Testifysec Witness Versions Save

Changelog

Others

• d93dd8734fa867b4528a5b63636ee9f797d72751: Bump go-witness version (@jkjell)

Changelog

Others

• b496d9899b8de33b43afc185ac8a933be2c2a95e: Bump go-witness version (@jkjell)

Changelog

Bug fixes

• 09f8cbb244b91d4c25890675889492fcbe82559c: fix: run e2e test script as part of workflows (#397) (@mikhailswift)

Others

• 838aec6c3315d037731fe3df6ae3671239028efe: Handle multiple results from run (@jkjell)
• f8d862f73782bf0ebf2d23a65808bd4048c64051: Rename exportRun and add better file naming (@jkjell)
• 609dcd467d748d1779714c0d85f2e6c107878531: Run make docgen (@jkjell)
• ad043b14dfd7ae496ae82ff828bdb33e97cf0e7d: Update go version in actions and point go.mod to WIP go-witness (@jkjell)
• 9a85fca952f72ea89c361d33994a380252d4dc96: Add explicit setup-go action for workflows and change attestation file output to backwards compatible (@jkjell)
• 3c8d14d6f750b18b1bee6e1d8634752431a23e27: chore: bump actions/cache from 4.0.0 to 4.0.1 (#401) (@dependabot[bot])
• feac3aa7b9936f943008e80079b5bbb460f520e2: chore: bump github/codeql-action from 3.24.5 to 3.24.6 (#400) (@dependabot[bot])
• e54d8be3e1ed8cc1411b6771605eb9405ac41820: chore: bump actions/download-artifact from 4.1.2 to 4.1.4 (#399) (@dependabot[bot])
• a4c40293f2a54f6efdbd8261291ef1ea8ecfbb01: doc: fix example in signers kms doc (#403) (@kairoaraujo)
• 910d630e4e2e074c711f48126e0d7b71d4fe4249: Witness website netlify (#394) (@ChaosInTheCRD)
• bb8b3c073c450ace4182ced4b40cdd722492158c: chore: bump the go_modules group group with 2 updates (#408) (@dependabot[bot])
• 3fc10e4ea2bf6d48099733eb36684d78b62459d4: chore: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#409) (@dependabot[bot])
• 7528df2d9873e83c57fb1a5100029f2fc09fc11c: chore: bump follow-redirects from 1.15.5 to 1.15.6 in /docs-website (#410) (@dependabot[bot])
• 1844b26933ac6971275b0ba9fa878e0e8fa74e7f: chore: bump k8s.io/apimachinery from 0.29.2 to 0.29.3 (#411) (@dependabot[bot])
• 10f895d48a3f6bf6a6b236f344d8cfeefac47204: chore: bump actions/checkout from 4.1.1 to 4.1.2 (#412) (@dependabot[bot])
• b1ee68143c620e715deac76e62d366f2c3d56129: chore: bump github/codeql-action from 3.24.6 to 3.24.8 (#415) (@dependabot[bot])
• 917e13b59737073c2fd60bc77c5aedc1a1fdaa42: chore: bump docker/login-action from 3.0.0 to 3.1.0 (#413) (@dependabot[bot])
• 51d0fa68cb991b7d3979df491e05fbf7765d6d1c: Merge branch 'main' into link-attestor (@jkjell)
• fe61acd7f07edc2ad28ee91fa5e6a1ddb133c2e5: chore: bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /docs-website (#417) (@dependabot[bot])
• 2b4213f1b12297b0debc10052b8266fc92c2f15d: chore: bump github/codeql-action from 3.24.8 to 3.24.9 (#419) (@dependabot[bot])
• 78f1a7b6eccbded77b9371ce993797c1a070ef52: chore: bump actions/dependency-review-action from 4.1.3 to 4.2.4 (#420) (@dependabot[bot])
• 6bec1817a62f1710866418e13b11933dc86bf172: chore: bump actions/cache from 4.0.1 to 4.0.2 (#421) (@dependabot[bot])
• f5deef583d9156d7ee0c607d8e709c94fb5b9b0b: chore: bump express from 4.18.3 to 4.19.2 in /docs-website (#423) (@dependabot[bot])
• c86b46dc9191f5235f98ecefef5b1c4443760272: small typo fix (#424) (@ChaosInTheCRD)
• 90cb5acb240aaab127e7d4f22b2334da7bf0264a: Update dependabot.yml (#405) (@jkjell)
• 1fbdaa9b4a12dab850ab7d6cb6856c64f18d3eee: chore: bump the all-gha group with 1 update (#426) (@dependabot[bot])
• 6f7d4a80ae6efa56224ca5e3b83948cd5868ef17: Adding ability to list attestors (#384) (@ChaosInTheCRD)
• bed1863940f83e3d620c990dde94322b560adb8d: Update GHA triggers to fine tune for code changes vs other updates (#406) (@jkjell)
• 74f6c3dcb07ad6b6c2e67eede125bca3ef302793: chore: bump the all-go-mod group with 1 update (#425) (@dependabot[bot])
• 9f16a4de7e019277d13c062737e4fbb13ad646b6: Merge branch 'main' into link-attestor (@jkjell)
• 1836ab9ee84ab47f72b408a89a9a0edaf91e7b21: Update temporary reference to go-witness commit (@jkjell)
• b8e9f5196a82f98c45d8451dab3c33d15b9b05ca: Improvements / Changes to Link Attestor (#428) (@ChaosInTheCRD)
• d330b78bbf8ebb620f0978f7f3af8d6b6f1707b1: make docgen update (@jkjell)
• eef682678f1a2b905e1367231410e438988b8425: Point to latest version of go-witness (@jkjell)
• 0219f20b0b29dbe4df3b3fc2dd520edbd1d731eb: Remove replace directive (@jkjell)
• 1ac142a6350702f2b3e0ac73c771b84dc01a8555: Add missing go.sum (@jkjell)

