Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.1

What's Changed

• Fix for allowing some version that were invalid by @​mattfarina in Masterminds/semver#253

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

• 1558ca3 Merge pull request #253 from mattfarina/fix-bad-versions
• 252dd61 Fix for allowing some version that were invalid
• See full diff in compare view

Sourced from github.com/minio/minio-go/v7's releases.

Bugfix Release and new APIs

What's Changed

• Add copy destination fields by @​klauspost in minio/minio-go#2095
• feat: make JSON lib configurable by @​secDre4mer in minio/minio-go#2088
• implement Go native iterator style ListObjects() by @​harshavardhana in minio/minio-go#2099
• Add API for bucket resync cancellation by @​poornas in minio/minio-go#2101
• support aws s3 express zone behavior by @​harshavardhana in minio/minio-go#2103
• Add MakeBucket forceCreate option a MinIO specific extension by @​harshavardhana in minio/minio-go#2108
• add support for automatic region extraction for S3 Express by @​harshavardhana in minio/minio-go#2104
• Add msgpack serializers to stringset by @​klauspost in minio/minio-go#2107

New Contributors

• @​secDre4mer made their first contribution in minio/minio-go#2088

Full Changelog: minio/minio-go@v7.0.91...v7.0.92

• 4f25bfc Add msgpack serializers to stringset (#2107)
• 6651105 add support for automatic region extraction for S3 Express (#2104)
• 6b0f80f Add MakeBucket forceCreate option a MinIO specific extension (#2108)
• 5d96728 support aws s3 express zone behavior (#2103)
• 3dbe5a3 Add API for bucket resync cancellation (#2101)
• e994501 implement Go native iterator style ListObjects() (#2099)
• dc867a5 feat: make JSON lib configurable (#2088)
• 832e1d3 Add copy destination fields (#2095)
• 3e647dd Update version to next release
• See full diff in compare view

Sourced from github.com/notaryproject/notation-core-go's releases.

v1.3.0

Vote PASSED [+4 -0]: #271

Updates

• Support of delta CRL during certificate revocation check.
• Upgraded go version to v1.23.0
• Error message fix and dependency updates.

What's Changed since v1.2.0

• feat: delta CRL by @​JeyJeyGao in notaryproject/notation-core-go#247
• bump: update go v1.23 by @​JeyJeyGao in notaryproject/notation-core-go#260
• build(deps): bump golang.org/x/crypto from 0.32.0 to 0.35.0 by @​dependabot in notaryproject/notation-core-go#261
• build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 by @​dependabot in notaryproject/notation-core-go#258
• fix: use iterator instead of looping through multiple slices by @​JeyJeyGao in notaryproject/notation-core-go#259
• build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 by @​dependabot in notaryproject/notation-core-go#262
• build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @​dependabot in notaryproject/notation-core-go#263
• build(deps): bump github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0 by @​dependabot in notaryproject/notation-core-go#265
• build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 by @​dependabot in notaryproject/notation-core-go#267
• fix: error message of SignatureAuthenticityError by @​Two-Hearts in notaryproject/notation-core-go#269

Full Changelog: notaryproject/notation-core-go@v1.2.0...v1.3.0

• ef87896 fix: error message of SignatureAuthenticityError (#269)
• 46726d8 build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 (#267)
• b85e8f7 build(deps): bump github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0 (#265)
• 4d73532 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#263)
• 6a378d5 build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 (#262)
• ea37e4e fix: use iterator instead of looping through multiple slices (#259)
• fcf4512 build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 (#258)
• 9c4662f build(deps): bump golang.org/x/crypto from 0.32.0 to 0.35.0 (#261)
• 441bbe8 bump: update go v1.23 (#260)
• 7510083 feat: delta CRL (#247)
• See full diff in compare view

Sourced from github.com/notaryproject/notation-go's releases.

v1.3.2

Vote PASSED [+5 -0]: #538

Update

• Error message and dependency updates

What's Changed since notation-go v1.3.1

• bump: release v1.3.1 by @​Two-Hearts in notaryproject/notation-go#517
• backport: from main to release-1.3 branch by @​Two-Hearts in notaryproject/notation-go#536

Full Changelog: notaryproject/notation-go@v1.3.1...v1.3.2

New Contributors

• @​qba73 made their first contribution in notaryproject/notation-go#529

v1.3.1

Vote PASSED [+5 -0]: #517

Bug fix

• This patch release removes the timestamp check against signing time during authentic timestamp verification due to potential time skew and the unauthenticated nature of signing time field.

