Releases: kubernetes-sigs/promo-tools
Releases · kubernetes-sigs/promo-tools
v4.4.0
Changes by Kind
Feature
- Add progress logging and bound goroutine concurrency in signature replication phase (#1748, @saschagrunert) [SIG Release]
- Give full rate limit budget to the active pipeline phase, increasing promotion throughput from 35 to 50 req/sec. (#1735, @saschagrunert) [SIG Release]
- Improve standalone signature replication throughput by using the full rate budget and skipping unsigned images early (#1727, @saschagrunert) [SIG Release]
- Optimize standalone signature replication by batch-listing tags and copying only missing signatures, reducing API calls significantly. (#1749, @saschagrunert) [SIG Release]
- Parallelize signature replication, increase default threads to 20 (#1737, @saschagrunert) [SIG Release]
- Parallelize registry reads, reducing the plan phase from ~19 minutes to ~2 minutes for large promotions. (#1736, @saschagrunert) [SIG Release]
- Provenance attestations are now always generated and verified using verify-if-present semantics. (#1754, @saschagrunert) [SIG Release]
- Provenance attestations use cosign OCI APIs with predicate-type-aware idempotency. SBOM promotion is removed. (#1764, @saschagrunert) [SIG Release]
Documentation
- Fix outdated documentation including missing sigcheck command, incorrect install paths, and stale version examples (#1747, @saschagrunert) [SIG Release]
Bug or Regression
- Add retry logic for all pipeline network operations including registry reads, signature copies, and attestation writes (#1742, @saschagrunert) [SIG Release]
- Fix FixMissingSignatures panic on empty check results and mirrorsList race condition (#1738, @saschagrunert) [SIG Release]
- Fix default promotion threads being zero, which caused image promotion to hang indefinitely. (#1733, @saschagrunert) [SIG Release]
- Fix empty version fields in pipeline log output (#1743, @saschagrunert) [SIG Release]
- Fix regression where image promotion marked all source images as LOST due to registry inventory key mismatch. (#1731, @saschagrunert) [SIG Release]
- Fix signature replication failing on images without signatures (#1726, @saschagrunert) [SIG Release]
- Fixed intermittent hangs in signature replication by adding per-request
timeouts and automatic retry on deadline exceeded errors. (#1763, @saschagrunert) [SIG Release] - Recognize Docker manifest v1 media types to eliminate ~15k spurious error log lines per promotion run. (#1734, @saschagrunert) [SIG Release]
- Retry image promotion on transient registry errors (429, 5xx) instead of aborting (#1740, @saschagrunert) [SIG Release]
- Retry transient registry errors (429, 5xx) in signature replication instead of failing the job (#1730, @saschagrunert) [SIG Release]
Other (Cleanup or Flake)
- Give the full rate limit budget to all pipeline phases instead of splitting between promotion and signing (#1741, @saschagrunert) [SIG Release]
- Improve promotion logging with per-image progress counters and copy timing (#1732, @saschagrunert) [SIG Release]
- Reduce rate limiter log spam by removing per-request backoff warnings (#1745, @saschagrunert) [SIG Release]
- Remove deprecated --key-files, --use-service-account, --json-log-summary, and --snapshot-service-account flags from kpromo; use Application Default Credentials instead (#1758, @saschagrunert) [SIG Release]
- Remove inline signature replication from the promotion pipeline in favor of the dedicated periodic ci-k8sio-image-signature-replication Prow job. (#1750, @saschagrunert) [SIG Release]
- The promotion record attestation is no longer wrapped in a slsa build predicate. It is its own predicate type. (#1767, @puerco) [SIG Release]
Dependencies
Added
- golang.org/x/tools/go/expect: v0.1.0-deprecated
- golang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated
Changed
- github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream: v1.7.5 → v1.7.6
- github.com/aws/aws-sdk-go-v2/config: v1.32.10 → v1.32.11
- github.com/aws/aws-sdk-go-v2/credentials: v1.19.10 → v1.19.11
- github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.18.18 → v1.18.19
- github.com/aws/aws-sdk-go-v2/feature/s3/manager: v1.22.3 → v1.22.5
- github.com/aws/aws-sdk-go-v2/internal/configsources: v1.4.18 → v1.4.19
- github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: v2.7.18 → v2.7.19
- github.com/aws/aws-sdk-go-v2/internal/ini: v1.8.4 → v1.8.5
- github.com/aws/aws-sdk-go-v2/internal/v4a: v1.4.18 → v1.4.19
- github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding: v1.13.5 → v1.13.6
- github.com/aws/aws-sdk-go-v2/service/internal/checksum: v1.9.9 → v1.9.11
- github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: v1.13.18 → v1.13.19
- github.com/aws/aws-sdk-go-v2/service/internal/s3shared: v1.19.18 → v1.19.19
- github.com/aws/aws-sdk-go-v2/service/s3: v1.96.1 → v1.96.3
- github.com/aws/aws-sdk-go-v2/service/signin: v1.0.6 → v1.0.7
- github.com/aws/aws-sdk-go-v2/service/sso: v1.30.11 → v1.30.12
- github.com/aws/aws-sdk-go-v2/service/ssooidc: v1.35.15 → v1.35.16
- github.com/aws/aws-sdk-go-v2/service/sts: v1.41.7 → v1.41.8
- github.com/aws/aws-sdk-go-v2: v1.41.2 → v1.41.3
- github.com/aws/smithy-go: v1.24.1 → v1.24.2
- github.com/cloudflare/circl: v1.6.1 → v1.6.3
- github.com/go-git/go-billy/v5: v5.6.2 → v5.8.0
- github.com/go-git/go-git/v5: v5.16.5 → v5.17.0
- github.com/google/go-containerregistry: v0.21.1 → v0.21.2
- github.com/onsi/ginkgo/v2: v2.21.0 → v2.27.2
- go.opentelemetry.io/otel/metric: v1.39.0 → v1.40.0
- go.opentelemetry.io/otel/sdk/metric: v1.39.0 → v1.40.0
- go.opentelemetry.io/otel/sdk: v1.39.0 → v1.40.0
- go.opentelemetry.io/otel/trace: v1.39.0 → v1.40.0
- go.opentelemetry.io/otel: v1.39.0 → v1.40.0
- gopkg.in/evanphx/json-patch.v4: v4.12.0 → v4.13.0
- k8s.io/apimachinery: v0.34.1 → v0.35.2
- k8s.io/kube-openapi: f3f2b99 → 589584f
- k8s.io/utils: 0af2bda → bc988d5
- sigs.k8s.io/json: cfa47c3 → 2d32026
Removed
Nothing has changed.
