Releases: theupdateframework/go-tuf
Releases · theupdateframework/go-tuf
v0.4.0
Changelog
Features
- af3c7d6: feat: Add new
statuscommand (#342) (@doanac) - 4febe4c: feat(keys): JSON unmarshal hardening. (#275) (@Zenithar)
Bug fixes
- 9020b3c: fix: Remove typo in Alternate signing flow (#344) (@elfotografo007)
- 9334b3f: fix: Redirect passphrase output to Standard error (#343) (@elfotografo007)
- 2e6c621: fix: require length and hashes for target metadata (#345) (@asraa)
- 37601e1: fix: filesystemStore fails to prepend target file hashes on Windows (#274) (@torin-carey)
- 2b415d0: fix: update leveldb dependency (#350) (@mfmarche)
- 1b070ee: fix: add leveldb recover ability (#352) (@mfmarche)
- 64ded18: fix(verify): Fix a vulnerability in the verification of threshold signatures (due to handling of keys with multiple IDs) (#369) (@cedricvanrompay-datadog)
Others
- 529fcca: chore(deps): bump arnested/go-version-action from 1.1.3 to 1.1.4 (#334) (@dependabot[bot])
- f5f12b1: docs: Misc. docs fixes (#337) (@znewman01)
- 0f17236: docs: Add release process info for maintainers (#336) (@znewman01)
- 40b67d2: chore(deps): bump actions/setup-python from 4.0.0 to 4.1.0 (#340) (@dependabot[bot])
- 9d0031b: chore(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#339) (@dependabot[bot])
- 768b63a: chore(deps): bump actions/setup-python from 4.1.0 to 4.2.0 (#351) (@dependabot[bot])
- 8124e8a: chore!: Remove deprecated client Init() function (#353) (@znewman01)
- 8b2d2ab: ci: Fix typo in Pull Request template (#355) (@znewman01)
- f3a48f7: refactor!: rename "InitLocal" to "Init" (#354) (@znewman01)
- ebbc6b8: chore(deps): bump arnested/go-version-action from 1.1.4 to 1.1.5 (#359) (@dependabot[bot])
- 9b6c503: chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#361) (@dependabot[bot])
- d7ff71b: test: Update Python interop tests to python-tuf v1.0.0 (#228) (@znewman01)
- ac7b5d7: chore(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0 (#366) (@dependabot[bot])
- 06ed599: build: Use Go 1.17 for golangci linting and update golangci/golangci-lint-action (#364) (@ethan-lowman-dd)
Contributors
Zenithar, doanac, and 8 other contributors
Assets 12
v0.3.1
Changelog
Features
- 4bf58eb: feat: add
payloadandadd-signaturecommands. (#214) (@znewman01) - 39c23cb: feat: add workflow responsible for notifying of new TUF spec release (#287) (@rdimitrov)
- 355e39c: feat: Implement TAP-12 support (#310) (@znewman01)
Bug fixes
- 9a41055: fix: check root metadata verification before snapshotting (#293) (@asraa)
- e3efe98: fix: verify length and hashes of fetched bytes before parsing (#325) (@joshuagl)
Others
- ea0f98a: chore(deps): bump arnested/go-version-action from 1.0.67 to 1.0.69 (#288) (@dependabot[bot])
- 6722937: chore(deps): bump golangci/golangci-lint-action from 2.5.2 to 3.2.0 (#289) (@dependabot[bot])
- e2594e6: chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (#290) (@dependabot[bot])
- 580db19: chore(deps): bump goreleaser/goreleaser-action from 2.9.1 to 3 (#294) (@dependabot[bot])
- 5884dab: chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#295) (@dependabot[bot])
- 3b26aed: chore(deps): bump arnested/go-version-action from 1.0.69 to 1.0.70 (#297) (@dependabot[bot])
- 041e818: chore(deps): bump github.com/secure-systems-lab/go-securesystemslib (#298) (@dependabot[bot])
- ad96eca: chore(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#299) (@dependabot[bot])
- 36633af: chore(deps): bump arnested/go-version-action from 1.0.70 to 1.1.0 (#300) (@dependabot[bot])
