KEMBAR78
Comparing v1.1.2...v1.1.3 · sigstore/sigstore-go · GitHub
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/sigstore-go
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.1.2
Choose a base ref
...
head repository: sigstore/sigstore-go
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.1.3
Choose a head ref
  • 4 commits
  • 9 files changed
  • 3 contributors

Commits on Sep 16, 2025

  1. Set user agent for TUF and Rekor v2 clients (#525) 

    This adds version-specific user agents for TUF and Rekor v2 calls,
matching what we have for Fulcio, the TSA, and Rekor v1.

Signed-off-by: Hayden <8418760+haydentherapper@users.noreply.github.com>
Co-authored-by: Hayden <8418760+haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper and haydentherapper authored Sep 16, 2025
    Configuration menu
    Copy the full SHA
    0701306 View commit details
    Browse the repository at this point in the history

Commits on Sep 23, 2025

  1. Bump the minor-patch group across 1 directory with 5 updates (#526) 

    Bumps the minor-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/sigstore/rekor-tiles](https://github.com/sigstore/rekor-tiles) | `0.1.10` | `0.1.11` |
| [github.com/sigstore/timestamp-authority](https://github.com/sigstore/timestamp-authority) | `1.2.8` | `1.2.9` |
| [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) | `2.1.1` | `2.2.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.41.0` | `0.42.0` |
| google.golang.org/protobuf | `1.36.8` | `1.36.9` |



Updates `github.com/sigstore/rekor-tiles` from 0.1.10 to 0.1.11
- [Release notes](https://github.com/sigstore/rekor-tiles/releases)
- [Changelog](https://github.com/sigstore/rekor-tiles/blob/main/Dockerfile.release)
- [Commits](sigstore/rekor-tiles@v0.1.10...v0.1.11)

Updates `github.com/sigstore/timestamp-authority` from 1.2.8 to 1.2.9
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](sigstore/timestamp-authority@v1.2.8...v1.2.9)

Updates `github.com/theupdateframework/go-tuf/v2` from 2.1.1 to 2.2.0
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml)
- [Commits](theupdateframework/go-tuf@v2.1.1...v2.2.0)

Updates `golang.org/x/crypto` from 0.41.0 to 0.42.0
- [Commits](golang/crypto@v0.41.0...v0.42.0)

Updates `google.golang.org/protobuf` from 1.36.8 to 1.36.9

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor-tiles
  dependency-version: 0.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/timestamp-authority
  dependency-version: 1.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 23, 2025
    Configuration menu
    Copy the full SHA
    4cd170a View commit details
    Browse the repository at this point in the history

Commits on Sep 26, 2025

  1. Add support for signing config for conformance test suite (#527) 

    The signing config along with a trusted root file may be passed to
sign-bundle. This adds support for the signing config when it's
provided.

Signed-off-by: Hayden <8418760+haydentherapper@users.noreply.github.com>
Co-authored-by: Hayden <8418760+haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper and haydentherapper authored Sep 26, 2025
    Configuration menu
    Copy the full SHA
    cbc9bf5 View commit details
    Browse the repository at this point in the history

  2. Add note regarding API compatibility when using signing config (#528) 

    As discussed in the Go meeting today, we want developers to be aware of
the consequences of using a signing config and always selecting the
highest API version, which may lead to verifiers unable to verify.

Signed-off-by: Hayden <8418760+haydentherapper@users.noreply.github.com>
Co-authored-by: Hayden <8418760+haydentherapper@users.noreply.github.com>
    @haydentherapper
    haydentherapper and haydentherapper authored Sep 26, 2025
    Configuration menu
    Copy the full SHA
    c79035f View commit details
    Browse the repository at this point in the history
Loading