Contributors
saschagrunert and puerco
Assets 2
v4.3.0
Changes by Kind
Feature
- Add
kpromo cip replicate-signaturessubcommand for standalone signature replication to mirror registries. (#1715, @saschagrunert) [SIG Release]
Other (Cleanup or Flake)
- Remove deprecated
cip auditsubcommand and legacy e2e test infrastructure (#1716, @saschagrunert) [SIG Release] - Remove deprecated
kpromo mm(cip-mm) subcommand (#1721, @saschagrunert) [SIG Release] - Remove legacy image promoter internals (inventory, gcloud, stream, json, reqcounter, container, timewrapper packages) (#1718, @saschagrunert) [SIG Release]
- Remove deprecated
--use-legacy-pipelineflag and legacy sequential promotion code path. The new pipeline engine is now the only code path. (#1712, @saschagrunert) [SIG Release]
Dependencies
Added
Nothing has changed.
Changed
- cel.dev/expr: v0.24.0 → v0.25.1
- cloud.google.com/go/auth: v0.18.1 → v0.18.2
- github.com/cncf/xds/go: 0feb691 → ee656c7
- github.com/envoyproxy/go-control-plane/envoy: v1.35.0 → v1.36.0
- github.com/envoyproxy/go-control-plane: 75eaa19 → v0.14.0
- github.com/envoyproxy/protoc-gen-validate: v1.2.1 → v1.3.0
- github.com/google/go-containerregistry: v0.21.0 → v0.21.1
- github.com/googleapis/enterprise-certificate-proxy: v0.3.11 → v0.3.12
- go.opentelemetry.io/contrib/detectors/gcp: v1.38.0 → v1.39.0
- google.golang.org/api: v0.268.0 → v0.269.0
- google.golang.org/genproto/googleapis/bytestream: 546029d → 42d3e9b
- google.golang.org/genproto/googleapis/rpc: 546029d → 42d3e9b
- google.golang.org/grpc: v1.78.0 → v1.79.1
Removed
Nothing has changed.
Contributors
saschagrunert
Assets 2
v4.2.0
Changes by Kind
Deprecation
- The image promoter now uses the new pipeline engine by default. The legacy
sequential code path is deprecated and available via--use-legacy-pipeline.
New CLI flags:--require-provenance,--allowed-builders,
--allowed-source-repos. Pre-generated SBOMs are now automatically copied
from staging to production registries during promotion. (#1709, @saschagrunert) [SIG Release]
Feature
- Bump to go 1.25 and update tools deps (#1652, @cpanato) [SIG Release]
- Rewrite image promoter rate limiter with per-operation budget allocation and adaptive 429 backoff. (#1702, @saschagrunert) [SIG Release]
Dependencies
Added
- al.essio.dev/pkg/shellescape: v1.6.0
- buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go: 6c6e0d3
- buf.build/go/protovalidate: v0.14.0
- buf.build/go/protoyaml: v0.6.0
- github.com/DataDog/datadog-agent/comp/core/tagger/origindetection: v0.67.0
- github.com/DataDog/datadog-agent/pkg/version: v0.67.0
- github.com/DataDog/dd-trace-go/v2: v2.2.2-rc.1
- github.com/DataDog/go-libddwaf/v4: v4.3.0
- github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp: v1.5.3
- github.com/MakeNowJust/heredoc/v2: v2.0.1
- github.com/Masterminds/goutils: v1.1.1
- github.com/Masterminds/sprig/v3: v3.3.0
- github.com/VividCortex/ewma: v1.2.0
- github.com/antihax/optional: v1.0.0
- github.com/antlr4-go/antlr/v4: v4.13.1
- github.com/aws/aws-sdk-go-v2/service/signin: v1.0.6
- github.com/cenkalti/backoff/v5: v5.0.3
- github.com/cheggaaa/pb/v3: v3.1.6
- github.com/clipperhouse/displaywidth: v0.6.0
- github.com/clipperhouse/stringish: v0.1.1
- github.com/clipperhouse/uax29/v2: v2.3.0
- github.com/containerd/containerd/v2: v2.1.4
- github.com/containerd/typeurl/v2: v2.2.3
- github.com/decred/dcrd/crypto/blake256: v1.1.0
- github.com/go-openapi/swag/jsonutils/fixtures_test: v0.25.4
- github.com/go-openapi/testify/enable/yaml/v2: v2.0.2
- github.com/go-openapi/testify/v2: v2.0.2
- github.com/google/addlicense: v1.1.1
- github.com/google/cel-go: v0.26.1
- github.com/google/go-github/v73: v73.0.0
- github.com/grafana/regexp: a468a5b
- github.com/hashicorp/go-version: v1.7.0
- github.com/huandu/xstrings: v1.5.0
- github.com/lestrrat-go/httprc/v3: v3.0.0
- github.com/lestrrat-go/jwx/v3: v3.0.10
