Releases: openvex/vexctl
Releases · openvex/vexctl
Release list
v0.4.4
Immutable
release. Only release title and notes can be modified.
What's Changed
- Bump github.com/sigstore/cosign/v2 from 2.6.0 to 2.6.1 in the all group by @dependabot[bot] in #350
- Bump the all group with 2 updates by @dependabot[bot] in #351
- Bump softprops/action-gh-release from 2.3.4 to 2.4.0 in the all group by @dependabot[bot] in #352
- Bump the all group with 2 updates by @dependabot[bot] in #353
- Bump chainguard-dev/actions from 1.5.4 to 1.5.6 in the all group by @dependabot[bot] in #354
- Bump chainguard-dev/actions from 1.5.6 to 1.5.7 in the all group by @dependabot[bot] in #356
- Bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #357
- Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @dependabot[bot] in #355
- Bump the all group across 1 directory with 3 updates by @dependabot[bot] in #361
- Bump github.com/sigstore/rekor from 1.4.2 to 1.4.3 in the all group by @dependabot[bot] in #360
- Bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in #363
- Bump actions/setup-go from 6.0.0 to 6.1.0 in the all group by @dependabot[bot] in #364
- Bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in #365
- Bump golangci/golangci-lint-action from 8.0.0 to 9.1.0 by @dependabot[bot] in #366
- Bump chainguard-dev/actions from 1.5.9 to 1.5.10 in the all group by @dependabot[bot] in #367
- Bump github.com/google/go-containerregistry from 0.20.6 to 0.20.7 in the all group by @dependabot[bot] in #368
- Bump softprops/action-gh-release from 2.4.2 to 2.5.0 in the all group by @dependabot[bot] in #369
- Bump actions/checkout from 6.0.0 to 6.0.1 in the all group by @dependabot[bot] in #370
- Bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 in the all group by @dependabot[bot] in #371
- Bump github.com/spf13/cobra from 1.10.1 to 1.10.2 in the all group by @dependabot[bot] in #372
- Bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #376
- Updates by @cpanato in #373
- Bump github.com/secure-systems-lab/go-securesystemslib from 0.9.1 to 0.10.0 by @dependabot[bot] in #379
- Bump github.com/sigstore/sigstore from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.3 by @dependabot[bot] in #377
- Bump github.com/sigstore/fulcio from 1.7.1 to 1.8.3 by @dependabot[bot] in #374
- Bump chainguard-dev/actions from 1.5.10 to 1.5.11 in the all group by @dependabot[bot] in #380
- Bump github.com/sigstore/cosign/v2 from 2.6.1 to 2.6.2 in the all group by @dependabot[bot] in #381
- Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 by @dependabot[bot] in #382
- Bump actions/setup-go from 6.1.0 to 6.2.0 in the all group by @dependabot[bot] in #383
- Bump the all group across 1 directory with 2 updates by @dependabot[bot] in #386
- Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.4.1 by @dependabot[bot] in #392
- Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 by @dependabot[bot] in #388
- Bump the all group across 1 directory with 2 updates by @dependabot[bot] in #391
- Bump chainguard-dev/actions from 1.5.13 to 1.5.14 in the all group by @dependabot[bot] in #393
- Bump chainguard-dev/actions from 1.5.14 to 1.5.16 in the all group by @dependabot[bot] in #394
- Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in the all group by @dependabot[bot] in #395
- Bump chainguard-dev/actions from 1.6.0 to 1.6.1 in the all group by @dependabot[bot] in #396
- Bump chainguard-dev/actions from 1.6.1 to 1.6.2 in the all group by @dependabot[bot] in #397
- Bump chainguard-dev/actions from 1.6.2 to 1.6.4 in the all group by @dependabot[bot] in #400
- Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by @dependabot[bot] in #401
