Releases: notaryproject/notation-go
Releases · notaryproject/notation-go
v1.1.1
Vote PASSED [+4 -0]: #412
What's Changed
- fix: update error message by @JeyJeyGao in #380
- bump: bump up oras-go and image-spec by @Two-Hearts in #381
- chore: start using plugin-framework package by @priteshbandi in #372
- build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 by @dependabot in #383
- build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc6 to 1.1.0 by @dependabot in #385
- build(deps): bump golang.org/x/mod from 0.14.0 to 0.15.0 by @dependabot in #384
- chore: updated/added deprecation message by @priteshbandi in #382
- build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 by @dependabot in #387
- feat: add support for signing blob by @priteshbandi in #379
- chore: add GitHub action for stale issues and PRs by @yizha1 in #365
- build(deps): bump golang.org/x/crypto from 0.20.0 to 0.21.0 by @dependabot in #389
- build(deps): bump golang.org/x/mod from 0.15.0 to 0.16.0 by @dependabot in #388
- fix: Add contract version to plugin sign request and plugin verify request by @priteshbandi in #390
- bump: bump golang and dependency versions by @Two-Hearts in #392
- build(deps): bump actions/stale from 8 to 9 by @dependabot in #391
- Moved org maintainers to emeritus by @toddysm in #393
- build(deps): bump golang.org/x/mod from 0.16.0 to 0.17.0 by @dependabot in #397
- build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.6 to 3.4.7 by @dependabot in #395
- build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.7 to 3.4.8 by @dependabot in #399
- build(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 by @dependabot in #396
- build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0 by @dependabot in #403
- test: improve test coverage to 80% by @JeyJeyGao in #405
- fix: error message for dangling reference index by @JeyJeyGao in #402
- bump: bump up notation-core-go v1.0.3 by @JeyJeyGao in #407
- ci: enable ci for release branch by @JeyJeyGao in #409
- revert: "feat: add support for signing blob (#379)" by @JeyJeyGao in #411
Full Changelog: v1.1.0...v1.1.1
v1.1.0
Vote PASSED [+4 -0]: #378
What's Changed
- build(deps): bump golang.org/x/mod from 0.13.0 to 0.14.0 by @dependabot in #361
- build(deps): bump golang.org/x/crypto from 0.14.0 to 0.15.0 by @dependabot in #362
- feat: add uninstall to CLIManager by @Two-Hearts in #363
- docs: update README to align with the new project brand by @FeynmanZhou in #343
- build(deps): bump golang.org/x/crypto from 0.15.0 to 0.16.0 by @dependabot in #366
- feat: add install method to plugin CLIManager by @Two-Hearts in #364
- build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #367
- feat: plugin install iteration 2 by @Two-Hearts in #369
- Updated CODEOWNERS and MAINTAINERS files by @toddysm in #370
- build(deps): bump golang.org/x/crypto from 0.17.0 to 0.18.0 by @dependabot in #373
- fix: improve plugin error message by @JeyJeyGao in #371
- fix: update PluginExecutableFileError type by @JeyJeyGao in #375
- bump: bump up notation-core-go by @Two-Hearts in #377
New Contributors
- @FeynmanZhou made their first contribution in #343
Full Changelog: v1.0.1...v1.1.0
v1.0.1
Vote PASSED [+4 -0]: #360
What's Changed
- build(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 by @dependabot in #344
- chore: update go version to 1.20 by @Two-Hearts in #349
- build(deps): bump golang.org/x/crypto from 0.12.0 to 0.13.0 by @dependabot in #350
- bump: update oras-go to v2.3.0 by @JeyJeyGao in #347
- build(deps): bump golang.org/x/mod from 0.12.0 to 0.13.0 by @dependabot in #356
- build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.5 to 3.4.6 by @dependabot in #351
- build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc4 to 1.1.0-rc5 by @dependabot in #352
- build(deps): bump golang.org/x/crypto from 0.13.0 to 0.14.0 by @dependabot in #355
- build(deps): bump oras.land/oras-go/v2 from 2.3.0 to 2.3.1 by @dependabot in #359
- build(deps): bump github.com/notaryproject/notation-core-go from 1.0.0 to 1.0.1 by @dependabot in #358
- fix: update error message from notation-go by @Two-Hearts in #345
Full Changelog: v1.0.0...v1.0.1
v1.0.0
Vote PASSED [+5 -0]: #341
What's Changed
- chore: add issue template by @yizha1 in #293
- build(deps): bump golang.org/x/mod from 0.10.0 to 0.11.0 by @dependabot in #325
- build(deps): bump golang.org/x/crypto from 0.9.0 to 0.10.0 by @dependabot in #324
- build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.4 to 3.4.5 by @dependabot in #321
- fix: fixed error messages of trust policy by @Two-Hearts in #326
- fix: update timeout for OCSP call to 2 seconds by @priteshbandi in #327
