Releases: theupdateframework/go-tuf
Releases · theupdateframework/go-tuf
v0.5.2
Changelog
Features
Bug fixes
- f75cbcc: fix(cmd): fix logging of help message (#395) (@asraa)
- adbdc7d: fix(data): add back SnapshotFileMeta.Custom (#373) (@arbll)
- 4705874: fix: fix delegation null json value interoperability (#410) (@asraa)
- 047cdb3: fix: fix verification to continue on invalid sigs (#418) (@asraa)
- 7e86441: fix(localMeta): Add delegated targets back to localMeta (#384) (@BaptisteFoy)
Others
- 8a4aabf: test: update lint CI parameters (#394) (@znewman01)
- 6ea14f5: chore: update TUF spec version to 1.0.31 (#393) (@znewman01)
- e56ccf6: chore(deps): bump amannn/action-semantic-pull-request from 4.5.0 to 4.6.0 (#398) (@dependabot[bot])
- b611a26: docs: fix broken link (#401) (@znewman01)
- 4f55897: test: Do not fail-fast when CI runs. (#403) (@vaikas)
- 22f95c0: chore(deps): bump iso8601 from 1.0.2 to 1.1.0 (#404) (@dependabot[bot])
- 2541d68: docs: fix broken link (#405) (@abs007)
- b4b954d: chore(deps): bump arnested/go-version-action from 1.1.5 to 1.1.6 (#408) (@dependabot[bot])
- 14853e3: chore: update release notes breaking change regex (#409) (@znewman01)
- 0f8d7fe: docs: mention breaking changes in PR template (#413) (@znewman01)
- 6f22146: chore(deps): bump actions/setup-python from 4.2.0 to 4.3.0 (#414) (@dependabot[bot])
- b4c6f5a: chore(deps): bump amannn/action-semantic-pull-request from 4.6.0 to 5.0.0 (#415) (@dependabot[bot])
- 3f725e2: docs: add security.md (#412) (@asraa)
- 39613e3: chore(deps): bump amannn/action-semantic-pull-request from 5.0.0 to 5.0.1 (#416) (@dependabot[bot])
- 81884a3: chore(deps): bump amannn/action-semantic-pull-request from 5.0.1 to 5.0.2 (#419) (@dependabot[bot])
- fff5e69: chore(deps): bump actions/setup-go from 3.3.0 to 3.3.1 (#421) (@dependabot[bot])
- 680a077: chore(deps): bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 (#420) (@dependabot[bot])
- 7d83cf2: chore(deps): bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 (#423) (@dependabot[bot])
- 64bd805: chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#424) (@dependabot[bot])
- cfd009d: docs: Remove ethan-lowman-dd from maintainers (#428) (@ethan-lowman-dd)
- 2ac63f7: docs: Update MAINTAINERS (#430) (@trishankatdatadog)
- 901213d: chore(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 (#433) (@dependabot[bot])
- 535756a: chore: Update interop tests for new python-tuf release 2.0.0 (#434) (@joshuagl)
- 00e8129: docs: Use Github's vulnerability reporting (#432) (@mnm678)
- c803c81: chore(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (#435) (@dependabot[bot])
- 9cb61d6: chore: elevate GitHub token permissions for release.yml workflow (#437) (@rdimitrov)
- 3889ddd: chore(deps): bump actions/setup-python from 4.3.0 to 4.4.0 (#443) (@dependabot[bot])
- f310d5e: chore(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (#441) (@dependabot[bot])
- a6e32be: chore(deps): bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#442) (@dependabot[bot])
- 5f964cf: chore(deps): bump actions/setup-python from 4.4.0 to 4.5.0 (#445) (@dependabot[bot])
- 8f585b5: chore(deps): bump requests from 2.28.1 to 2.28.2 (#446) (@dependabot[bot])
- 66a4473: chore(deps): bump securesystemslib from 0.25.0 to 0.26.0 (#448) (@dependabot[bot])
- 2b21357: chore(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 (#447) (@dependabot[bot])
- 91c85a0: test: add tests for rollback protection on snapshot, targets, delegations (#450) (@asraa)
Contributors
znewman01, asraa, and 10 other contributors
Assets 12
v0.5.1
Changelog
Features
- 7097fd8: feat: Adds a new raw file metadata storage for clients (#347) (@kommendorkapten)
- f237d7c: feat: pass logger into repo and client (#385) (@asraa)
Bug fixes
- a9ddd89: fix: fix IsTopLevelManifest calculation for versioned manifests (#381) (@asraa)