Changelog

Others

• c211bfee1ddf91427d1aa2f3a9f40e4c3eefb65e: chore: bump actions/dependency-review-action from 4.1.1 to 4.1.3 (#395) (@dependabot[bot])
• dcac011cdcf107fbd51031060315932be40fd47c: chore: bump github/codeql-action from 3.24.3 to 3.24.5 (#396) (@dependabot[bot])
• 997af3b5728f26e7198db23391343d878b09420c: Bump to go-witness v0.3.1 (#398) (@jkjell)

Changelog

Others

• 46b168d7abf5e147b1e248dcc2da1760a66f01bb: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
• 34563ab6b1d3d5109a4eec28a53aa85e60465f88: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
• b8f36d6877b53117e15a2039d6b7208b9d9bff1b: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
• ea67d3168aa5f15df2d68fb2c575dd7091931ab5: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
• 88881fa83c4c2cf5b89041ad15e6e916838da54d: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
• 2c590bbef93d6f704ac2e8382ed8377ae99dc5d9: Update go-git to resolve vulnerability (#346) (@jkjell)
• 617e15a2f3263032dc86c06dc8898eed0ffa5dda: chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#349) (@dependabot[bot])
• b9e38d53b0a703e1451f481040ad104291b3a3c1: Add FOSSA license scanning (@jkjell)
• 494d44ab00f76a11bf4d4c4928f63f6a4853e655: Add Security MD files an add FOSSA scan badge (@jkjell)
• 93768db59b9509c42e1406b6b20640afacd51c98: Pin dependencies and restrict permissions (@jkjell)
• 15d9014fae2c143f26ad39cfde3f0b5ee925a481: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
• abce18ba1f0cb094a328facaa2946a3faf620a03: Add cosign install (@jkjell)
• f2e2a6fbd56b94c2935d8c052ea2309006a4f7b2: Update cloudflare/circl due to dependabot failure (#352) (@jkjell)
• d2471e69aae0f591a0a9e67daf3ee6859bcebf5e: chore: bump actions/cache from 3.3.2 to 3.3.3 (#355) (@dependabot[bot])
• 70e0b09abb592e0a4a1c9ffbaf87a363e8dfe0e4: chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356) (@dependabot[bot])
• 63cc5d89297fc9e4e26e145ebfd5bd9d072f432c: chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357) (@dependabot[bot])
• 83ca94240ba6a8e6148cffa60ff5e20efd0c3355: chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358) (@dependabot[bot])
• 1a9b5a2b6b3191097a92163c5167086a62cb9f83: Initial attempt at PR and Issue templates (#351) (@jkjell)
• 06031da4459ee4aea13ee83c59f9dee8171133ff: Checking attestors for duplicates (#361) (@ChaosInTheCRD)
• 272e492ba2889b2287c731abb9608df966744824: chore: bump actions/cache from 3.3.3 to 4.0.0 (#364) (@dependabot[bot])
• 55418b54b6cedbb16620fa78d8cbb1f67066c533: chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363) (@dependabot[bot])
• 9247c8179cc30fc207d0a43415e1b256e0c2e6fb: chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365) (@dependabot[bot])
