Release v2.0.0 · sigstore/sigstore-java

See CHANGELOG.md for more details.

What's Changed

Add repo info to create release by @loosebazooka in #908
Update dependency dev.sigstore:protobuf-specs to v0.4.0 by @renovate[bot] in #903
Update after v1.3.0 release by @loosebazooka in #909
Update conformance.yml to 0.0.17 by @loosebazooka in #910
Update dependency commons-codec:commons-codec to v1.18.0 by @renovate[bot] in #902
Update sigstore/community digest to f1c21e9 by @renovate[bot] in #894
Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.1 by @renovate[bot] in #895
Update actions/upload-artifact action to v4.6.1 by @renovate[bot] in #911
Update dependency com.google.oauth-client:google-oauth-client-bom to v1.38.0 by @renovate[bot] in #913
Update dependency com.google.http-client:google-http-client-bom to v1.46.3 by @renovate[bot] in #912
chore: bump junit to 5.12 by @vlsi in #915
Update dependency org.junit:junit-bom to v5.12.0 by @renovate[bot] in #914
chore(deps): update gradle/actions action to v4.3.0 by @renovate[bot] in #916
fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7 by @renovate[bot] in #919
fix(deps): update dependency org.jetbrains.dokka:org.jetbrains.dokka.gradle.plugin to v2 by @renovate[bot] in #921
chore(deps): update dependency gradle to v8.13 by @renovate[bot] in #807
Gradle plugin: Replace findProperty with Isolated Project compatible … by @hfhbd in #811
fix: add workaround for providers.gradleProperty for pre-7.4 Gradle versions by @vlsi in #924
Make token string oidc client available outside of cli by @loosebazooka in #925
chore: use Gradle Java toolchains for the build and test execution by @vlsi in #923
tuf: use cached targets when available by @loosebazooka in #926
chore: do not require Java 17 for launching Gradle yet by @vlsi in #927
fix(deps): update dependency com.google.errorprone:error_prone_core to v2.36.0 by @renovate[bot] in #820
fix(deps): update dependency org.mockito:mockito-bom to v5.16.0 by @renovate[bot] in #918
chore(deps): update theupdateframework/tuf-conformance action to v2.3.0 by @renovate[bot] in #917
chore(deps): update sigstore/community digest to 61b77fe by @renovate[bot] in #928
fix(deps): update dependency org.junit:junit-bom to v5.12.1 by @renovate[bot] in #932
fix(deps): update dependency org.mockito:mockito-bom to v5.16.1 by @renovate[bot] in #933
chore(deps): update actions/upload-artifact action to v4.6.2 by @renovate[bot] in #929
chore(deps): update dependency go to 1.24.x by @renovate[bot] in #935
fix(deps): update dependency com.google.guava:guava to v33.4.6-jre by @renovate[bot] in #930
fix(deps): update dependency com.google.errorprone:error_prone_core to v2.37.0 by @renovate[bot] in #936
fix(deps): update protobuf_grpc by @renovate[bot] in #938
fix(deps): update dependency com.google.oauth-client:google-oauth-client-bom to v1.39.0 by @renovate[bot] in #937
chore(deps): update actions/setup-go action to v5.4.0 by @renovate[bot] in #934
chore(deps): update sigstore/community digest to b9f2e38 by @renovate[bot] in #939
chore(deps): update actions/setup-java action to v4.7.1 by @renovate[bot] in #940
fix(deps): update dependency com.google.guava:guava to v33.4.8-jre by @renovate[bot] in #943
fix(deps): update dependency dev.sigstore:protobuf-specs to v0.4.1 - autoclosed by @renovate[bot] in #944
fix(deps): update dependency org.junit:junit-bom to v5.12.2 by @renovate[bot] in #945
fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7.0.3 by @renovate[bot] in #942
chore(deps): update gradle/actions action to v4.3.1 by @renovate[bot] in #941
chore(deps): update dependency gradle to v8.14 by @renovate[bot] in #949
chore(deps): update sigstore/sigstore-conformance action to v0.0.18 - autoclosed by @renovate[bot] in #947
chore(deps): update sigstore/community digest to ab62b20 by @renovate[bot] in #946
fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.2.0 by @renovate[bot] in #955
fix(deps): update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.9 by @renovate[bot] in #953
fix(deps): update dependency com.google.http-client:google-http-client-bom to v1.47.0 by @renovate[bot] in #952
fix(deps): update dependency com.google.errorprone:error_prone_core to v2.38.0 by @renovate[bot] in #951
fix(deps): update dependency com.google.code.gson:gson to v2.13.1 by @renovate[bot] in #950
Add signing config parsers by @loosebazooka in #956
Update google-java-format to 1.24.0 by @loosebazooka in #957
Allow targetStore to return input streams by @loosebazooka in #962
chore: migrate to Kotlin Dokka 2.0 by @vlsi in #964
Use SigstoreConfigurationException more widely by @loosebazooka in #963