- fix: quick fix typo in error msg by @Two-Hearts in #328
- build(deps): bump oras.land/oras-go/v2 from 2.2.0 to 2.2.1 by @dependabot in #332
- build(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 by @dependabot in #333
- build(deps): bump golang.org/x/crypto from 0.10.0 to 0.11.0 by @dependabot in #331
- chore: add license header to files and github action workflow to check license by @Two-Hearts in #334
- fix: quick fix to use correct sign/verify plugin by @Two-Hearts in #338
- errors: add error for wild card scope validation by @sajayantony in #340
- bump: upgrade notation-core-go to v1.0.0 by @shizhMSFT in #342
New Contributors
- @sajayantony made their first contribution in #340
Full Changelog: v1.0.0-rc.6...v1.0.0
v1.0.0-rc.6
What's Changed
- chore: running some chores for notation-go by @Two-Hearts in #311
- build(deps): bump github.com/veraison/go-cose from 1.0.0 to 1.1.0 by @dependabot in #312
- chore: update account info for Patrick Zheng by @yizha1 in #310
- fix: added digest check on verify by @Two-Hearts in #313
- fix: updated error message of errExceededMaxVerificationLimit by @Two-Hearts in #314
- fix: add digest check for Sign by @byronchien in #317
- update: bump up dependencies by @Two-Hearts in #318
- feat: add validations for symlink by @priteshbandi in #316
Full Changelog: v1.0.0-rc.5...v1.0.0-rc.6
v1.0.0-rc.5
What's Changed
- build(deps): bump golang.org/x/crypto from 0.7.0 to 0.8.0 by @dependabot in #304
- build: bump image-spec to v1.1.0-rc.3 and oras-go to v2.1.0 by @shizhMSFT in #306
- update: removed Sign with OCI artifact manifest by @Two-Hearts in #308
- build(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in #309
New Contributors
- @Two-Hearts made their first contribution in #308
Full Changelog: v1.0.0-rc.4...v1.0.0-rc.5
v1.0.0-rc.4
What's Changed
- Added CODEOWNERS and MAINTAINERS files by @toddysm in #272
- fix: fix the CODEOWNERS format issue by @yizha1 in #280
- update: improve missing trustpolicy error message by @kody-kimberl in #282
- fix: don't add user-metadata to manifest's subject annotations by @priteshbandi in #290
- build(deps): bump oras.land/oras-go/v2 from 2.0.0 to 2.0.2 by @dependabot in #291
- build(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 by @dependabot in #283
- chore: update err msg for policy verification by @qweeah in #294
- chore: updated to go 1.19 by @patrickzheng200 in #297
- build(deps): bump golang.org/x/mod from 0.9.0 to 0.10.0 by @dependabot in #299
- feat: add local sign/verification for OCI layout directory by @patrickzheng200 in #288
- fix: added truststore.ValidateCerts by @patrickzheng200 in #285
- feat: adding OCSP revocation checks to Verify by @kody-kimberl in #295
- chore: Updating notation-core-go dependency to rc.3 by @priteshbandi in #302
New Contributors
- @toddysm made their first contribution in #272
- @kody-kimberl made their first contribution in #282
- @qweeah made their first contribution in #294
Full Changelog: v1.0.0-rc.2...v1.0.0-rc.4
v1.0.0-rc.3
What's Changed
- build(deps): bump oras.land/oras-go/v2 from 2.0.0-rc.5 to 2.0.0-rc.6 by @dependabot in #234
- update: logs and error messages by @patrickzheng200 in #235
- Fix error message by @priteshbandi in #236
- doc: add examples for sign and verify by @patrickzheng200 in #238
- feat: support OCI image manifest by @patrickzheng200 in #241
- build(deps): bump oras.land/oras-go/v2 from 2.0.0-rc.6 to 2.0.0 by @dependabot in #248
- build(deps): bump github.com/veraison/go-cose from 1.0.0-rc.2 to 1.0.0 by @dependabot in #247
- chore: logs and tests clean-up by @patrickzheng200 in #256
- feat: plugin version comparison functionality by @iamjesh in #237
- feat!: add signingkeys.json validation check by @priteshbandi in #246
- Adds more unit test for keys.go by @priteshbandi in #268
- fix: Appends annotations returned by plugin to signature manifest's annotations by @priteshbandi in #262
- Update: added ErrorPushSignatureFailed by @patrickzheng200 in #271
- feat: add support for signed user metadata by @byronchien in #242
- Create config with user only permission by @priteshbandi in #269
- chore: clean up comments format and removed unused code by @patrickzheng200 in #273
- build(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 by @dependabot in #277
- fix: add check for unsupported subject fields by @byronchien in #275
- bump: update notation-core-go dependency by @priteshbandi in #278
New Contributors
- @iamjesh made their first contribution in #237
- @byronchien made their first contribution in #242
Full Changelog: v1.0.0-rc.1...v1.0.0-rc.3
v1.0.0-rc.2
Deprecated: Please DONOT use this version, instead use v1.0.0-rc.3. rc.3 contains all changes of rc.2.