• 2b872a34091302a83d87a12fa5e7be511ae55969: chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366) (@dependabot[bot])
• b90f41baba96ca56273351a67a1e8e1fafa34864: README and docs restructure (#362) (@ChaosInTheCRD)
• df179e2ed05dd69628c6ead3010e76dff99a8963: Fixing mistakes in the readme (#368) (@ChaosInTheCRD)
• 1bbd0e84e4a63f586bc852bbde7e2b629d710d92: Updating timestamper (#367) (@ChaosInTheCRD)
• cd18d5ebb01d0db8476d555c141bc7291a295f27: chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369) (@dependabot[bot])
• 58d5516f61ba31136608405ce00e4875460390ee: chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370) (@dependabot[bot])
• dfd64fe710ae02f7f45abade630a10bda15824e4: Updated witness to use changes made to cryptoutil.DigestValue implemented in go-witness (#371) (@ChaosInTheCRD)
• 0e7dda9274d7dc39af074d808810fbf32f8851a2: Add back license scanning badge (#377) (@jkjell)
• 2923f967c0cb1132b2d0f95b91edd81738e58725: chore: bump github/codeql-action from 3.23.2 to 3.24.0 (#378) (@dependabot[bot])
• 3195add25cb01981f0d84a913f3675b6e764f5d0: chore: bump step-security/harden-runner from 2.6.1 to 2.7.0 (#379) (@dependabot[bot])
• 1144fa567a6bb15755daa43d07c6397c4f02009b: chore: bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#380) (@dependabot[bot])
• 58fe0939e85e3fe1ab7b5336f117124983307eb6: chore: bump actions/download-artifact from 4.1.1 to 4.1.2 (#382) (@dependabot[bot])
• be37eeee2800c7a5125bb3ae522fff562edba78e: chore: bump actions/upload-artifact from 4.3.0 to 4.3.1 (#383) (@dependabot[bot])
• c27a4f562608dc0233a856e5f1107fc32c4ff782: KMS Support (#376) (@ChaosInTheCRD)
• 17bdb4edc30500f7adaab7636ff29ec5799231b9: Add Tom as a Witness maintainer (#385) (@jkjell)
• e438568fd57ad9f8987239ab4d5c12b5ff1b15ca: chore: bump testifysec/witness-run-action from 0.1.3 to 0.1.5 (#389) (@dependabot[bot])
• 001a113bbb7a23dc4d7a83b240894376ea6b51f3: chore: bump k8s.io/apimachinery from 0.26.13 to 0.26.14 (#386) (@dependabot[bot])
• f772f2db6af598b5dcdfdada3b22737ab9616385: chore: bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#387) (@dependabot[bot])
• 161286db1176de8a124a149dba74b448d589e8c4: chore: bump fossas/fossa-action from 1.3.1 to 1.3.3 (#390) (@dependabot[bot])
• db7a26644f280576853bb5a39aec33a3f72dc1f1: chore: bump github/codeql-action from 3.24.0 to 3.24.3 (#391) (@dependabot[bot])
• 0df242bbb5795daab05f34b5016133c0b086a118: chore: bump actions/dependency-review-action from 4.0.0 to 4.1.1 (#392) (@dependabot[bot])

Changelog

Bug fixes

• e92de3286d5dda6ef657fc49aa6268c46f4329fd: fix: update tests for loadSigners changes (@mikhailswift)