- Bump the all group across 1 directory with 2 updates by @dependabot[bot] in #404
- Bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in #403
- Bump github.com/package-url/packageurl-go from 0.1.3 to 0.1.4 in the all group by @dependabot[bot] in #398
- Bump github.com/google/go-containerregistry from 0.20.7 to 0.21.0 by @dependabot[bot] in #399
- Bump chainguard-dev/actions from 1.6.5 to 1.6.6 in the all group by @dependabot[bot] in #405
- Bump the all group with 2 updates by @dependabot[bot] in #406
- Bump the all group across 1 directory with 3 updates by @dependabot[bot] in #411
- Bump the all group across 1 directory with 5 updates by @dependabot[bot] in #415
- Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in #421
- Bump the all group across 1 directory with 2 updates by @dependabot[bot] in #420
- Port to new intoto/attestation by @puerco in #417
- Bump the all group across 1 directory with 2 updates by @dependabot[bot] in #423
- fix(add): allow add without --product flag by @ricardbejarano in #422
- Bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in #412
- Bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.10.0 by @dependabot[bot] in #390
- Bump kubernetes-sigs/release-actions from 0.4.2 to 0.4.3 in the all group by @dependabot[bot] in #424
- Bump github.com/google/go-containerregistry from 0.21.3 to 0.21.4 in the all group by @dependabot[bot] in #425
- Bump actions/upload-artifact from 7.0.0 to 7.0.1 in the all group by @dependabot[bot] in #427
- Bump github.com/sigstore/cosign/v2 from 2.6.2 to 2.6.3 in the all group by @dependabot[bot] in #426
- Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 by @dependabot[bot] in #433
- Bump github.com/google/go-containerregistry from 0.21.4 to 0.21.5 in the all group across 1 directory by @dependabot[bot] in #432
- Bump softprops/action-gh-release from 2.6.1 to 3.0.0 by @dependabot[bot] in #431
- Bump chainguard-dev/actions from 1.6.13 to 1.6.14 in the all group by @dependabot[bot] in #430
- Bump the all group with 2 updates by @dependabot[bot] in #434
- Bump github.com/secure-systems-lab/go-securesystemslib from 0.10.0 to 0.11.0 by @dependabot[bot] in #435
- Bump github.com/package-url/packageurl-go from 0.1.5 to 0.1.6 in the all group by @dependabot[bot] in #437
- Bump the all group with 2 updates by @dependabot[bot] in #436
- Bump chainguard-dev/actions from 1.6.16 to 1.6.17 in the all group by @dependabot[bot] in #438
- Bump chainguard-dev/actions from 1.6.17 to 1.6.19 in the all group by @dependabot[bot] in #439
- Bump sigstore/cosign-installer from 4.1.1 to 4.1.2 in the all group by @dependabot[bot] in #440
- build(deps): Bump the all group across 1 directory with 2 updates by @dependabot[bot] in #443
- build(deps): Bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 in the all group by @dependabot[bot] in #442
- build(deps): Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 in the all group by @dependabot[bot] in #445
- build(deps): Bump github.com/sigstore/rekor from 1.5.1 to 1.5.2 in the all group by @dependabot[bot] in #446
- build(deps): Bump github.com/sigstore/sigstore from 1.10.6 to 1.10.8 in the all group by @dependabot[bot] in #447
- build(deps): Bump the all group with 2 updates by @dependabot[bot] in #448
- build(deps): Bump chainguard-dev/actions from 1.6.21 to 1.6.22 in the all group by @dependabot[bot] in #449
- build(deps): Bump chainguard-dev/actions from 1.6...
v0.4.1
ℹ️ This minor release corrects a problem where the naming scheme of the binaries was reversed in v0.4.0, breaking the installer action. No code changes.