- github.com/lestrrat-go/option/v2: v2.0.0
- github.com/mitchellh/copystructure: v1.2.0
- github.com/mitchellh/reflectwalk: v1.0.2
- github.com/natefinch/atomic: v1.0.1
- github.com/olekukonko/cat: 50322a0
- github.com/prometheus/otlptranslator: v0.0.2
- github.com/puzpuzpuz/xsync/v3: v3.5.1
- github.com/rogpeppe/fastuuid: v1.2.0
- github.com/shirou/gopsutil/v4: v4.25.3
- github.com/shopspring/decimal: v1.4.0
- github.com/sigstore/rekor-tiles/v2: v2.0.1
- github.com/sigstore/rekor-tiles: v0.1.11
- github.com/sigstore/timestamp-authority/v2: v2.0.3
- github.com/stoewer/go-strcase: v1.3.1
- github.com/tink-crypto/tink-go-hcvault/v2: v2.3.0
- github.com/transparency-dev/formats: 404c0d5
- github.com/transparency-dev/tessera: ba6c65c
- github.com/valyala/fastjson: v1.6.4
- go.etcd.io/gofail: v0.2.0
- go.etcd.io/raft/v3: v3.6.0
- go.opentelemetry.io/collector/featuregate: v1.31.0
- go.opentelemetry.io/collector/internal/telemetry: v0.125.0
- go.opentelemetry.io/contrib/bridges/otelzap: v0.10.0
- go.opentelemetry.io/otel/exporters/prometheus: v0.60.0
- go.opentelemetry.io/otel/log: v0.11.0
- goa.design/goa/v3: v3.23.4
- sigs.k8s.io/structured-merge-diff/v6: v6.3.0
Changed
- chainguard.dev/go-grpc-kit: v0.17.7 → v0.17.15
- chainguard.dev/sdk: v0.1.29 → v0.1.45
- cloud.google.com/go/accessapproval: v1.8.6 → v1.8.8
- cloud.google.com/go/accesscontextmanager: v1.9.6 → v1.9.7
- cloud.google.com/go/aiplatform: v1.89.0 → v1.114.0
- cloud.google.com/go/analytics: v0.28.1 → v0.30.1
- cloud.google.com/go/apigateway: v1.7.6 → v1.7.7
- cloud.google.com/go/apigeeconnect: v1.7.6 → v1.7.7
- cloud.google.com/go/apigeeregistry: v0.9.6 → v0.10.0
- cloud.google.com/go/appengine: v1.9.6 → v1.9.7
- cloud.google.com/go/area120: v0.9.6 → v0.9.7
- cloud.google.com/go/artifactregistry: v1.17.1 → v1.19.0
- cloud.google.com/go/asset: v1.21.1 → v1.22.0
- cloud.google.com/go/assuredworkloads: v1.12.6 → v1.13.0
- cloud.google.com/go/auth: v0.17.0 → v0.18.1
- cloud.google.com/go/automl: v1.14.7 → v1.15.0
- cloud.google.com/go/baremetalsolution: v1.3.6 → v1.4.0
- cloud.google.com/go/batch: v1.12.2 → v1.14.0
- cloud.google.com/go/beyondcorp: v1.1.6 → v1.2.0
- cloud.google.com/go/bigquery: v1.69.0 → v1.72.0
- cloud.google.com/go/bigtable: v1.37.0 → v1.41.0
- cloud.google.com/go/billing: v1.20.4 → v1.21.0
- cloud.google.com/go/binaryauthorization: v1.9.5 → v1.10.0
- cloud.google.com/go/certificatemanager: v1.9.5 → v1.9.6
- cloud.google.com/go/channel: v1.19.5 → v1.21.0
- cloud.google.com/go/cloudbuild: v1.22.2 → v1.25.0
- cloud.google.com/go/clouddms: v1.8.7 → v1.8.8
- cloud.google.com/go/cloudtasks: v1.13.6 → v1.13.7
- cloud.google.com/go/compute: v1.38.0 → v1.54.0
- cloud.google.com/go/contactcenterinsights: v1.17.3 → v1.17.4
- cloud.google.com/go/container: v1.43.0 → v1.45.0
- cloud.google.com/go/datacatalog: v1.26.0 → v1.26.1
- cloud.google.com/go/dataflow: v0.11.0 → v0.11.1
- cloud.google.com/go/dataform: v0.12.0 → v0.12.1
- cloud.google.com/go/datafusion: v1.8.6 → v1.8.7
- cloud.google.com/go/datalabeling: v0.9.6 → v0.9.7
- cloud.google.com/go/dataplex: v1.25.3 → v1.28.0
- cloud.google.com/go/dataproc/v2: v2.11.2 → v2.15.0
- cloud.google.com/go/dataqna: v0.9.7 → v0.9.8
- cloud.google.com/go/datastore: v1.20.0 → v1.21.0
- cloud.google.com/go/datastream: v1.14.1 → v1.15.1
- cloud.google.com/go/deploy: v1.27.2 → v1.27.3
- cloud.google.com/go/dialogflow: v1.68.2 → v1.74.0
- cloud.google.com/go/dlp: v1.23.0 → v1.28.0
- cloud.google.com/go/documentai: v1.37.0 → v1.39.0
- cloud.google.com/go/domains: v0.10.6 → v0.10.7
- cloud.google.com/go/edgecontainer: v1.4.3 → v1.4.4
- cloud.google.com/go/errorreporting: v0.3.2 → v0.4.0
- cloud.google.com/go/essentialcontacts: v1.7.6 → v1.7.7
- cloud.google.com/go/eventarc: v1.15.5 → v1.18.0
- cloud.google.com/go/filestore: v1.10.2 → v1.10.3
- cloud.google.com/go/firestore: v1.18.0 → v1.21.0
- cloud.google.com/go/functions: v1.19.6 → v1.19.7