Others

• 46b168d7abf5e147b1e248dcc2da1760a66f01bb: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
• 34563ab6b1d3d5109a4eec28a53aa85e60465f88: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
• b8f36d6877b53117e15a2039d6b7208b9d9bff1b: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
• ea67d3168aa5f15df2d68fb2c575dd7091931ab5: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
• 88881fa83c4c2cf5b89041ad15e6e916838da54d: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
• 2c590bbef93d6f704ac2e8382ed8377ae99dc5d9: Update go-git to resolve vulnerability (#346) (@jkjell)
• 617e15a2f3263032dc86c06dc8898eed0ffa5dda: chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#349) (@dependabot[bot])
• b9e38d53b0a703e1451f481040ad104291b3a3c1: Add FOSSA license scanning (@jkjell)
• 494d44ab00f76a11bf4d4c4928f63f6a4853e655: Add Security MD files an add FOSSA scan badge (@jkjell)
• 93768db59b9509c42e1406b6b20640afacd51c98: Pin dependencies and restrict permissions (@jkjell)
• 15d9014fae2c143f26ad39cfde3f0b5ee925a481: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
• abce18ba1f0cb094a328facaa2946a3faf620a03: Add cosign install (@jkjell)
• f2e2a6fbd56b94c2935d8c052ea2309006a4f7b2: Update cloudflare/circl due to dependabot failure (#352) (@jkjell)
• d2471e69aae0f591a0a9e67daf3ee6859bcebf5e: chore: bump actions/cache from 3.3.2 to 3.3.3 (#355) (@dependabot[bot])
• 70e0b09abb592e0a4a1c9ffbaf87a363e8dfe0e4: chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356) (@dependabot[bot])
• 63cc5d89297fc9e4e26e145ebfd5bd9d072f432c: chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357) (@dependabot[bot])
• 83ca94240ba6a8e6148cffa60ff5e20efd0c3355: chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358) (@dependabot[bot])
• 1a9b5a2b6b3191097a92163c5167086a62cb9f83: Initial attempt at PR and Issue templates (#351) (@jkjell)
• 06031da4459ee4aea13ee83c59f9dee8171133ff: Checking attestors for duplicates (#361) (@ChaosInTheCRD)
• 272e492ba2889b2287c731abb9608df966744824: chore: bump actions/cache from 3.3.3 to 4.0.0 (#364) (@dependabot[bot])
• 55418b54b6cedbb16620fa78d8cbb1f67066c533: chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363) (@dependabot[bot])
• 9247c8179cc30fc207d0a43415e1b256e0c2e6fb: chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365) (@dependabot[bot])
• 2b872a34091302a83d87a12fa5e7be511ae55969: chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366) (@dependabot[bot])
• b90f41baba96ca56273351a67a1e8e1fafa34864: README and docs restructure (#362) (@ChaosInTheCRD)
• df179e2ed05dd69628c6ead3010e76dff99a8963: Fixing mistakes in the readme (#368) (@ChaosInTheCRD)
• 1bbd0e84e4a63f586bc852bbde7e2b629d710d92: Updating timestamper (#367) (@ChaosInTheCRD)
• cd18d5ebb01d0db8476d555c141bc7291a295f27: chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369) (@dependabot[bot])
• 58d5516f61ba31136608405ce00e4875460390ee: chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370) (@dependabot[bot])
• dfd64fe710ae02f7f45abade630a10bda15824e4: Updated witness to use changes made to cryptoutil.DigestValue implemented in go-witness (#371) (@ChaosInTheCRD)
• 0e7dda9274d7dc39af074d808810fbf32f8851a2: Add back license scanning badge (#377) (@jkjell)
• 873b868bc6500cd618ec71dcff1ebd0ce3b2ce92: adding changes for testing kms (@ChaosInTheCRD)
• 7e96be8b9792726f06700fe5baebd5d388cec63d: implementing verifier for policy with KMS (@ChaosInTheCRD)
• b1149718610d047f643ff00959b5f3adc8970418: adding changes (@ChaosInTheCRD)
• a19520d924824f011fcfa931cb3877fafbd1ec63: removing log (@ChaosInTheCRD)
• 5cc41197828df509be027f90d2d9b30c2331d4d2: saving progress (@ChaosInTheCRD)
• 459e059756720380dfe91d1263357582c2bc85c5: saving progress (@ChaosInTheCRD)
• 2615fd725554994ba7aa6d2104b181a1e1f303b5: adding hashivault provider (@ChaosInTheCRD)
• 7d78cd760564bbcd4f99c02616ab54e764113b32: we dont always add verifiers (@ChaosInTheCRD)
• 2511ea3ee11fd020c2517a8a9f6ad2b0cad45cb8: preparing for draft PR (@ChaosInTheCRD)
• cfaf12cb6542ebb89fb5ce2fe9b702713fd7ec39: fixing go mod (@ChaosInTheCRD)
• 7fef9cc3aa91c250bc395c4de03eaf772a31db80: added implementation for passing in extra options for the kms providers (@ChaosInTheCRD)

