLs supported. This avoids clients that use the signing APIs needing
to know which set of service API versions are supported when selecting
services.

This also refactors ServiceService(s) to return the Service struct
itself rather than just a URL, since a signer will need to know the API
version when initializing its client, like for Rekor.

Also removed unnecessary nolints after un-deprecating TrustedRoot's
LogId.

Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper authored Aug 1, 2025
    Configuration menu
    Copy the full SHA
    37e45ae View commit details
    Browse the repository at this point in the history

Commits on Aug 4, 2025

  1. Remove noisy log message (#507) 

    When initializing trusted material in Cosign, on every signing and verification that uses the new bundle format, this message would print. Removing it since it doesn't provide much value.

Signed-off-by: Hayden <haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper authored Aug 4, 2025
    Configuration menu
    Copy the full SHA
    d20c39f View commit details
    Browse the repository at this point in the history

Commits on Aug 5, 2025

  1. Bump the minor-patch group across 2 directories with 2 updates (#508) 

    Bumps the minor-patch group with 2 updates in the / directory: [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) and [github.com/sigstore/rekor](https://github.com/sigstore/rekor).
Bumps the minor-patch group with 2 updates in the /examples/oci-image-verification directory: [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) and [github.com/sigstore/rekor](https://github.com/sigstore/rekor).


Updates `github.com/secure-systems-lab/go-securesystemslib` from 0.9.0 to 0.9.1
- [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases)
- [Commits](secure-systems-lab/go-securesystemslib@v0.9.0...v0.9.1)

Updates `github.com/sigstore/rekor` from 1.3.10 to 1.4.0
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.3.10...v1.4.0)

Updates `github.com/secure-systems-lab/go-securesystemslib` from 0.9.0 to 0.9.1
- [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases)
- [Commits](secure-systems-lab/go-securesystemslib@v0.9.0...v0.9.1)

Updates `github.com/sigstore/rekor` from 1.3.10 to 1.4.0
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.3.10...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/secure-systems-lab/go-securesystemslib
  dependency-version: 0.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: github.com/secure-systems-lab/go-securesystemslib
  dependency-version: 0.9.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Aug 5, 2025
    Configuration menu
    Copy the full SHA
    d9ac070 View commit details
    Browse the repository at this point in the history
Loading