Add timestamp client and verifier by @aaronlew02 in #960
Consume signing_config v0.2 from TUF repo if availalbe. by @loosebazooka in #965
ignoreUnknownFields when parsing json by @loosebazooka in #966
chore(deps): update dependency gradle to v8.14.1 by @renovate[bot] in #969
chore(deps): update actions/setup-go action to v5.5.0 by @renovate[bot] in #971
chore(deps): update gradle/actions action to v4.4.0 by @renovate[bot] in #972
chore(deps): update sigstore/community digest to 55b19bf by @renovate[bot] in #968
Add providers for signing config and legacy helper by @loosebazooka in #967
Update Examples action to run on Windows, MacOs, and Linux by @keastrid in #974
Use Sigstore staging TSA in timestamp client by @aaronlew02 in #975
Run dev/release examples in separate jobs by @loosebazooka in #976
Add artifact validation and staging tests to timestamp verifier by @aaronlew02 in #977
Add RFC3161 timestamps to bundle reader and writer by @aaronlew02 in #978
Add RFC3161 timestamps to keyless signer and verifier by @aaronlew02 in #979
Push signing config through all our clients by @loosebazooka in #981
Add support for ED25519 in trusted_root by @loosebazooka in #983
Use service helper to create temp services by @loosebazooka in #984
Reduce redundant action runs by @loosebazooka in #985
use main on concurrency checks by @loosebazooka in #986
Update protobuf-specs by @loosebazooka in #988
fix concurrency by @loosebazooka in #989
Update dependency org.apache.maven:maven-core to v3.9.10 by @renovate[bot] in #995
Extract inclusion proof verifier into a new library by @aaronlew02 in #998
Update dependency org.apache.maven:maven-plugin-api to v3.9.10 by @renovate[bot] in #996
Add support for Ed25519 signatures by @aaronlew02 in #1000
group maven in renovate.json by @loosebazooka in #1003
Update maven build by @loosebazooka in #1004
Avoid having users look at ImmutableHttpParams by @loosebazooka in #1006
Add Rekor v2 client and verifier by @aaronlew02 in #990
Allow RekorEntry to be built from TransparencyLogEntry by @aaronlew02 in #1013
Add Rekor v2 staging URI to LegacySigningConfig by @aaronlew02 in #1014
Unify Rekor v1 and v2 verifiers by @aaronlew02 in #1016
Add Rekor v2 support to bundle reader and writer by @aaronlew02 in #1017
Fix check for empty SET in RekorVerifier by @aaronlew02 in #1020
Move TLogEntry-to-RekorEntry converter to ProtoMutators by @aaronlew02 in #1021
Add Rekor v2 support to keyless signer and verifier by @aaronlew02 in #1008
fix(test): Update TUF client test for public good signing config v0.2 by @aaronlew02 in #1025
fix: Re-add timestamp verification in KeylessVerifier by @aaronlew02 in #1024
Match signer chosing to algorithm registry by @loosebazooka in #1027
fix(deps): update dependency com.google.http-client:google-http-client-bom to v1.47.1 by @renovate[bot] in #1009
Require signing config from TUF and remove legacy fallback by @aaronlew02 in #1028
Add DSSE envelope checks for Rekor v2 by @aaronlew02 in #1031
Replace LegacySigningConfig with TUF signing config by @aaronlew02 in #1032
fix: Get Rekor v2 from signing config if enabled by @aaronlew02 in #1035
fix(test): Verify signing result for Rekor v1 vs. v2 by @aaronlew02 in #1037
Get Rekor v2 service from TUF signing config by @aaronlew02 in #1040
fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7.2.1 by @renovate[bot] in #993
chore(deps): update sigstore/community digest to 74d6625 by @renovate[bot] in #992
chore(deps): update gradle/actions action to v4.4.1 by @renovate[bot] in #1011
chore(deps): update plugin org.gradlex.maven-plugin-development to v1.0.3 by @renovate[bot] in #1036
fix(deps): update dependency org.eclipse.jetty:jetty-server to v11.0.25 by @renovate[bot] in #931
Add option to use conformance token by @loosebazooka in #1041
Use HTTP server for conformance testing by @aaronlew02 in #1038
chore(deps): update dependency gradle to v8.14.3 by @renovate[bot] in #994
Configure maven central publishing by @loosebazooka in #1042
Apply httpparams more universally by @loosebazooka in #1046
URL -> URI by @loosebazooka in #1047
prepare for 2.0.0-rc1 by @loosebazooka in #1048
Updates after 2.0.0-rc1 release by @loosebazooka in #1050
Update README.md by @loosebazooka in #1051
Update google-github-actions/get-secretmanager-secrets action to v2.2.4 by @renovate[bot] in #1057
Update dependency org.assertj:assertj-core to v3.27.4 by @renovate[bot] in #1056
Update dependency com.github.autostyle:com.github.autostyle.gradle.plugin to v4.0.1 by @renovate[bot] in #1054
Update sigstore/community digest to ff42fd8 by @renovate[bot] in #1053