- cloud.google.com/go/gkebackup: v1.8.0 → v1.8.1
- cloud.google.com/go/gkeconnect: v0.12.4 → v0.12.5
- cloud.google.com/go/gkehub: v0.15.6 → v0.16.0
- cloud.google.com/go/gkemulticloud: v1.5.3 → v1.6.0
- cloud.google.com/go/gsuiteaddons: v1.7.7 → v1.7.8
- cloud.google.com/go/iap: v1.11.2 → v1.11.3
- cloud.google.com/go/ids: v1.5.6 → v1.5.7
- cloud.google.com/go/iot: v1.8.6 → v1.8.7
- cloud.google.com/go/kms: v1.22.0 → v1.25.0
- cloud.google.com/go/language: v1.14.5 → v1.14.6
- cloud.google.com/go/lifesciences: v0.10.6 → v0.10.7
- cloud.google.com/go/logging: v1.13.0 → v1.13.2
- cloud.google.com/go/longrunning: v0.6.7 → v0.8.0
- cloud.google.com/go/managedidentities: v1.7.6 → v1.7.7
- cloud.google.com/go/maps: v1.21.0 → v1.26.0
- cloud.google.com/go/mediatranslation: v0.9.6 → v0.9.7
- cloud.google.com/go/memcache: v1.11.6 → v1.11.7
- cloud.google.com/go/metastore: v1.14.7 → v1.1...
Contributors
saschagrunert and cpanato
Assets 2
v4.1.0
What's Changed
-
lots of dependency updates by @dependabot[bot]
-
Updating promotion-pull-requests.md to reflect that build admins no longer need to cut packages for official releases by @marosset in #1279
-
bump zeitgeist to v0.5.3 and golangci-lint to v1.58.2 by @cpanato in #1321
-
Enable
gci,godot,duplword,testifylintandtparallellinters by @saschagrunert in #1371 -
Switch to go 1.23 by @saschagrunert in #1393
-
kpromo: set git clone depth for pr subcommand to prevent downloading the whole repository by @chrischdi in #1409
-
migrate to github.com/aws/aws-sdk-go-v2 by @cpanato in #1422
-
Update kpromo docs by @mbianchidev in #1517
-
chore: move inventory_test into same package by @justinsb in #1532
-
chore: avoid unchecked cast to keep linter happy by @justinsb in #1534
-
Fixing build on Macbook ARM by @mbianchidev in #1568
-
internal: Replace remaining references to gopkg.in/src-d/go-git.v4 by @justaugustus in #1606
-
go.mod: Bump k8s.io/utils to v0.0.0-20250820121507-0af2bda4dd1d by @justaugustus in #1607
-
golangci-lint: Bump to v2.4.0 and enable
hack/verify-golangci-lint.shon macOS by @cpanato in #1614 -
internal/legacy/containers: Refactor to use generics by @justinsb in #1535
a* Release: promo-tools@v4.1.0 by @justaugustus in #1633
New Contributors
- @marosset made their first contribution in #1279
- @chrischdi made their first contribution in #1409
- @mbianchidev made their first contribution in #1517
Full Changelog: v4.0.5...v4.1.0
Contributors
justinsb, chrischdi, and 7 other contributors
Assets 2
v4.0.5
Changes by Kind
Feature
- Group dependabot updates
- Kpromo gh: use
--org/--repoas new default for--release-dir(#1043, @saschagrunert) [SIG Release]
Bug or Regression
- Fixed regression to include digest for normalized edges on image signing. (#940, @saschagrunert) [SIG Release]
Other (Cleanup or Flake)
Dependencies
Added
- cloud.google.com/go/dataproc/v2: v2.3.0
- dario.cat/mergo: v1.0.0
- github.com/AdaLogics/go-fuzz-headers: ced1acd
- github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys: v1.0.1
- github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v1.0.0
- github.com/Azure/azure-sdk-for-go/sdk/storage/azblob: v1.2.0
- github.com/DATA-DOG/go-sqlmock: v1.5.0
- github.com/DrJosh9000/zzglob: v0.0.17
- github.com/Khan/genqlient: v0.6.0
- github.com/Microsoft/hcsshim: v0.11.4
- github.com/alecthomas/kingpin/v2: v2.3.2
- github.com/alessio/shellescape: v1.4.1
- github.com/alexflint/go-arg: v1.4.2
- github.com/alexflint/go-scalar: v1.0.0
- github.com/aws/aws-sdk-go-v2/feature/s3/manager: v1.11.76
- github.com/bufbuild/protocompile: v0.6.0
- github.com/buildkite/go-pipeline: v0.2.0
- github.com/cavaliergopher/cpio: v1.0.1
- github.com/cockroachdb/apd/v3: v3.2.1
- github.com/containerd/log: v0.1.0
- github.com/decred/dcrd/dcrec/secp256k1/v4: v4.2.0
- github.com/dustinkirkland/golang-petname: 6a283f1
- github.com/ebitengine/purego: v0.5.0-alpha.1
