Cosign v1.5.1 Release Notes
-
🐛 Bug Fixes
- ➕ add check to make sure the go modules are in sync (https://github.com/sigstore/cosign/pull/1369)
- ⚡️ Update verify-blob to support DSSEs (https://github.com/sigstore/cosign/pull/1355)
Documention
- 📄 docs: verify-attestation cue and rego policy doc (https://github.com/sigstore/cosign/pull/1362)
- README: fix link to race conditions (https://github.com/sigstore/cosign/pull/1367)
Others
- ⬆️ Bump sigstore/sigstore to pick up oidc login for vault. (https://github.com/sigstore/cosign/pull/1377)
- ⬆️ Bump google.golang.org/api from 0.65.0 to 0.66.0 (https://github.com/sigstore/cosign/pull/1371)
- 🔦 expose dafaults fulcio, rekor, oidc issuer urls (https://github.com/sigstore/cosign/pull/1368)
- ⬆️ Bump cloud.google.com/go/storage from 1.18.2 to 1.19.0 (https://github.com/sigstore/cosign/pull/1365)
- ⚡️ organize, update select deps (https://github.com/sigstore/cosign/pull/1358)
- ⬆️ Bump go-containerregistry to pick up ACR keychain fix (https://github.com/sigstore/cosign/pull/1357)
- ⬆️ Bump github.com/go-openapi/runtime from 0.21.0 to 0.21.1 (https://github.com/sigstore/cosign/pull/1352)
- 🔀 sync go modules (https://github.com/sigstore/cosign/pull/1353)
Contributors
- Batuhan Apaydın (@developer-guy)
- Carlos Tadeu Panato Junior (@cpanato)
- Dan Lorenc (@dlorenc)
- Jake Sanders (@dekkagaijin)
- Jason Hall (@imjasonh)
- Mark Lodato (@MarkLodato)
- Rémy Greinhofer (@rgreinho)