- 040092c: fix: abandon updates if timestamp.json isn't new (#387) (@znewman01)
Others
- 13eff30: chore(deps): bump securesystemslib from 0.22.0 to 0.24.0 (#383) (@dependabot[bot])
- 0e33cdf: docs: Add docs for adding and rotating root keys (#389) (@mnm678)
- 7f9beab: chore: update TUF spec version (#392) (@znewman01)
Contributors
znewman01, asraa, and 3 other contributors
Assets 12
v0.5.0
v0.3.2
Changelog
Bug fixes
- b6695e4: fix(verify): backport "Fix a vulnerability in the verification of threshold si… (#375) (@znewman01)
Contributors
znewman01
Assets 12
v0.4.0
Changelog
Features
- af3c7d6: feat: Add new
statuscommand (#342) (@doanac) - 4febe4c: feat(keys): JSON unmarshal hardening. (#275) (@Zenithar)
Bug fixes
- 9020b3c: fix: Remove typo in Alternate signing flow (#344) (@elfotografo007)
- 9334b3f: fix: Redirect passphrase output to Standard error (#343) (@elfotografo007)
- 2e6c621: fix: require length and hashes for target metadata (#345) (@asraa)
- 37601e1: fix: filesystemStore fails to prepend target file hashes on Windows (#274) (@torin-carey)
- 2b415d0: fix: update leveldb dependency (#350) (@mfmarche)
- 1b070ee: fix: add leveldb recover ability (#352) (@mfmarche)
- 64ded18: fix(verify): Fix a vulnerability in the verification of threshold signatures (due to handling of keys with multiple IDs) (#369) (@cedricvanrompay-datadog)
Others
- 529fcca: chore(deps): bump arnested/go-version-action from 1.1.3 to 1.1.4 (#334) (@dependabot[bot])
- f5f12b1: docs: Misc. docs fixes (#337) (@znewman01)
- 0f17236: docs: Add release process info for maintainers (#336) (@znewman01)
- 40b67d2: chore(deps): bump actions/setup-python from 4.0.0 to 4.1.0 (#340) (@dependabot[bot])
- 9d0031b: chore(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#339) (@dependabot[bot])
- 768b63a: chore(deps): bump actions/setup-python from 4.1.0 to 4.2.0 (#351) (@dependabot[bot])
- 8124e8a: chore!: Remove deprecated client Init() function (#353) (@znewman01)
- 8b2d2ab: ci: Fix typo in Pull Request template (#355) (@znewman01)
- f3a48f7: refactor!: rename "InitLocal" to "Init" (#354) (@znewman01)
- ebbc6b8: chore(deps): bump arnested/go-version-action from 1.1.4 to 1.1.5 (#359) (@dependabot[bot])
- 9b6c503: chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#361) (@dependabot[bot])
- d7ff71b: test: Update Python interop tests to python-tuf v1.0.0 (#228) (@znewman01)
- ac7b5d7: chore(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#366) (@dependabot[bot])
- 06ed599: build: Use Go 1.17 for golangci linting and update golangci/golangci-lint-action (#364) (@ethan-lowman-dd)
Contributors
Zenithar, doanac, and 8 other contributors
Assets 12
v0.3.1
Changelog
Features
- 4bf58eb: feat: add
payloadandadd-signaturecommands. (#214) (@znewman01) - 39c23cb: feat: add workflow responsible for notifying of new TUF spec release (#287) (@rdimitrov)
- 355e39c: feat: Implement TAP-12 support (#310) (@znewman01)
Bug fixes
- 9a41055: fix: check root metadata verification before snapshotting (#293) (@asraa)
- e3efe98: fix: verify length and hashes of fetched bytes before parsing (#325) (@joshuagl)
Others
- ea0f98a: chore(deps): bump arnested/go-version-action from 1.0.67 to 1.0.69 (#288) (@dependabot[bot])
- 6722937: chore(deps): bump golangci/golangci-lint-action from 2.5.2 to 3.2.0 (#289) (@dependabot[bot])
- e2594e6: chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (#290) (@dependabot[bot])
- 580db19: chore(deps): bump goreleaser/goreleaser-action from 2.9.1 to 3 (#294) (@dependabot[bot])
- 5884dab: chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#295) (@dependabot[bot])
- 3b26aed: chore(deps): bump arnested/go-version-action from 1.0.69 to 1.0.70 (#297) (@dependabot[bot])
- 041e818: chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (#298) (@dependabot[bot])