- github.com/go-kit/log: v0.2.1
- github.com/go-quicktest/qt: v1.100.0
- github.com/goccy/go-json: v0.10.2
- github.com/golang-jwt/jwt/v5: v5.0.0
- github.com/google/gnostic-models: c7be7c7
- github.com/google/go-github/v55: v55.0.0
- github.com/google/go-github/v58: v58.0.0
- github.com/google/go-pkcs11: c6f7932
- github.com/gowebpki/jcs: v1.0.1
- github.com/jmoiron/sqlx: v1.3.5
- github.com/jpillora/backoff: v1.0.0
- github.com/lestrrat-go/blackmagic: v1.0.2
- github.com/lestrrat-go/httpcc: v1.0.1
- github.com/lestrrat-go/httprc: v1.0.4
- github.com/lestrrat-go/iter: v1.0.2
- github.com/lestrrat-go/jwx/v2: v2.0.16
- github.com/lestrrat-go/option: v1.0.1
- github.com/letsencrypt/borp: 6cc6ce5
- github.com/letsencrypt/validator/v10: a0c7dfc
- github.com/matttproud/golang_protobuf_extensions/v2: v2.0.0
- github.com/minio/highwayhash: v1.0.2
- github.com/nats-io/jwt/v2: v2.4.1
- github.com/nats-io/nats.go: v1.30.2
- github.com/nats-io/nkeys: v0.4.5
- github.com/nats-io/nuid: v1.0.1
- github.com/poy/onpar: v1.1.2
- github.com/sagikazarmark/locafero: v0.3.0
- github.com/sagikazarmark/slog-shim: v0.1.0
- github.com/sassoftware/relic/v7: v7.6.1
- github.com/segmentio/asm: v1.2.0
- github.com/sourcegraph/conc: v0.3.0
- github.com/tetratelabs/wazero: v1.0.2
- github.com/vektah/gqlparser/v2: v2.5.8
- github.com/xhit/go-str2duration/v2: v2.1.0
- gopkg.in/go-jose/go-jose.v2: v2.6.1
- software.sslmate.com/src/go-pkcs12: v0.2.0
Changed
- chainguard.dev/go-grpc-kit: v0.16.0 → v0.17.1
- cloud.google.com/go/accessapproval: v1.6.0 → v1.7.4
- cloud.google.com/go/accesscontextmanager: v1.7.0 → v1.8.4
- cloud.google.com/go/aiplatform: v1.37.0 → v1.58.0
- cloud.google.com/go/analytics: v0.19.0 → v0.22.0
- cloud.google.com/go/apigateway: v1.5.0 → v1.6.4
- cloud.google.com/go/apigeeconnect: v1.5.0 → v1.6.4
- cloud.google.com/go/apigeeregistry: v0.6.0 → v0.8.2
- cloud.google.com/go/appengine: v1.7.1 → v1.8.4
- cloud.google.com/go/area120: v0.7.1 → v0.8.4
- cloud.google.com/go/artifactregistry: v1.13.0 → v1.14.6
- cloud.google.com/go/asset: v1.13.0 → v1.17.0
- cloud.google.com/go/assuredworkloads: v1.10.0 → v1.11.4
- cloud.google.com/go/automl: v1.12.0 → v1.13.4
- cloud.google.com/go/baremetalsolution: v0.5.0 → v1.2.3
- cloud.google.com/go/batch: v0.7.0 → v1.7.0
- cloud.google.com/go/beyondcorp: v0.5.0 → v1.0.3
- cloud.google.com/go/bigquery: v1.50.0 → v1.57.1
- cloud.google.com/go/billing: v1.13.0 → v1.18.0
- cloud.google.com/go/binaryauthorization: v1.5.0 → v1.8.0
- cloud.google.com/go/certificatemanager: v1.6.0 → v1.7.4
- cloud.google.com/go/channel: v1.12.0 → v1.17.4
- cloud.google.com/go/cloudbuild: v1.9.0 → v1.15.0
- cloud.google.com/go/clouddms: v1.5.0 → v1.7.3
- cloud.google.com/go/cloudtasks: v1.10.0 → v1.12.4
- cloud.google.com/go/compute: v1.19.3 → v1.23.3
- cloud.google.com/go/contactcenterinsights: v1.6.0 → v1.12.1
- cloud.google.com/go/container: v1.15.0 → v1.29.0
- cloud.google.com/go/containeranalysis: v0.10.1 → v0.11.4
- cloud.google.com/go/datacatalog: v1.13.0 → v1.19.0
- cloud.google.com/go/dataflow: v0.8.0 → v0.9.4
- cloud.google.com/go/dataform: v0.7.0 → v0.9.1
- cloud.google.com/go/datafusion: v1.6.0 → v1.7.4
- cloud.google.com/go/datalabeling: v0.7.0 → v0.8.4
- cloud.google.com/go/dataplex: v1.6.0 → v1.14.0
- cloud.google.com/go/dataqna: v0.7.0 → v0.8.4
- cloud.google.com/go/datastore: v1.11.0 → v1.15.0
- cloud.google.com/go/datastream: v1.7.0 → v1.10.3
- cloud.google.com/go/deploy: v1.8.0 → v1.16.0
- cloud.google.com/go/dialogflow: v1.32.0 → v1.48.0
- cloud.google.com/go/dlp: v1.9.0 → v1.11.1
- cloud.google.com/go/documentai: v1.18.0 → v1.23.7
- cloud.google.com/go/domains: v0.8.0 → v0.9.4
- cloud.google.com/go/edgecontainer: v1.0.0 → v1.1.4
- cloud.google.com/go/essentialcontacts: v1.5.0 → v1.6.5
- cloud.google.com/go/eventarc: v1.11.0 → v1.13.3
- cloud.google.com/go/filestore: v1.6.0 → v1.8.0