What's Changed

• bump: release v1.3.0 by @​Two-Hearts in notaryproject/notation-go#507
• fix: remove signing time check during authenticTimestamp by @​Two-Hearts in notaryproject/notation-go#514
• bump: bump up dependencies for release-1.3 branch by @​Two-Hearts in notaryproject/notation-go#516

Full Changelog: notaryproject/notation-go@v1.3.0...v1.3.1

• 34a1aba bump: release v1.3.2
• c447774 backport: from main to release-1.3 branch (#536)
• 727046d Merge pull request #517 from Two-Hearts/release-1.3
• 961cef1 bump: release v1.3.1
• f171fb0 bump: bump up dependencies for release-1.3 branch (#516)
• 540cc34 fix: remove signing time check during authenticTimestamp (#514)
• 1864576 Merge pull request #507 from Two-Hearts/release-1.3
• See full diff in compare view

Sourced from github.com/ory/dockertest/v3's releases.

v3.12.0

What's Changed

• chore(deps): bump github.com/docker/cli from 26.1.4+incompatible to 27.1.2+incompatible by @​dependabot in ory/dockertest#524
• chore(deps): bump actions/checkout from 3 to 4 by @​dependabot in ory/dockertest#514
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#526
• chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.15 by @​dependabot in ory/dockertest#538
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#527
• feat: use creds helper by @​GuillaumeSmaha in ory/dockertest#520
• added AuthConfigs to BuildOptions and pass that to BuildImage by @​DGollings in ory/dockertest#488
• add multiple test container example by @​akoserwal in ory/dockertest#515
• fix: trying to bind to an outbound ip returns an empty list of port bindings by @​atzoum in ory/dockertest#533
• chore(deps): bump golang.org/x/sys from 0.21.0 to 0.28.0 by @​dependabot in ory/dockertest#548
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#550
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#549
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#555
• chore(deps): bump github.com/docker/cli from 27.1.2+incompatible to 27.4.1+incompatible by @​dependabot in ory/dockertest#553
• chore(deps): bump github.com/opencontainers/runc from 1.1.15 to 1.2.3 by @​dependabot in ory/dockertest#551
• chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @​dependabot in ory/dockertest#547
• feat: add support for BuildKit when building images by @​tmc in ory/dockertest#416
• chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 by @​dependabot in ory/dockertest#539
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#554

New Contributors

• @​GuillaumeSmaha made their first contribution in ory/dockertest#520
• @​DGollings made their first contribution in ory/dockertest#488
• @​akoserwal made their first contribution in ory/dockertest#515
• @​atzoum made their first contribution in ory/dockertest#533

Full Changelog: ory/dockertest@v3.11.0...v3.12.0

• 8a76ff0 chore: update repository templates to ory/meta@bc60...
• 207b20a chore: update repository templates to ory/meta@83e7...
• fabf563 autogen: update license overview
• 4b1e539 chore: update repository templates to ory/meta@44ef...
• 46d1a7b chore: update repository templates to ory/meta@c091...
• 13e6e33 chore(deps): bump actions/stale from 4 to 9 (#554)
• 91b7d0b chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 (#539)
• 28c8c5b chore(deps): bump github.com/containerd/continuity from 0.4.3 to 0.4.5 (#545)
• eec3a4f feat: add support for BuildKit when building images (#416)
• f6e65ba chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#547)
• Additional commits viewable in compare view

Sourced from github.com/sigstore/sigstore's releases.

v1.9.4

What's Changed

• Add a Name field to the TargetFile struct in sigstore/sigstore#2068
• Update to use Tink v2.3.0 API in sigstore/sigstore#2069

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

What's Changed

• add proto hash algorithm to registry by @​loosebazooka in sigstore/sigstore#2048

New Contributors

• @​loosebazooka made their first contribution in sigstore/sigstore#2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

• Add tink package by @​cmurphy in sigstore/sigstore#2024
• pkg/signature: add P384/P521 compatibility algo to algorithm registry by @​ret2libc in sigstore/sigstore#2037

New Contributors

• @​cmurphy made their first contribution in sigstore/sigstore#2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

v1.9.1

What's Changed

• Implement default signing algorithms based on the key type by @​ret2libc in sigstore/sigstore#2014

Full Changelog: sigstore/sigstore@v1.9.0...v1.9.1

v1.9.0

What's Changed

• Update KMS policy for new plugin interface by @​haydentherapper in sigstore/sigstore#1987
• Update TUF root to latest v12 root by @​haydentherapper in sigstore/sigstore#1988
• build(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 by @​dependabot in sigstore/sigstore#1994
• upgrade go-jose to v4 by @​cpanato in sigstore/sigstore#2000
• pkg/signature: expose Algorithm Details information by @​ret2libc in sigstore/sigstore#2001

Full Changelog: sigstore/sigstore@v1.8.15...v1.9.0

• 0c2ec3a Update to use Tink v2.3.0 API (#2069)
• 8f79f87 Add a Name field to the TargetFile struct (#2068)
• 0923918 Update signing algorithm policy (#2066)
• d49b18c build(deps): Bump cloud.google.com/go/kms (#2067)
• 844f42d build(deps): Bump golang.org/x/net in /pkg/signature/kms/hashivault (#2064)
• 2f15489 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2057)
• 6e3c093 build(deps): Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#2052)
• 20f1b38 build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.3.0 to 2.4.0 (#2053)
• ca90b6d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 (#2055)
• fcf4f5d build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#2059)
• Additional commits viewable in compare view