Changelog

Bug fixes

• 0af91283cf0b2dfc9912783a1fd4bdade5e2fb2b: fix: update to go-witness with vault fix (@mikhailswift)

Others

• 46b168d7abf5e147b1e248dcc2da1760a66f01bb: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
• 34563ab6b1d3d5109a4eec28a53aa85e60465f88: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
• b8f36d6877b53117e15a2039d6b7208b9d9bff1b: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
• ea67d3168aa5f15df2d68fb2c575dd7091931ab5: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
• 88881fa83c4c2cf5b89041ad15e6e916838da54d: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
• 2c590bbef93d6f704ac2e8382ed8377ae99dc5d9: Update go-git to resolve vulnerability (#346) (@jkjell)
• 617e15a2f3263032dc86c06dc8898eed0ffa5dda: chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#349) (@dependabot[bot])
• b9e38d53b0a703e1451f481040ad104291b3a3c1: Add FOSSA license scanning (@jkjell)
• 494d44ab00f76a11bf4d4c4928f63f6a4853e655: Add Security MD files an add FOSSA scan badge (@jkjell)
• 93768db59b9509c42e1406b6b20640afacd51c98: Pin dependencies and restrict permissions (@jkjell)
• 15d9014fae2c143f26ad39cfde3f0b5ee925a481: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
• abce18ba1f0cb094a328facaa2946a3faf620a03: Add cosign install (@jkjell)
• f2e2a6fbd56b94c2935d8c052ea2309006a4f7b2: Update cloudflare/circl due to dependabot failure (#352) (@jkjell)
• d2471e69aae0f591a0a9e67daf3ee6859bcebf5e: chore: bump actions/cache from 3.3.2 to 3.3.3 (#355) (@dependabot[bot])
• 70e0b09abb592e0a4a1c9ffbaf87a363e8dfe0e4: chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356) (@dependabot[bot])
• 63cc5d89297fc9e4e26e145ebfd5bd9d072f432c: chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357) (@dependabot[bot])
• 83ca94240ba6a8e6148cffa60ff5e20efd0c3355: chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358) (@dependabot[bot])
• 1a9b5a2b6b3191097a92163c5167086a62cb9f83: Initial attempt at PR and Issue templates (#351) (@jkjell)
• 06031da4459ee4aea13ee83c59f9dee8171133ff: Checking attestors for duplicates (#361) (@ChaosInTheCRD)
• 272e492ba2889b2287c731abb9608df966744824: chore: bump actions/cache from 3.3.3 to 4.0.0 (#364) (@dependabot[bot])
• 55418b54b6cedbb16620fa78d8cbb1f67066c533: chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363) (@dependabot[bot])
• 9247c8179cc30fc207d0a43415e1b256e0c2e6fb: chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365) (@dependabot[bot])
• 2b872a34091302a83d87a12fa5e7be511ae55969: chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366) (@dependabot[bot])
• b90f41baba96ca56273351a67a1e8e1fafa34864: README and docs restructure (#362) (@ChaosInTheCRD)
• df179e2ed05dd69628c6ead3010e76dff99a8963: Fixing mistakes in the readme (#368) (@ChaosInTheCRD)
• 1bbd0e84e4a63f586bc852bbde7e2b629d710d92: Updating timestamper (#367) (@ChaosInTheCRD)
• cd18d5ebb01d0db8476d555c141bc7291a295f27: chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369) (@dependabot[bot])
• 58d5516f61ba31136608405ce00e4875460390ee: chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370) (@dependabot[bot])
• dfd64fe710ae02f7f45abade630a10bda15824e4: Updated witness to use changes made to cryptoutil.DigestValue implemented in go-witness (#371) (@ChaosInTheCRD)
• 0e7dda9274d7dc39af074d808810fbf32f8851a2: Add back license scanning badge (#377) (@jkjell)

