community/cosign: upgrade to 1.10.0 (!37167) · Merge requests · alpine / aports

Patrycja Rosa requested to merge ptrcnull/aports:cosign into master Aug 02, 2022

https://github.com/sigstore/cosign/releases/tag/v1.10.0

v1.9.0...v1.10.0

Enhancements

Add env subcommand. (#2051)

feat: cert-extensions verify (#1626)

sign-blob: bundle should work independently (#2016)

Add --oidc-provider flag to specify which provider to use for ambient credentials (#1998)

Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore (#1866)

Add --platform flag to cosign sbom download (#1975)

Route deprectated -version to subcommand (#1854)

Add cyclonedx predicate type for attestations (#1977)

Updated Azure kms commands. (#1972)

Add spdxjson predicate type for attestations (#1974)

Drop tuf client dependency on GCS client library (#1967)

feat(fulcioroots): singleton error pattern (#1965)

tuf: improve TUF client concurrency and caching (#1953)

Separate RegExp matching of issuer/subject from strict (#1956)

Documention

update design doc link (#2077)

specs: fix list formatting on SIGNATURE_SPEC (#2030)

public-key: fix command description (#2024)

docs(readme): add installation steps for container image for cosign binary (#1986)

Add Cloudsmith Container Registry to tested registry list (#1966)

Bug Fixes

Fix OIDC test (#2050)

Use cosign.ConfirmPrompt more consistently (#2039)

chore: add note about SIGSTORE_REKOR_PUBLIC_KEY (#2040)

Fix #1378 create new attestation signature in replace mode if not existent (#2014)

encrypt values to create the github action secret (#1990)

fix/update post build job (#1983)

fix typos (#1982)

Edited Aug 02, 2022 by Patrycja Rosa

community/cosign: upgrade to 1.10.0

Enhancements

Documention

Bug Fixes

Merge request reports