- cloud.google.com/go/firestore: v1.9.0 → v1.14.0
- cloud.google.com/go/functions: v1.13.0 → v1.15.4
- cloud.google.com/go/gkebackup: v0.4.0 → v1.3.4
- cloud.google.com/go/gkeconnect: v0.7.0 → v0.8.4
- cloud.google.com/go/gkehub: v0.12.0 → v0.14.4
- cloud.google.com/go/gkemulticloud: v0.5.0 → v1.1.0
- cloud.google.com/go/grafeas: v0.3.0 → v0.3.4
- cloud.google.com/go/gsuiteaddons: v1.5.0 → v1.6.4
- cloud.google.com/go/iam: v1.1.1 → v1.1.6
- cloud.google.com/go/iap: v1.7.1 → v1.9.3
- cloud.google.com/go/ids: v1.3.0 → v1.4.4
- cloud.google.com/go/iot: v1.6.0 → v1.7.4
- cloud.google.com/go/kms: v1.11.0 → v1.15.5
- cloud.google.com/go/language: v1.9.0 → v1.12.2
- cloud.google.com/go/lifesciences: v0.8.0 → v0.9.4
- cloud.google.com/go/logging: v1.7.0 → v1.9.0
- cloud.google.com/go/longrunning: v0.5.0 → v0.5.4
- cloud.google.com/go/managedidentities: v1.5.0 → v1.6.4
- cloud.google.com/go/maps: v0.7.0 → v1.6.2
- cloud....
v4.0.4
Changes by Kind
Bug or Regression
- Fixed regression to include digest for normalized edges on image signing. (#940, @saschagrunert) [SIG Release]
Dependencies
Added
Nothing has changed.
Changed
- github.com/aws/aws-sdk-go: v1.44.286 → v1.44.287
Removed
Nothing has changed.
Contributors
saschagrunert
Assets 2
v4.0.3
Changes by Kind
Bug or Regression
- Fixed bug where kubernetes images have wrong
docker-references in their signatures: #935 (#936, @saschagrunert) [SIG Release]
Dependencies
Added
Nothing has changed.
Changed
- cloud.google.com/go/containeranalysis: v0.10.0 → v0.10.1
- cloud.google.com/go/grafeas: v0.2.1 → v0.3.0
- cloud.google.com/go/iam: v1.1.0 → v1.1.1
- cloud.google.com/go/longrunning: v0.4.2 → v0.5.0
- github.com/aws/aws-sdk-go: v1.44.284 → v1.44.286
- github.com/googleapis/gax-go/v2: v2.10.0 → v2.11.0
Removed
Nothing has changed.
Contributors
saschagrunert
Assets 2
v4.0.2
Changes by Kind
Feature
- Use production registry
registry.k8s.ioas sign identity for container images if required. (#928, @saschagrunert) [SIG Release]
Other (Cleanup or Flake)
- Module version updated to v4 (#919, @jeremyrickard) [SIG Release]
Dependencies
Added
- github.com/DataDog/appsec-internal-go: v1.0.0
- github.com/DataDog/go-libddwaf: v1.2.0
- github.com/outcaste-io/ristretto: v0.2.1
Changed
- cloud.google.com/go/kms: v1.10.2 → v1.11.0
- github.com/DataDog/datadog-agent/pkg/obfuscate: 6491aa3 → v0.45.0-rc.1
- github.com/DataDog/datadog-agent/pkg/remoteconfig/state: v0.42.0-rc.1 → v0.45.0-rc.1
- github.com/andybalholm/brotli: v1.0.3 → v1.0.1
- github.com/aws/aws-sdk-go-v2/config: v1.18.23 → v1.18.26
- github.com/aws/aws-sdk-go-v2/credentials: v1.13.22 → v1.13.25
- github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.13.3 → v1.13.4
- github.com/aws/aws-sdk-go-v2/internal/configsources: v1.1.33 → v1.1.34
- github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: v2.4.27 → v2.4.28
- github.com/aws/aws-sdk-go-v2/internal/ini: v1.3.34 → v1.3.35
- github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: v1.9.27 → v1.9.28
- github.com/aws/aws-sdk-go-v2/service/sso: v1.12.10 → v1.12.11
- github.com/aws/aws-sdk-go-v2/service/ssooidc: v1.14.10 → v1.14.11
- github.com/aws/aws-sdk-go-v2/service/sts: v1.18.11 → v1.19.1
- github.com/aws/aws-sdk-go-v2: v1.18.0 → v1.18.1
- github.com/aws/aws-sdk-go: v1.44.281 → v1.44.284
- github.com/buildkite/agent/v3: v3.46.1 → v3.48.0
- github.com/frankban/quicktest: v1.14.3 → v1.14.4
- github.com/go-openapi/swag: v0.22.3 → v0.22.4
- github.com/go-rod/rod: v0.113.1 → v0.113.3
- github.com/google/go-tpm-tools: v0.3.11 → v0.3.12
- github.com/hashicorp/consul/api: v1.18.0 → v1.20.0
- github.com/maxbrunsfeld/counterfeiter/v6: v6.6.1 → v6.6.2
- github.com/onsi/gomega: v1.27.4 → v1.27.8
- github.com/pelletier/go-toml/v2: v2.0.6 → v2.0.8
- github.com/puzpuzpuz/xsync/v2: v2.4.0 → v2.4.1
- github.com/qri-io/jsonpointer: 168dd9e → v0.1.1
- github.com/qri-io/jsonschema: d0d3b10 → v0.2.1