Changelog

Others

• 46b168d7abf5e147b1e248dcc2da1760a66f01bb: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
• 34563ab6b1d3d5109a4eec28a53aa85e60465f88: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
• b8f36d6877b53117e15a2039d6b7208b9d9bff1b: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
• ea67d3168aa5f15df2d68fb2c575dd7091931ab5: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
• 88881fa83c4c2cf5b89041ad15e6e916838da54d: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
• 2c590bbef93d6f704ac2e8382ed8377ae99dc5d9: Update go-git to resolve vulnerability (#346) (@jkjell)
• ba89120476622cdc24b930e35cbe00fcb48d5bd0: Add FOSSA license scanning (@jkjell)
• b07cb38e0412b6c642562527959c533d2e7c734a: Add Security MD files an add FOSSA scan badge (@jkjell)
• 1f7dd690d60117a1596895fead8aecf02f4b0f7c: Pin dependencies and restrict permissions (@jkjell)
• 6d4eae8c55313cf19ef4bd7011cdd710b971126d: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
• 7aada2ecc109ba4295754d45eef762255116e3cb: Add cosign install (@jkjell)

Changelog

Others

• b88ff894cb9943f8bd2ff647b02fa1e82469e795: [WIP] remove signer support (@)

Changelog

⚠️ Warning ⚠️

go modules have been renamed from github.com/testifysec/witness => github.com/in-toto/witness

Features

• 0bca96770bb72adea48c06a615b58f9bc2c37f79: feat: add algo hash list for digest calc in config (#292) (@DataDavD)

Bug fixes

• be20100af602c780deeef50c54f5338662ce917c: fix: dev/Dockerfile.go-builder to reduce vulnerabilities (@snyk-bot)
• 8e9d7980892d4e0b258f506fd1ae510eea9f213b: fix: dev/Dockerfile.go-builder to reduce vulnerabilities (@snyk-bot)
• 2219a767ef9acaa957fe75b4555dc72618a3136a: fix: updating urls to in-toto from testifysec and -L to the curl for version (#297) (@lmco-seth)

Documentation

• edef8082cafc682ea949e4eb672976a0f192b042: docs: Update key to signer-file-key-path in getting starter .witness.yaml (@blhagadorn)
• 8dde14cb230560cfdef4e39f77dfb3165d78403a: docs: correct sign policy file command in README.md (@shenxianpeng)

