Releases: sigstore/timestamp-authority
Releases · sigstore/timestamp-authority
v1.2.3
What's Changed
- Bump go.step.sm/crypto from 0.43.0 to 0.43.1 by @dependabot in #639
- Bump actions/dependency-review-action from 4.1.0 to 4.1.1 by @dependabot in #640
- Bump actions/dependency-review-action from 4.1.1 to 4.1.2 by @dependabot in #641
- Bump go.uber.org/zap from 1.26.0 to 1.27.0 by @dependabot in #643
- Bump actions/dependency-review-action from 4.1.2 to 4.1.3 by @dependabot in #642
- Don't mark hash argument as required. by @kommendorkapten in #644
- Bump codecov/codecov-action from 4.0.1 to 4.1.0 by @dependabot in #646
- Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in #652
- Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.1 to 1.8.2 by @dependabot in #648
- Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.1 to 1.8.2 by @dependabot in #649
- Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.1 to 1.8.2 by @dependabot in #650
- Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.1 to 1.8.2 by @dependabot in #651
- Bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 by @dependabot in #653
- Bump github.com/go-openapi/strfmt from 0.22.0 to 0.22.1 by @dependabot in #654
- Bump github.com/go-openapi/spec from 0.20.14 to 0.20.15 by @dependabot in #656
- Bump github.com/go-openapi/loads from 0.21.5 to 0.21.6 by @dependabot in #657
- Bump github.com/go-playground/validator/v10 from 10.18.0 to 10.19.0 by @dependabot in #660
- Bump actions/cache from 4.0.0 to 4.0.1 by @dependabot in #655
- Bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #662
- Bump github.com/go-openapi/runtime from 0.27.1 to 0.27.2 by @dependabot in #661
- Bump github.com/golang/protobuf from 1.5.3 to 1.5.4 by @dependabot in #663
- Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #664
- Bump anchore/sbom-action from 0.15.8 to 0.15.9 by @dependabot in #666
- Bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 by @dependabot in #668
- Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @dependabot in #667
- Bump github.com/go-openapi/runtime from 0.27.2 to 0.28.0 by @dependabot in #673
- Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #674
- Bump cloud.google.com/go/security from 1.15.5 to 1.15.6 by @dependabot in #675
- Bump go.step.sm/crypto from 0.43.1 to 0.44.0 by @dependabot in #677
- Bump go.step.sm/crypto from 0.44.0 to 0.44.1 by @dependabot in #681
- Bump actions/dependency-review-action from 4.1.3 to 4.2.3 by @dependabot in #678
- Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0 by @dependabot in #680
- Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 by @dependabot in #679
- Bump actions/cache from 4.0.1 to 4.0.2 by @dependabot in #676
- Bump actions/dependency-review-action from 4.2.3 to 4.2.4 by @dependabot in #682
- Bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @dependabot in #683
- Bump anchore/sbom-action from 0.15.9 to 0.15.10 by @dependabot in #684
- Bump codecov/codecov-action from 4.1.0 to 4.1.1 by @dependabot in #685
- Bump go.step.sm/crypto from 0.44.1 to 0.44.2 by @dependabot in #686
- Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.2 to 1.8.3 by @dependabot in #691
- Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.2 to 1.8.3 by @dependabot in #687
- Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.2 to 1.8.3 by @dependabot in #688
- Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.2 to 1.8.3 by @dependabot in #689
- Bump github.com/sigstore/sigstore from 1.8.2 to 1.8.3 by @dependabot in #690
- Bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.0 by @dependabot in #692
- Bump codecov/codecov-action from 4.1.1 to 4.2.0 by @dependabot in #695
- Bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #693