- github.com/rogpeppe/go-internal: v1.10.0 → v1.9.0
- github.com/sagikazarmark/crypt: v0.9.0 → v0.10.0
- github.com/sigstore/cosign/v2: fc61f43 → 4a2f67e
- github.com/sigstore/sigstore: v1.6.5 → v1.7.0
- github.com/spf13/afero: v1.9.3 → v1.9.5
- github.com/spf13/cast: v1.5.0 → v1.5.1
- github.com/spf13/viper: v1.15.0 → v1.16.0
- github.com/spiffe/go-spiffe/v2: v2.1.4 → v2.1.6
- github.com/urfave/cli: v1.22.12 → v1.22.13
- github.com/xanzy/go-gitlab: v0.83.0 → v0.85.0
- go.etcd.io/etcd/api/v3: v3.5.8 → v3.5.9
- go.etcd.io/etcd/client/pkg/v3: v3.5.8 → v3.5.9
- go.etcd.io/etcd/client/v3: v3.5.8 → v3.5.9
- go.opentelemetry.io/contrib/propagators/aws: v1.15.0 → v1.17.0
- go.opentelemetry.io/contrib/propagators/b3: v1.12.0 → v1.17.0
- go.opentelemetry.io/contrib/propagators/jaeger: v1.15.0 → v1.17.0
- go.opentelemetry.io/contrib/propagators/ot: v1.14.0 → v1.17.0
- go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.15.0 → v1.16.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.15.0 → v1.16.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.15.0 → v1.16.0
- go.opentelemetry.io/otel/metric: v0.34.0 → v1.16.0
- go.opentelemetry.io/otel/sdk: v1.15.0 → v1.16.0
- go.opentelemetry.io/otel/trace: v1.15.0 → v1.16.0
- go.opentelemetry.io/otel: v1.15.0 → v1.16.0
- go.step.sm/crypto: v0.30.0 → v0.32.0
- golang.org/x/crypto: v0.9.0 → v0.10.0
- golang.org/x/mod: v0.10.0 → v0.11.0
- golang.org/x/net: v0.10.0 → v0.11.0
- golang.org/x/oauth2: v0.8.0 → v0.9.0
- golang.org/x/sync: v0.2.0 → v0.3.0
- golang.org/x/sys: v0.8.0 → v0.9.0
- golang.org/x/term: v0.8.0 → v0.9.0
- golang.org/x/text: v0.9.0 → v0.10.0
- golang.org/x/tools: v0.8.0 → v0.9.3
- google.golang.org/api: v0.127.0 → v0.128.0
- gopkg.in/DataDog/dd-trace-go.v1: v1.46.1 → v1.51.0
- gotest.tools/v3: v3.1.0 → v3.0.3
- inet.af/netaddr: 0970063 → 502d2d6
- sigs.k8s.io/release-sdk: 659609b → v0.10.2
Removed
- github.com/DataDog/datadog-go: v4.8.2+incompatible
- github.com/nightlyone/lockfile: v1.0.0
Contributors
saschagrunert and jeremyrickard
Assets 2
v4.0.1
v4.0.1
This tag was signed with the committer’s verified signature.
jeremyrickard
Jeremy Rickard
Release Notes
Changes by Kind
Other (Cleanup or Flake)
- Module version updated to v4 (#919, @jeremyrickard) [SIG Release]
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
jeremyrickard
Assets 3
v4.0.0
v4.0.0
This tag was signed with the committer’s verified signature.
jeremyrickard
Jeremy Rickard
Release Notes
Changes by Kind
Feature
- Add SignCheckIdentityRegexp and SignCheckIssuerRegexp options (#906, @cpanato) [SIG Release]
- Upgrade signing to use cosign v2 (#889, @cpanato) [SIG Release]
Other (Cleanup or Flake)
- Increased sign timeout to 15 minutes to deflake recursive signing. (#900, @saschagrunert) [SIG Release]
Dependencies
Added
- chainguard.dev/go-grpc-kit: v0.16.0
- cloud.google.com/go/profiler: v0.3.1
- github.com/AdamKorcz/go-fuzz-headers-1: 12e09ab
- github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.6.0
- github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.3.0
- github.com/Azure/azure-sdk-for-go/sdk/internal: v1.3.0
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys: v0.10.0
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal: v0.7.1
- github.com/AzureAD/microsoft-authentication-library-for-go: v1.0.0
- github.com/DataDog/datadog-agent/pkg/obfuscate: 6491aa3
- github.com/DataDog/datadog-agent/pkg/remoteconfig/state: v0.42.0-rc.1
- github.com/DataDog/datadog-go/v5: v5.3.0
- github.com/DataDog/datadog-go: v4.8.2+incompatible
- github.com/DataDog/go-tuf: fork
- github.com/DataDog/sketches-go: v1.2.1
- github.com/Masterminds/sprig/v3: v3.2.3
- github.com/beevik/ntp: v1.0.0
- github.com/blendle/zapdriver: v1.3.1
- github.com/brunoscheufler/aws-ecs-metadata-go: b6b31c6
- github.com/buildkite/agent/v3: v3.46.1
- github.com/buildkite/bintest/v3: v3.1.1