What's Changed
- Reverse platform+os naming cheme by @paulinayanez in #349
New Contributors
- @paulinayanez made their first contribution in #349
Full Changelog: v0.4.0...v0.4.1
v0.4.0
What's Changed
- upgrade to go1.23 by @cpanato in #245
- Bump sigs.k8s.io/release-utils from 0.8.4 to 0.8.5 in the all group by @dependabot[bot] in #246
- Bump actions/checkout from 4.1.7 to 4.2.0 in the all group by @dependabot[bot] in #247
- Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 in the all group by @dependabot[bot] in #249
- Bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 in the all group by @dependabot[bot] in #248
- Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 in the all group by @dependabot[bot] in #250
- Bump the all group with 2 updates by @dependabot[bot] in #251
- Bump actions/upload-artifact from 4.4.1 to 4.4.2 in the all group by @dependabot[bot] in #252
- Bump actions/upload-artifact from 4.4.2 to 4.4.3 in the all group by @dependabot[bot] in #253
- Bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 in the all group by @dependabot[bot] in #254
- Bump kubernetes-sigs/release-actions from 0.2.0 to 0.3.0 in the all group by @dependabot[bot] in #255
- Bump actions/checkout from 4.2.1 to 4.2.2 in the all group by @dependabot[bot] in #256
- Bump actions/setup-go from 5.0.2 to 5.1.0 in the all group by @dependabot[bot] in #257
- Bump softprops/action-gh-release from 2.0.8 to 2.0.9 in the all group by @dependabot[bot] in #258
- Bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 in the all group by @dependabot[bot] in #259
- Bump softprops/action-gh-release from 2.0.9 to 2.1.0 in the all group by @dependabot[bot] in #261
- Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in the go_modules group by @dependabot[bot] in #260
- Bump the all group with 2 updates by @dependabot[bot] in #263
- Bump golang.org/x/crypto from 0.28.0 to 0.31.0 in the go_modules group by @dependabot[bot] in #264
- Bump actions/upload-artifact from 4.4.3 to 4.5.0 in the all group by @dependabot[bot] in #266
- Bump softprops/action-gh-release from 2.2.0 to 2.2.1 in the all group by @dependabot[bot] in #267
- Bump actions/upload-artifact from 4.5.0 to 4.6.0 in the all group by @dependabot[bot] in #269
- Bump ko-build/setup-ko from 0.7 to 0.8 in the all group by @dependabot[bot] in #270
- Bump go dependencies manually by @puerco in #272
- Bump sigs.k8s.io/release-utils from 0.8.5 to 0.9.0 by @dependabot[bot] in #273
- Bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 in the all group by @dependabot[bot] in #274
- Bump actions/setup-go from 5.2.0 to 5.3.0 in the all group by @dependabot[bot] in #275
- Bump github.com/sigstore/rekor from 1.3.8 to 1.3.9 in the all group by @dependabot[bot] in #276
- Bump sigs.k8s.io/release-utils from 0.9.0 to 0.10.0 by @dependabot[bot] in #277
- Bump golangci/golangci-lint-action from 6.2.0 to 6.3.0 in the all group by @dependabot[bot] in #280
- Bump the all group with 2 updates by @dependabot[bot] in #279
- Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 in the all group by @dependabot[bot] in #281
- Bump golangci/golangci-lint-action from 6.3.0 to 6.3.2 in the all group by @dependabot[bot] in #282
- Bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 in the all group by @dependabot[bot] in #283
- Bump golangci/golangci-lint-action from 6.3.2 to 6.3.3 in the all group by @dependabot[bot] in #284
- Bump github.com/sigstore/sigstore from 1.8.12 to 1.8.14 in the all group by @dependabot[bot] in #285
- Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot[bot] in #286
- Bump golangci/golangci-lint-action from 6.3.3 to 6.5.0 in the all group by @dependabot[bot] in #287
- use go1.24 and update golangci-lint by @cpanato in #288
- Bump the all group with 2 updates by @dependabot[bot] in #289
- Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 in the all group by @dependabot[bot] in #290
- Bump actions/upload-artifact from 4.6.0 to 4.6.1 in the all group by @dependabot[bot] in #291
- Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by @dependabot[bot] in #292
- Bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 in the go_modules group by @dependabot[bot] in #293
- Bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by @dependabot[bot] in #297
- Bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 in the all group by @dependabot[bot] in #296
- Bump golangci/golangci-lint-action from 6.5.1 to 6.5.2 in the all group by @dependabot[bot] in #299
- Bump the all group with 2 updates by @dependabot[bot] in #300
- Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 in the go_modules group by @dependabot[bot] in #301
- Bump github.com/sigstore/sigstore from 1.8.15 to 1.9.1 by @dependabot[bot] in #295
- Bump sigs.k8s.io/release-utils from 0.11.0 to 0.11.1 in the all group by @dependabot[bot] in #303
- Bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 in the all group by @dependabot[bot] in #304
- Bump ko-build/setup-ko from 0.8 to 0.9 in the all group by @dependabot[bot] in #308
- Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 by @dependabot[bot] in #306
- Bump kubernetes-sigs/release-actions from 0.3.0 to 0.3.1 in the all group by @dependabot[bot] in #309
- Bump softprops/action-gh-release from 2.2.1 to 2.2.2 in the all group by @dependabot[bot] in #310
- Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 in the all group by @dependabot[bot] in #311
- Bump the all group across 1 directory with 2 updates by @dependabot[bot] in #307
- Bump github.com/sigstore/sigstore from 1.9.3 to 1.9.4 in the all group by @dependabot[bot] in #312
- Bump actions/setup-go from 5.4.0 to 5.5.0 in the all group by @dependabot[bot] in #314
- Bump github.com/google/go-containerregistry from 0.20.3 to 0.20.4 in the all group by @dependabot[bot] in #315
- Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in the go_modules group by @dependabot[bot] in #318
- Bump softprops/action-gh-release from 2.2.2 to 2.3.0 in the all group by @dependabot[bot] in #317
- Bump softprops/action-gh-release from 2.3.0 to 2.3.2 in the all group by @dependabot[bot] in #319
- Bump the all group across 1 directory with 2 updates by @dependabot[bot] in #320
- Bump the all group with 2 updates by @dependabot[bot] in #322
- Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 in the all group by @dependabot[bot] in #323
- Bump github.com/sigstore/cosign/v2 from 2.5.1 to 2.5.2 in the all group by @dependabot[bot] in #324
- Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 in the all group by @dependabot[bot] in #325
- Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in the go_modules group by @dependabot[bot] in #326
- Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.5.3 in the all group by @dependabot[bot] in #327
- Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 in the all group by @dependabot[bot] in #329
- Bump sigs.k8s.io/release-utils from 0.11.1 to 0.12.0 by @dependabot[bot] in #328
- Bump github.com/sigstore/rekor from 1.3.10 to 1.4.0 by @dependabot[bot] in #330
- Bump github.com/secure-systems-lab/go-securesystemslib from 0.9.0 to 0.9.1 in the all group by @dependabot[bot] in #331
- Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #332
- update release-utils and fix pkg n...
v0.3.0
What's Changed
- Fix linter errors for the template by @shafeeqes in #151
- upgrade go to 1.22 / general housekeeping and lint fixes by @cpanato in #172
- run attest in prs to test the entire release flow by @cpanato in #179
- Add support for Golang GO-* vulnerability identifier by @ferozsalam in #182
- update installation methods with homebrew by @stephengroat in #205
- fix(create): support multiple
--productflags by @felipecruz91 in #216 - Add support to vulnerability aliases by @macedogm in #220
- Fix Copyright in Boilerplates by @puerco in #223
- Improve the generated template README by @macedogm in #224
- Update go.mod and golanci-lint by @cpanato in #229
- Fix OCI repository URL resolution by @knqyf263 in #235
New Contributors
- @shafeeqes made their first contribution in #151
- @stephengroat made their first contribution in #205
- @felipecruz91 made their first contribution in #216
- @macedogm made their first contribution in #220
- @knqyf263 made their first contribution in #235
Full Changelog: v0.2.6...v0.3.0
v0.2.6
What's Changed
- revamp release job, cleanups and add snapshot job by @cpanato in #138
- Bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 by @dependabot in #140
- Move release actions to kubernetes-sigs by @puerco in #141
- Bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 by @dependabot in #142
- Update examples to v0.2.0 by @puerco in #145
- Fix bug when updating documents in place. by @puerco in #144
- Bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.2 by @dependabot in #146
- Fix keyless verification of openvex attesatations by @puerco in #147
- Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #148
- Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #149
- vexctl generate by @puerco in #150
Full Changelog: v0.2.5...v0.2.6
v0.2.5
What's Changed
- Update vexctl to spec v0.2.0 by @puerco in #92
- show subcommand creation for review by @brandtkeller in #115
- Refactor commands and CLI options by @puerco in #110
- Update SARIF filtering examples by @puerco in #109
- upgrade to go1.21 by @cpanato in #121
- vexctl add subcommand by @puerco in #111
- Update README examples to v0.2.0 by @puerco in #127
- Update vexctl attest by @puerco in #126
New Contributors
- @brandtkeller made their first contribution in #115
Full Changelog: v0.2.3...v0.2.5
v0.2.3
What's Changed
Full Changelog: v0.2.2...v0.2.3
v0.2.0
What's Changed
- vexctl: Forked repo kickstart by @puerco in #1
- Break dependency on old chainguard/vex module by @puerco in #2
- switch CVE to official 'sample' ID by @attritionorg in #5
- Restore attestation capability after repo split by @puerco in #6
- Update import paths to openvex/go-vex by @puerco in #7
New Contributors
- @puerco made their first contribution in #1
- @attritionorg made their first contribution in #5
Full Changelog: v0.1.0...v0.2.0