- Bump golang.org/x/net from 0.23.0 to 0.24.0 by @dependabot in #696
- Bump sigs.k8s.io/release-utils from 0.8.0 to 0.8.1 by @dependabot in #697
- Bump codecov/codecov-action from 4.2.0 to 4.3.0 by @dependabot in #698
- Bump go.step.sm/crypto from 0.44.2 to 0.44.3 by @dependabot in #699
- Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #700
- Bump go.step.sm/crypto from 0.44.3 to 0.44.5 by @dependabot in #702
- Bump cloud.google.com/go/security from 1.15.6 to 1.16.0 by @dependabot in #701
- Bump go.step.sm/crypto from 0.44.5 to 0.44.6 by @dependabot in #703
- Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #704
- Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #705
- Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #706
- Bump go.step.sm/crypto from 0.44.6 to 0.44.7 by @dependabot in #708
- Bump github.com/rs/cors from 1.10.1 to 1.11.0 by @dependabot in #709
- Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #712
- Bump dependabot/fetch-metadata from 2.0.0 to 2.1.0 by @dependabot in #711
- Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #710
- Bump go.step.sm/crypto from 0.44.7 to 0.44.8 by @dependabot in #714
- Bump anchore/sbom-action from 0.15.10 to 0.15.11 by @dependabot in #713
- Bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #715
- Bump actions/dependency-review-action from 4.2.5 to 4.3.1 by @dependabot in #716
- Bump github.com/go-playground/validator/v10 from 10.19.0 to 10.20.0 by @dependabot in #717
- Bump google.golang.org/protobuf from 1.33.0 to 1.34.0 by @dependabot in #718
- Bump actions/dependency-review-action from 4.3.1 to 4.3.2 by @dependabot in #719
- Bump codecov/codecov-action from 4.3.0 to 4.3.1 by @dependabot in #720
- Bump cloud.google.com/go/security from 1.16.0 to 1.16.1 by @dependabot in #721
- Bump github.com/beevik/ntp from 1.3.1 to 1.4.1 by @dependabot in #724
- Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #723
- Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by @dependabot in #707
- Bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in http...
v1.2.2
v1.2.2
Changes
Bug fixes
- Go checksum database error on installation due to deleting a tag
Misc
- Dependabot updates
v1.2.1
v1.2.0
v1.2.0
v1.2.0 is based on Go 1.21.3.
Changes
Enhancements
- Support other hash algs for pre-signed timestamp besides SHA256 (#488)
- new http-ping-only flag for 'timestamp-server serve' (#474)
Bug Fixes
- Fix bug where TSA signing fails if cert hash != content hash. (#465)
Misc
Contributors
- Billy Lynch
- Carlos Tadeu Panato Junior
- Dmitry Savintsev
- Hayden B
v1.1.2
Changelog
1.1.2 fixes a signing related hash function bug and a typo.
Changes
Bug Fixes
- Fix hash function hardcoding bug by updating dependency (#452)
Misc
Contributors
- Carlos Tadeu Panato Junior
- Dmitry Savintsev
- Meredith Lancaster
Full Changelog: v1.1.1...v1.1.2
v1.1.1
Changelog
1.1.1 fixes a bug in the JSON format timestamp request code.
Changes
Bug Fixes
- Update how the JSON body is parsed (#343)
Contributors
- Meredith Lancaster
Full Changelog: v1.1.0...v1.1.1
v1.1.0
Changelog
1.1.0 now supports making timestamp requests in JSON format in addition to DER encoded format.
Changes
Enhancements
- Support timestamp requests in JSON format (#247)
Misc
- Fix typo in README (#294)
Contributors
- Andrea Cosentino
- Meredith Lancaster
Full Changelog: v1.0.0...v1.1.0
v1.0.0
Changelog
1.0 release of the timestamp authority. Thank you to all of the contributors!
v1.0.0-rc.1
v1.0.0-rc.0
Changelog
SLSA provenance is now uploaded with each release. Use slsa-verifier to verify the release.
Misc
- Mock NTP client (#217)
Contributors
- Carlos Tadeu Panato Junior
- Hayden B
- Meredith Lancaster
Full Changelog: v0.2.1...v1.0.0-rc.0