- github.com/buildkite/interpolate: 07f35b4
- github.com/buildkite/roko: v1.1.0
- github.com/buildkite/shellwords: c3f497d
- github.com/bytecodealliance/wasmtime-go/v3: v3.0.2
- github.com/cockroachdb/cockroach-go/v2: v2.3.3
- github.com/cyphar/filepath-securejoin: v0.2.3
- github.com/denisbrodbeck/machineid: v1.0.1
- github.com/digitorus/pkcs7: 001c36b
- github.com/digitorus/timestamp: ef3b63b
- github.com/gabriel-vasile/mimetype: v1.4.2
- github.com/go-chi/chi/v5: v5.0.8
- github.com/go-redis/redismock/v9: v9.0.3
- github.com/gofrs/flock: v0.8.1
- github.com/google/go-tpm-tools: v0.3.11
- github.com/google/go-tpm: v0.3.3
- github.com/google/go-tspi: v0.3.0
- github.com/jackc/chunkreader/v2: v2.0.1
- github.com/jackc/pgconn: v1.12.1
- github.com/jackc/pgio: v1.0.0
- github.com/jackc/pgpassfile: v1.0.0
- github.com/jackc/pgproto3/v2: v2.3.0
- github.com/jackc/pgservicefile: 2b9c447
- github.com/jackc/pgtype: v1.11.0
- github.com/jackc/pgx/v4: v4.16.1
- github.com/mitchellh/go-wordwrap: v1.0.1
- github.com/oleiade/reflections: v1.0.1
- github.com/peterbourgon/diskv/v3: v3.0.1
- github.com/petermattis/goid: b0b1615
- github.com/philhofer/fwd: v1.1.1
- github.com/puzpuzpuz/xsync/v2: v2.4.0
- github.com/qri-io/jsonpointer: 168dd9e
- github.com/qri-io/jsonschema: d0d3b10
- github.com/redis/go-redis/v9: v9.0.4
- github.com/sasha-s/go-deadlock: 237a954
- github.com/schollz/jsonstore: v1.1.0
- github.com/shopspring/decimal: v1.2.0
- github.com/sigstore/cosign/v2: fc61f43
- github.com/sigstore/protobuf-specs: v0.1.0
- github.com/sigstore/sigstore/pkg/signature/kms/aws: v1.6.5
- github.com/sigstore/sigstore/pkg/signature/kms/azure: v1.6.5
- github.com/sigstore/sigstore/pkg/signature/kms/gcp: v1.6.5
- github.com/sigstore/sigstore/pkg/signature/kms/hashivault: v1.6.5
- github.com/sigstore/timestamp-authority: v1.1.1
- github.com/smallstep/assert: 82e2b9b
- github.com/smallstep/go-attestation: e172914
- github.com/tinylib/msgp: v1.1.6
- github.com/urfave/negroni: v1.0.0
- github.com/ysmood/fetchup: v0.2.3
- github.com/ysmood/got: v0.34.1
- go.opentelemetry.io/contrib/propagators/aws: v1.15.0
- go.opentelemetry.io/contrib/propagators/b3: v1.12.0
- go.opentelemetry.io/contrib/propagators/jaeger: v1.15.0
- go.opentelemetry.io/contrib/propagators/ot: v1.14.0
- go4.org/intern: ae77deb
- go4.org/unsafe/assume-no-moving-gc: 928513b
- google.golang.org/genproto/googleapis/api: e85fd2c
- google.golang.org/genproto/googleapis/bytestream: e85fd2c
- google.golang.org/genproto/googleapis/rpc: e85fd2c
- gopkg.in/DataDog/dd-trace-go.v1: v1.46.1
- gopkg.in/retry.v1: v1.0.3
- inet.af/netaddr: 0970063
- knative.dev/pkg: ee73c93
- oras.land/oras-go/v2: v2.0.2
Changed
- cloud.google.com/go/compute: v1.19.1 → v1.19.3
- cloud.google.com/go/containeranalysis: v0.9.1 → v0.10.0
- cloud.google.com/go/grafeas: v0.2.0 → v0.2.1
- cloud.google.com/go/iam: v1.0.0 → v1.1.0
- cloud.google.com/go/kms: v1.10.1 → v1.10.2
- cloud.google.com/go/longrunning: v0.4.1 → v0.4.2
- cloud.google.com/go/security: v1.13.0 → v1.14.0
- cloud.google.com/go/spanner: v1.45.0 → v1.45.1
- cloud.google.com/go: v0.110.0 → v0.110.2
- contrib.go.opencensus.io/exporter/stackdriver: v0.13.12 → v0.13.14
- cuelang.org/go: v0.4.3 → v0.5.0
- github.com/Azure/go-autorest/autorest/adal: v0.9.21 → v0.9.22
- github.com/Azure/go-autorest/autorest/azure/auth: v0.5.11 → v0.5.12
- github.com/Azure/go-autorest/autorest: v0.11.28 → v0.11.29
- github.com/ProtonMail/go-crypto: 7d5c6f0 → 7afd394
- github.com/alecthomas/template: fb15b89 → a0175ee
- github.com/alecthomas/units: f65c72e → 2efee85
- github.com/apache/beam/sdks/v2: ef43645 → v2.47.0-RC3
- github.com/armon/go-metrics: v0.4.1 → v0.4.0
- github.com/armon/go-radix: v1.0.0 → 7fddfc3
- github.com/asaskevich/govalidator: f21760c → a9d515a
- github.com/aws/aws-sdk-go-v2/config: v1.18.14 → v1.18.23
- github.com/aws/aws-sdk-...
Contributors
saschagrunert and cpanato