- e24b175: chore(deps): bump actions/setup-python from 3.1.2 to 4 (#311) (@dependabot[bot])
- 1684c68: docs: Update CONTRIBUTING.md, add MAINTAINERS.md (#309) (@znewman01)
- 4139c85: chore(deps): bump arnested/go-version-action from 1.1.0 to 1.1.3 (#316) (@dependabot[bot])
- 36a2930: build: update go version to 1.18 (#314) (@asraa)
- ae904d2: docs: Add DCO instructions (#319) (@znewman01)
- 81cd9b3: chore(deps): bump Python from 3.6 to 3.10 (#318) (@rdimitrov)
- 986a4c5: chore(deps): bump requests from 2.27.1 to 2.28.0 (#317) (@dependabot[bot])
- 439ce47: chore(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (#324) (@dependabot[bot])
- 3bb077e: chore(deps): bump requests from 2.28.0 to 2.28.1 (#332) (@dependabot[bot])
- eed9e6c: chore(deps): bump github.com/stretchr/testify from 1.7.4 to 1.8.0 (#331) (@dependabot[bot])
- 0d40b25: test: fix flakey util test (#333) (@asraa)
Contributors
znewman01, asraa, and 3 other contributors
Assets 12
v0.3.0
Changelog
Security
- ed6788e: security: implement protection against rollback attacks for roles other than root / Merge pull request from GHSA-66x3-6cw3-v5gj (@rdimitrov)
Features
- fd8ac04: feat: Support delegated targets roles in repo writer (#175) (@mnm678)
- ce6509c: feat: propose adding Zach Newman to list of maintainers (#271) (@trishankatdatadog)
Bug fixes
Others
- 507e038: user int64 for version (#240) (@arbll)
- 5b81b7e: ci: Check PR title instead of commits for conventional format (#264) (@ethan-lowman-dd)
- e2fb0ae: chore: add rdimitrov as maintainer (#268) (@asraa)
- 3dfbeb2: chore(deps): bump actions/checkout from 2 to 3 (#253) (@dependabot[bot])
- 3f1f3d7: chore(deps): bump amannn/action-semantic-pull-request (#276) (@dependabot[bot])
- 520db05: chore(deps): bump github/codeql-action from 1 to 2 (#277) (@dependabot[bot])
- f42dfb3: chore: bump golangci-lint timeout (#280) (@znewman01)
- 0fa2537: chore(deps): bump actions/setup-python from 2.3.2 to 3.1.2 (#267) (@dependabot[bot])
- 57b9f1e: chore: remove
GITHUB_TOKENfrom arnested/go-version-action (#259) (@arnested) - 5bbaae3: chore(deps): bump arnested/go-version-action from 1.0.65 to 1.0.67 (#281) (@dependabot[bot])
- 90f34f0: chore(deps): bump amannn/action-semantic-pull-request (#284) (@dependabot[bot])
Contributors
arnested, znewman01, and 8 other contributors
Assets 12
v0.2.0
Changelog
Others
- b98aea5: Rename assertNotNil to assertNoError, since the former name is incorrect (#230) (@ethan-lowman-dd)
- 314eed4: [Delegations prereq 6] Use a verify.DB for delegation in client (#196) (@ethan-lowman-dd)
- d85e0a2: [Delegations prereq 7] Make signers addressible by key ID in LocalStore (#197) (@ethan-lowman-dd)
- 885c290: [Delegations prereq 9] Make fileSystemStore.GetMeta read metadata files dynamically (#231) (@ethan-lowman-dd)
- b4df602: Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#235) (@dependabot[bot])
- 506b95a: Add pull request template with release note stub (#215) (@asraa)
- 8453bf6: Allow commit without adding targets (#238) (@znewman01)
- 545f98e: Add Reason to ErrInvalidKeys (#237) (@znewman01)
- 14b188b: Move hash bin helpers from internal/targets to pkg/targets (#244) (@ethan-lowman-dd)
- 2b4cbfe: Fix linter errors raised by staticcheck (#236) (@rdimitrov)
- 5d0a9c3: Add automatic releases using goreleaser (#234) (@rdimitrov)
- 2b4a5e1: chore(deps): bump actions/setup-go from 2.2.0 to 3 (#254) (@dependabot[bot])
- 0e889ad: chore: remove exposing the github oidc token in ci (#255) (@rdimitrov)
- a747dcc: ci: Bump golangci-lint to 1.45.2 (#265) (@ethan-lowman-dd)
Contributors
znewman01, asraa, and 3 other contributors