Skip to content

v0.15.1

Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 12 Dec 14:31
d7f058e

Patch x/crypto/ssh

This is a small patch release to fix x/crypto/ssh vulnerability https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ

Changelog

Bug fixes

Dependency updates

Other work


Verifying the artifacts

First, download the checksums.txt file, for example, with wget:

wget 'https://github.com/charmbracelet/wishlist/releases/download/v0.15.1/checksums.txt'

Then, verify it using cosign:

cosign verify-blob \
  --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --cert 'https://github.com/charmbracelet/wishlist/releases/download/v0.15.1/checksums.txt.pem' \
  --signature 'https://github.com/charmbracelet/wishlist/releases/download/v0.15.1/checksums.txt.sig' \
  ./checksums.txt

If the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:

sha256sum --ignore-missing -c checksums.txt

Done! You artifacts are now verified!

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.