Update dependency com.gradleup.nmcp:com.gradleup.nmcp.gradle.plugin to v1.0.3 by @renovate[bot] in #1055
Update google-github-actions/auth digest to dac4e13 by @renovate[bot] in #1052
Group gradleup.nmcp in renovate.json by @loosebazooka in #1058
Update conformance with new xfail by @loosebazooka in #1060
tuf Updater: fix snapshot version rollback case by @jku in #1061
cli: Add working directory and enable Rekor v2 by @aaronlew02 in #1062
Use HTTP server for TUF conformance testing by @aaronlew02 in #1045
ref: Simplify hashedrekord and DSSE parsing exceptions by @aaronlew02 in #1064
fix: Reject unsupported DSSE version by @aaronlew02 in #1063
Fix userAgent string in requests by @loosebazooka in #1066
Add Rekor v2 types to RekorTypes by @aaronlew02 in #1073
Handle null inputs parsing rekor entry by @loosebazooka in #1074
Catch json parse error from gson by @loosebazooka in #1075
chore(deps): update sigstore/community digest to d7264e2 by @renovate[bot] in #1067
chore(deps): update google-github-actions/auth action to v2.1.13 by @renovate[bot] in #1068
chore(deps): update gradle/actions action to v4.4.3 by @renovate[bot] in #1070
chore(deps): update google-github-actions/get-secretmanager-secrets action to v2.2.5 by @renovate[bot] in #1069
chore(deps): update sigstore/sigstore-conformance action to v0.0.20 by @renovate[bot] in #1071
fix(deps): update jetty monorepo to v11.0.26 - autoclosed by @renovate[bot] in #1072
chore(deps): update sigstore/sigstore-conformance action to v0.0.21 by @renovate[bot] in #1078
chore(deps): update sigstore/community digest to f539f57 by @renovate[bot] in #1077
fix(deps): update dependency com.google.code.gson:gson to v2.13.2 by @renovate[bot] in #1079
fix(deps): update dependency org.assertj:assertj-core to v3.27.6 by @renovate[bot] in #1080
chore(deps): update actions/checkout action to v4.3.0 by @renovate[bot] in #1081
chore(deps): update dependency go to 1.25.x by @renovate[bot] in #1082
remove oidc config from gradle plugin by @loosebazooka in #1076
fix(deps): update dependency com.google.guava:guava to v33.5.0-jre by @renovate[bot] in #1090
fix(deps): update dependency com.google.errorprone:error_prone_core to v2.42.0 by @renovate[bot] in #1089
fix(deps): update bouncycastle to v1.82 by @renovate[bot] in #1087
chore(deps): update sigstore/community digest to f09be1d by @renovate[bot] in #1085
chore(deps): update gradle/actions action to v4.4.4 by @renovate[bot] in #1086
fix(deps): update dependency com.code-intelligence:jazzer-api to v0.26.0 by @renovate[bot] in #1088
Update after 2.0.0-rc2 release by @loosebazooka in #1092
Update conformance.yml by @loosebazooka in #1093
fix(deps): update dependency com.google.errorprone:error_prone_core to v2.44.0 by @renovate[bot] in #1096
chore(deps): update theupdateframework/tuf-conformance action to v2.4.0 by @renovate[bot] in #1095
chore(deps): update sigstore/community digest to 816d0b6 by @renovate[bot] in #1094
fix(deps): update dependency dev.sigstore:protobuf-specs to v0.5.0 by @renovate[bot] in #1100
fix(deps): update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.10 - autoclosed by @renovate[bot] in #1099
fix(deps): update dependency org.jetbrains.dokka-javadoc:org.jetbrains.dokka-javadoc.gradle.plugin to v2.1.0 by @renovate[bot] in #1102
fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.3.0 by @renovate[bot] in #1101
chore: use Java 21 for building sigstore-java by @vlsi in #1044
test: improve Gradle compatibility matrix by @vlsi in #1107
Fixes after java 21 update by @loosebazooka in #1106
fix(deps): update dependency org.junit:junit-bom to v5.14.1 by @renovate[bot] in #1103
fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 by @renovate[bot] in #1104
Add support for creating and uploading DSSE attestations by @aaronlew02 in #1084
Update conformance.yml by @loosebazooka in #1113
fix(deps): Migrate conformance servers from Jetty 11 to Jetty 12 by @aaronlew02 in #1111
workflows: Run conformance suites in parallel by @jku in #1109
docs: Update Maven Central badge URL in README by @aaronlew02 in #1114
Wrap json operations for checked exceptions by @loosebazooka in #1115
fix(deps): update maven by @renovate[bot] in #1010
Prepare for 2.0.0 by @loosebazooka in #1117

New Contributors

@hfhbd made their first contribution in #811
@aaronlew02 made their first contribution in #960
@keastrid made their first contribution in #974
@jku made their first contribution in #1061

Full Changelog: v1.3.0...v2.0.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v2.0.0

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

What's Changed

New Contributors

Contributors

Uh oh!