Others

• 27f68b94dbcd6f63a654b92e84256236585e38d7: chore(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 (@dependabot[bot])
• 602dc485b2b775e6c7cc66b11653a91fdef2aeda: chore(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3 (@dependabot[bot])
• 5beb113521c41360027352e681906bb6ae32a168: Add maintainers file (@jkjell)
• b3d720740e42cb777bf68af2d73a1bbeacf86882: Add dependabot config and add reusable workflow for calling witness (#298) (@jkjell)
• 21cb944c3d22ee341b84c28e1aa9e8d5a702b73d: chore: bump docker/login-action from 2 to 3 (#299) (@dependabot[bot])
• 9380cbe5f0480fb41a330fb317e9805e3264d970: chore: bump github/codeql-action from 1.0.26 to 2.22.6 (#300) (@dependabot[bot])
• 1880baa756f192fb50753744b04906949dfa1201: chore: bump ossf/scorecard-action from 2.1.3 to 2.3.1 (#302) (@dependabot[bot])
• 873f55c9a7122bad6904c620fcad85a747a23adb: chore: bump golangci/golangci-lint-action from 2 to 3 (#303) (@dependabot[bot])
• f49ff8e7c8376d2ea61a8ef210ecffd12e807735: chore: bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#304) (@dependabot[bot])
• 5e56558aef85e0d297bd11659e41fa5273eb7a48: chore: bump github.com/stretchr/testify from 1.8.1 to 1.8.4 (#305) (@dependabot[bot])
• 932ff1e2da0d5ed04675dc0c67dfbf3c10ca6036: chore: bump actions/checkout from 2 to 4 (#301) (@dependabot[bot])
• e7a6f44cf2fc12b8adce202fbdd0b941ee287251: chore: bump github/codeql-action from 2.22.6 to 2.22.7 (@dependabot[bot])
• a412c18c0b88d89b3fb7c9ede7b7f8bf3d4eff68: chore: bump actions/cache from 2 to 3 (@dependabot[bot])
• 0363ee3b26ddb0c20c7d14e36b64b64d5666ef94: chore: bump actions/setup-go from 2 to 4 (@dependabot[bot])
• 15bec9efb9d6d772d409e6f09f2cfc43a0a62d1e: chore: bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (@dependabot[bot])
• 752b9e0488f6687f7dec17b4f540740f8f2af349: chore: bump github/codeql-action from 2.22.7 to 2.22.8 (@dependabot[bot])
• bcf7ecfb9a5e75966030ecb5eedd882695470179: Update README.md - fixing quickstart url (@clemenko)
• f65b232d1180a7835d46aa18e77057b1c7192352: [StepSecurity] Apply security best practices (#316) (@step-security-bot)
• 81bdfceb96602f5a764e77be760469c710342fa1: Improve gha (#318) (@kairoaraujo)
• a56715e38a3d1b6f47e6bd1545ba73e343b51f3f: Refactoring error messages to use %w formatting directive and fix logging issue (#314) (@ChaosInTheCRD)
• b19afc804aa110c2bba53d57563deadb9df2f018: Fix initial pre-commit violations (#319) (@jkjell)
• 862d8c4ce24cd052bb1e16e70dceb2fe08b7f26a: chore: bump actions/upload-artifact from 3.0.0 to 3.1.3 (#320) (@dependabot[bot])
• a823f5836f4643dc828523f13782b81cdf8d94d3: chore: bump actions/checkout from 3.6.0 to 4.1.1 (#321) (@dependabot[bot])
• 684fd6a3be19919ea379c2da6dae9f2553586a41: chore: bump actions/setup-go from 4.1.0 to 5.0.0 (#322) (@dependabot[bot])
• 709ad35dc707570f0098c4be878b8b2202967e9b: chore: bump github/codeql-action from 2.22.8 to 2.22.9 (#323) (@dependabot[bot])
• 71856fdfca7ed25df60f5126b3e729bb676bcf77: chore: bump actions/dependency-review-action from 2.5.1 to 3.1.4 (#324) (@dependabot[bot])
• f0c8f437afa9641bef71ef44e1ebe0437010d24e: Adding help to Makefile and updating make test target (#325) (@ChaosInTheCRD)
• 937eab874bd134e16f80b13fb77e3f45bbd51a74: Adding the contributing.md from archivista (#327) (@ChaosInTheCRD)
• c0f5843440616ccd645a76a75e83d95cea7c2644: Migrating go module (#328) (@ChaosInTheCRD)
• c06555dacd185811f6c86eea1b4b3d9031284b99: Migrating to the use of in-toto/go-witness module (#331) (@ChaosInTheCRD)
• b36c96d911c5b7d5d750604ba9560c42dc73063d: Bumping Go version for goreleaser (#333) (@ChaosInTheCRD)

New Contributors

• @blhagadorn made their first contribution in https://github.com/in-toto/witness/pull/288
• @jkjell made their first contribution in https://github.com/in-toto/witness/pull/294
• @lmco-seth made their first contribution in https://github.com/in-toto/witness/pull/297
• @shenxianpeng made their first contribution in https://github.com/in-toto/witness/pull/311
• @clemenko made their first contribution in https://github.com/in-toto/witness/pull/313
• @step-security-bot made their first contribution in https://github.com/in-toto/witness/pull/316
• @kairoaraujo made their first contribution in https://github.com/in-toto/witness/pull/318
• @DataDavD made their first contribution in https://github.com/in-toto/witness/pull/292
• @ChaosInTheCRD made their first contribution in https://github.com/in-toto/witness/pull/314

Full Changelog: https://github.com/in-toto/witness/compare/v0.1.14...v0.2.0