What's Changed
- build(deps): bump oras.land/oras-go/v2 from 2.0.0-rc.5 to 2.0.0-rc.6 by @dependabot in #234
- update: logs and error messages by @patrickzheng200 in #235
- Fix error message by @priteshbandi in #236
- doc: add examples for sign and verify by @patrickzheng200 in #238
- feat: support OCI image manifest by @patrickzheng200 in #241
- build(deps): bump oras.land/oras-go/v2 from 2.0.0-rc.6 to 2.0.0 by @dependabot in #248
- build(deps): bump github.com/veraison/go-cose from 1.0.0-rc.2 to 1.0.0 by @dependabot in #247
- chore: logs and tests clean-up by @patrickzheng200 in #256
- feat: plugin version comparison functionality by @iamjesh in #237
- feat!: add signingkeys.json validation check by @priteshbandi in #246
- Adds more unit test for keys.go by @priteshbandi in #268
- fix: Appends annotations returned by plugin to signature manifest's annotations by @priteshbandi in #262
- Update: added ErrorPushSignatureFailed by @patrickzheng200 in #271
- feat: add support for signed user metadata by @byronchien in #242
- Create config with user only permission by @priteshbandi in #269
- chore: clean up comments format and removed unused code by @patrickzheng200 in #273
- build(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 by @dependabot in #277
- fix: add check for unsupported subject fields by @byronchien in #275
- bump: update notation-core-go dependency by @priteshbandi in #278
New Contributors
- @iamjesh made their first contribution in #237
- @byronchien made their first contribution in #242
Full Changelog: v1.0.0-rc.1...v1.0.0-rc.2
v1.0.0-rc.1
Notices
- BREAKING CHANGE:
notation-go v1.0.0-rc.1
is not compatible with signatures signed by previous Notation releases. - BREAKING CHANGE:
artifactType
in signature manifest is changed toapplication/vnd.cncf.notary.signature
- BREAKING CHANGE: Only support registries compliant with the OCI 1.1.0-rc2 image spec and OCI 1.1.0-rc1 distribution spec
New Features
- Store signatures using OCI Artifact Manifest associated with signing artifacts in the registries compliant with the OCI 1.1.0-rc2 image spec and OCI 1.1.0-rc1 distribution spec
- Refactored API to incorporate local verification
- Added logger package to enable logging
Other changes
- New API design
Detailed Commits
- refactor: dir package [1] by @JeyJeyGao in #179
- Remove plugin name and version from ProcessedAttributes response from… by @rgnote in #183
- refactor: config package by @JeyJeyGao in #182
- Fix VerifySignature command json marshaling by @rgnote in #188
- update: Package registry refactoring by @patrickzheng200 in #190
- feat: Added trustpolicy and truststore packages under verification by @patrickzheng200 in #192
- refactor: plugin package by @JeyJeyGao in #184
- fix: dir package userConfigDir typo by @JeyJeyGao in #196
- update: Package notation refactoring by @patrickzheng200 in #191
- refactor: update plugin for notation package by @JeyJeyGao in #199
- update: Package verification refactoring by @patrickzheng200 in #186
- feat: Added log package by @patrickzheng200 in #202
- update: updated verifier design by @patrickzheng200 in #206
- update: Package signature refactoring by @patrickzheng200 in #200
- update: upgraded to oras-go v2.0.0-rc.5 by @patrickzheng200 in #209
- update: replaced strings.Index with strings.Cut by @patrickzheng200 in #211
- Add: added set data structure by @patrickzheng200 in #210
- fix: update plugin to add ContractVersion by @JeyJeyGao in #207
- update: check SignatureMediaType in notation.Verify by @patrickzheng200 in #208
- Use minimum(user only) file permissions by @priteshbandi in #216
- update: bump up dependencies by @patrickzheng200 in #219
- feat: added tag reference log for notation.Sign and notation.Verify by @patrickzheng200 in #223
- Pass expiry to envelope-generator plugin by @priteshbandi in #222
- feat: add required log by @JeyJeyGao in #221
- Add additional header validation for payload by @jondonas in #178
- fix: optimize verification level skip check by @JeyJeyGao in #226
- update: bump up notation-core-go in notation-go by @patrickzheng200 in #227
- Improving debug log for plugin by @priteshbandi in #228
- fix: updated notation artifact type to application/vnd.cncf.notary.signature by @patrickzheng200 in #231
- build: bump up versions for rc.1 release by @yizha1 in #232
Full Changelog: v0.12.0-beta.1...v1.0.0-rc.1