- ad96eca: chore(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#299) (@dependabot[bot])
- 36633af: chore(deps): bump arnested/go-version-action from 1.0.70 to 1.1.0 (#300) (@dependabot[bot])
- e24b175: chore(deps): bump actions/setup-python from 3.1.2 to 4 (#311) (@dependabot[bot])
- 1684c68: docs: Update CONTRIBUTING.md, add MAINTAINERS.md (#309) (@znewman01)
- 4139c85: chore(deps): bump arnested/go-version-action from 1.1.0 to 1.1.3 (#316) (@dependabot[bot])
- 36a2930: build: update go version to 1.18 (#314) (@asraa)
- ae904d2: docs: Add DCO instructions (#319) (@znewman01)
- 81cd9b3: chore(deps): bump Python from 3.6 to 3.10 (#318) (@rdimitrov)
- 986a4c5: chore(deps): bump requests from 2.27.1 to 2.28.0 (#317) (@dependabot[bot])
- 439ce47: chore(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (#324) (@dependabot[bot])
- 3bb077e: chore(deps): bump requests from 2.28.0 to 2.28.1 (#332) (@dependabot[bot])
- eed9e6c: chore(deps): bump github.com/stretchr/testify from 1.7.4 to 1.8.0 (#331) (@dependabot[bot])
- 0d40b25: test: fix flakey util test (#333) (@asraa)
Contributors
znewman01, asraa, and 3 other contributors
Assets 12
v0.3.0
Changelog
Security
- ed6788e: security: implement protection against rollback attacks for roles other than root / Merge pull request from GHSA-66x3-6cw3-v5gj (@rdimitrov)
Features
- fd8ac04: feat: Support delegated targets roles in repo writer (#175) (@mnm678)
- ce6509c: feat: propose adding Zach Newman to list of maintainers (#271) (@trishankatdatadog)
Bug fixes
Others
- 507e038: user int64 for version (#240) (@arbll)
- 5b81b7e: ci: Check PR title instead of commits for conventional format (#264) (@ethan-lowman-dd)
- e2fb0ae: chore: add rdimitrov as maintainer (#268) (@asraa)
- 3dfbeb2: chore(deps): bump actions/checkout from 2 to 3 (#253) (@dependabot[bot])
- 3f1f3d7: chore(deps): bump amannn/action-semantic-pull-request (#276) (@dependabot[bot])
- 520db05: chore(deps): bump github/codeql-action from 1 to 2 (#277) (@dependabot[bot])
- f42dfb3: chore: bump golangci-lint timeout (#280) (@znewman01)
- 0fa2537: chore(deps): bump actions/setup-python from 2.3.2 to 3.1.2 (#267) (@dependabot[bot])
- 57b9f1e: chore: remove
GITHUB_TOKENfrom arnested/go-version-action (#259) (@arnested) - 5bbaae3: chore(deps): bump arnested/go-version-action from 1.0.65 to 1.0.67 (#281) (@dependabot[bot])
- 90f34f0: chore(deps): bump amannn/action-semantic-pull-request (#284) (@dependabot[bot])
Contributors
arnested, znewman01, and 8 other contributors
Assets 12
v0.2.0
Changelog
Others
- b98aea5: Rename assertNotNil to assertNoError, since the former name is incorrect (#230) (@ethan-lowman-dd)
- 314eed4: [Delegations prereq 6] Use a verify.DB for delegation in client (#196) (@ethan-lowman-dd)
- d85e0a2: [Delegations prereq 7] Make signers addressible by key ID in LocalStore (#197) (@ethan-lowman-dd)
- 885c290: [Delegations prereq 9] Make fileSystemStore.GetMeta read metadata files dynamically (#231) (@ethan-lowman-dd)
- b4df602: Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#235) (@dependabot[bot])
- 506b95a: Add pull request template with release note stub (#215) (@asraa)
- 8453bf6: Allow commit without adding targets (#238) (@znewman01)
- 545f98e: Add Reason to ErrInvalidKeys (#237) (@znewman01)
- 14b188b: Move hash bin helpers from internal/targets to pkg/targets (#244) (@ethan-lowman-dd)
- 2b4cbfe: Fix linter errors raised by staticcheck (#236) (@rdimitrov)
- 5d0a9c3: Add automatic releases using goreleaser (#234) (@rdimitrov)
- 2b4a5e1: chore(deps): bump actions/setup-go from 2.2.0 to 3 (#254) (@dependabot[bot])
- 0e889ad: chore: remove exposing the github oidc token in ci (#255) (@rdimitrov)
- a747dcc: ci: Bump golangci-lint to 1.45.2 (#265) (@ethan-lowman-dd)
Contributors
znewman01, asraa, and 3 other contributors