Skip to content

community/cosign: upgrade to 1.10.0

Patrycja Rosa requested to merge ptrcnull/aports:cosign into master

https://github.com/sigstore/cosign/releases/tag/v1.10.0

v1.9.0...v1.10.0

Enhancements

  • Add env subcommand. (#2051)
  • feat: cert-extensions verify (#1626)
  • sign-blob: bundle should work independently (#2016)
  • Add --oidc-provider flag to specify which provider to use for ambient credentials (#1998)
  • Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore (#1866)
  • Add --platform flag to cosign sbom download (#1975)
  • Route deprectated -version to subcommand (#1854)
  • Add cyclonedx predicate type for attestations (#1977)
  • Updated Azure kms commands. (#1972)
  • Add spdxjson predicate type for attestations (#1974)
  • Drop tuf client dependency on GCS client library (#1967)
  • feat(fulcioroots): singleton error pattern (#1965)
  • tuf: improve TUF client concurrency and caching (#1953)
  • Separate RegExp matching of issuer/subject from strict (#1956)

Documention

  • update design doc link (#2077)
  • specs: fix list formatting on SIGNATURE_SPEC (#2030)
  • public-key: fix command description (#2024)
  • docs(readme): add installation steps for container image for cosign binary (#1986)
  • Add Cloudsmith Container Registry to tested registry list (#1966)

Bug Fixes

  • Fix OIDC test (#2050)
  • Use cosign.ConfirmPrompt more consistently (#2039)
  • chore: add note about SIGSTORE_REKOR_PUBLIC_KEY (#2040)
  • Fix #1378 create new attestation signature in replace mode if not existent (#2014)
  • encrypt values to create the github action secret (#1990)
  • fix/update post build job (#1983)
  • fix typos (#1982)
Edited by Patrycja Rosa

Merge request reports

Loading