• aae6e61 go.mod: update golang.org/x dependencies
• 9c1aa6a ssh/test: reset the random source before capturing a recording
• 8819902 ssh/test: enable Diffie-Hellman key exchange algorithms
• 3f311e4 acme: return error from pre-authorization when unsupported
• 1f7c62c ssh/test: skip unsupported tests on js/wasm
• a5f8048 acme/autocert: use standard functions to pick the cache directory
• 958cde8 Revert "chacha20: add loong64 SIMD implementation"
• 51f005c Revert "salsa20: add loong64 SIMD implementation"
• 7c35866 Revert "argon2: add loong64 SIMD implementation"
• 0091fc8 Revert "blake2s: add loong64 SIMD implementation"
• Additional commits viewable in compare view

• cf14319 oauth2: fix expiration time window check
• 32d34ef internal: include clientID in auth style cache key
• 2d34e30 oauth2: replace a magic number with AuthStyleUnknown
• 696f7b3 all: modernize with doc links and any
• 471209b oauth2: drop dependency on go-cmp
• 6968da2 oauth2: sync Token.ExpiresIn from internal Token
• d2c4e0a oauth2: context instead of golang.org/x/net/context in doc
• 883dc3c endpoints: add various endpoints from stale CLs
• 1c06e87 all: make use of oauth.Token.ExpiresIn
• See full diff in compare view

• 506c70f errgroup: propagate panic and Goexit through Wait
• See full diff in compare view

Sourced from oras.land/oras-go/v2's releases.

v2.6.0

New Features

• Upgrade to image-spec v1.1.1 and distribution-spec v1.1.1
• Support context cancellation in file.Store.Add()
• Introduce credentials.NewMemoryStoreFromDockerConfig to load Docker config bytes into an in-memory credentials store
• Add PreservePermissions option to file store to retain original permissions when extracting tar archives
• Introduce oras.CopyError to identify error sources in copy operations

Bug Fixes

• Fix #640: Unclear error message from oci.NewFromTar
• Fix #865: Symbolic links are not automatically overwritten when extracted from tar archive to File store
• Fix #851: Dot‑prefixed paths in tar archives were not recognized by ReadOnlyOCIStore
• Fix #880: The index.json generated by the OCI store lacked a mediaType field
• Fix #895: The Docker-Content-Digest header was not verified in Repository.Blobs().Fetch()
• Fix #916: Incorrect use of atomic.Value in the syncutil.Go utility function causes panics
• Fix #923: Pushing descriptors with invalid digests to memory or file store caused panics
• Other minor bug fixes

Documentation

• Add documentation for artifact modeling
• Add documentation for targets and content store
• Add quickstart tutorial
• Improve examples
• Other minor improvements

Other Changes

• Upgrade the Go support window to [1.23, 1.24]
• Increase test coverage to 80%
• Update dependencies
• Minor optimization

Detailed Commits

• fix: cancel goroutine before the next one is created by @​wangxiaoxuan273 in oras-project/oras-go#739
• build(deps): bump apache/skywalking-eyes from 0.5.0 to 0.6.0 by @​dependabot in oras-project/oras-go#740
• bump(ci): update codecov to v4 by @​wangxiaoxuan273 in oras-project/oras-go#741
• docs: update migration guide and copy doc by @​Wwwsylvia in oras-project/oras-go#752
• test: fix file closing issue on windows by @​shizhMSFT in oras-project/oras-go#764
• docs: document PackManifestOptions to make PackManifest reproducible by @​wangxiaoxuan273 in oras-project/oras-go#749
• build: enforce diff code coverage of 80% by @​Wwwsylvia in oras-project/oras-go#769
• fix: add missing operation to fs path error by @​qweeah in oras-project/oras-go#799
• build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by @​dependabot in oras-project/oras-go#801
• feat: support context cancellation in file store by @​lucasrod16 in oras-project/oras-go#803
• build(go): shift Go support window to [1.22, 1.23] by @​Wwwsylvia in oras-project/oras-go#820
• refactor: fix seed for retry policy by @​Wwwsylvia in oras-project/oras-go#821
• fix: check close error in oci/storage.go during ingestion by @​Wwwsylvia in oras-project/oras-go#830
• chore(workflow): add stale bot by @​Wwwsylvia in oras-project/oras-go#837

... (truncated)

• 05a2b09 build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 (#955)
• 753f8a8 docs: improve README.md (#950)
• 5043a7b docs: updated broken links (#951)
• 17e7d15 docs: add quick start for oras-go (#939)
• 34a87ef test: add unit tests for validateMediaType (#946)
• f7a6126 docs: add more practical examples (#940)
• 0c12035 docs: improve docs for OCI store (#941)
• 7963626 feat: introduce CopyError to identify error source in copy operations (#933)
• 6dd6913 build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 (#937)
• d0ac8e4 docs: update example tests (#932)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions