Skip to content

v0.1.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@segiddins segiddins released this 18 Oct 23:18
· 46 commits to main since this release
dae7235

What's Changed

  • Adopt some github workflows from sigstore-python by @segiddins in #2
  • Bump rake from 13.1.0 to 13.2.1 by @dependabot in #5
  • Bump codecov/codecov-action from 4.0.1 to 4.3.0 in the actions group by @dependabot in #3
  • Bump rubocop from 1.60.2 to 1.63.4 by @dependabot in #4
  • [StepSecurity] Apply security best practices by @step-security-bot in #6
  • Update precommit config by @segiddins in #7
  • Bump the actions group with 4 updates by @dependabot in #8
  • Bump codecov/codecov-action from 4.3.0 to 4.3.1 in the actions group by @dependabot in #10
  • Better errors + x509 parsing by @segiddins in #9
  • Bump ruby/setup-ruby from 1.175.1 to 1.176.0 in the actions group by @dependabot in #12
  • Bump actions/checkout from 4.1.4 to 4.1.5 in the actions group by @dependabot in #13
  • Begin implementing dsse/in-toto support by @segiddins in #11
  • Bump github/codeql-action from 3.25.3 to 3.25.4 in the actions group by @dependabot in #14
  • Bump ossf/scorecard-action from 2.3.1 to 2.3.3 in the actions group by @dependabot in #16
  • Bump github/codeql-action from 3.25.4 to 3.25.5 in the actions group by @dependabot in #17
  • Bump codecov/codecov-action from 4.3.1 to 4.4.0 in the actions group by @dependabot in #18
  • Bump the actions group across 1 directory with 4 updates by @dependabot in #20
  • Bump step-security/harden-runner from 2.7.1 to 2.8.0 in the actions group by @dependabot in #21
  • Bump ruby/setup-ruby from 1.177.0 to 1.177.1 in the actions group by @dependabot in #22
  • Bump rubocop from 1.63.4 to 1.64.0 by @dependabot in #23
  • Use ruby 3.3.1 in development by @segiddins in #24
  • Bump webmock from 3.23.0 to 3.23.1 by @dependabot in #25
  • Bump rubocop from 1.64.0 to 1.64.1 by @dependabot in #26
  • Bump timecop from 0.9.8 to 0.9.9 by @dependabot in #29
  • Bump the actions group across 1 directory with 4 updates by @dependabot in #33
  • Bump the actions group with 3 updates by @dependabot in #34
  • Bump the actions group with 2 updates by @dependabot in #35
  • Bump timecop from 0.9.9 to 0.9.10 by @dependabot in #36
  • Bump ruby/setup-ruby from 1.180.0 to 1.180.1 in the actions group by @dependabot in #37
  • Add codeowners file by @segiddins in #43
  • Update staging root to version 8 by @segiddins in #41
  • Extract TUF config to a class by @segiddins in #39
  • Implement TUF hash/length verification by @segiddins in #40
  • Start adding some tests for merkle verification by @segiddins in #42
  • Bump ruby/setup-ruby from 1.180.1 to 1.182.0 in the actions group by @dependabot in #54
  • TSA verification by @segiddins in #44
  • Bump the actions group with 2 updates by @dependabot in #57
  • Extract TUF Updater into tuf/ by @segiddins in #56
  • Support DSSE 0.0.1 DSSE envelopes by @segiddins in #58
  • Bump the actions group across 1 directory with 2 updates by @dependabot in #60
  • Bump ruby/setup-ruby from 1.185.0 to 1.187.0 in the actions group across 1 directory by @dependabot in #63
  • Bump the actions group across 1 directory with 2 updates by @dependabot in #65
  • Bump the actions group across 1 directory with 2 updates by @dependabot in #67
  • Bump rexml from 3.2.8 to 3.3.2 in the bundler group by @dependabot in #68
  • Refactor verifier to perform steps in the order given by the spec by @segiddins in #55
  • Bump ruby/setup-ruby from 1.187.0 to 1.188.0 in the actions group by @dependabot in #70
  • Conformance fixes on ruby-head in CI by @segiddins in #73
  • Exclude conformance tests from rubocop by @segiddins in #38
  • Add default excludes to rubocop by @segiddins in #77
  • Bump the actions group across 1 directory with 4 updates by @dependabot in #76
  • Bump rexml from 3.3.2 to 3.3.3 in the bundler group by @dependabot in #74
  • Bump step-security/harden-runner from 2.9.0 to 2.9.1 in the actions group by @dependabot in #78
  • Bump the actions group with 2 updates by @dependabot in #79
  • Bump github/codeql-action from 3.26.0 to 3.26.1 in the actions group by @dependabot in #80
  • Bump github/codeql-action from 3.26.1 to 3.26.2 in the actions group by @dependabot in #82
  • Add merkle inclusion proof tests by @segiddins in #83
  • TUF conformance by @segiddins in #69
  • Bump vcr from 6.2.0 to 6.3.0 by @dependabot in #84
  • Bump vcr from 6.3.0 to 6.3.1 by @dependabot in #87
  • Support rsa-pkcs1v15-sha256 keys by @segiddins in #86
  • Fix TUF rollback protection by @segiddins in #89
  • Bump rexml from 3.3.3 to 3.3.6 in the bundler group by @dependabot in #91
  • Update vendored trusted roots by @segiddins in #93
  • Fix walk of target delegations to be DFS by @segiddins in #95
  • Bump github/codeql-action from 3.26.2 to 3.26.5 in the actions group across 1 directory by @dependabot in #96
  • Bump theupdateframework/tuf-conformance from 2c8a0a73f2eea756ddc2e8b11077cb063aa221ed to a45d2183228f9bed664616669c11d19558e0be3f in the actions group by @dependabot in #97
  • Bump theupdateframework/tuf-conformance from a45d2183228f9bed664616669c11d19558e0be3f to b8f2205151cf52499becade10fd9cddf574e6bf1 in the actions group by @dependabot in #98
  • Bump the actions group across 1 directory with 2 updates by @dependabot in #100
  • Bump the actions group across 1 directory with 3 updates by @dependabot in #106
  • Bump step-security/harden-runner from 2.9.1 to 2.10.0 in the actions group by @dependabot in #107
  • Bump the actions group across 1 directory with 2 updates by @dependabot in #109
  • Bump rubocop-performance from 1.21.1 to 1.22.0 by @dependabot in #111
  • Bump the actions group across 1 directory with 2 updates by @dependabot in #113
  • Bump rubocop-performance from 1.22.0 to 1.22.1 by @dependabot in #114
  • Bump github/codeql-action from 3.26.7 to 3.26.8 in the actions group by @dependabot in #115
  • Bump theupdateframework/tuf-conformance from e9a3a160751549e8a9fd92b267a5c92247d9df82 to 307fb63cefc6c47d2c4c20e579f5e2f258c9e83f in the actions group by @dependabot in #116
  • Sigstore signer by @segiddins in #81
  • Bump rubocop from 1.64.1 to 1.66.1 by @dependabot in #104
  • Update vendored trusted roots by @segiddins in #112
  • Restrict ci workflow github token permissions by @segiddins in #117
  • Stop using RubyGems for conformance testing CLI by @segiddins in #120
  • Improved JRuby compatibility by @segiddins in #123
  • Enable Style/ImplicitRuntimeError by @segiddins in #121
  • Bump the actions group across 1 directory with 5 updates by @dependabot in #124
  • Support cpython bundles & fix dsse 0.0.1 entries by @segiddins in #125
  • Bump the actions group across 1 directory with 4 updates by @dependabot in #128
  • Bump webmock from 3.23.1 to 3.24.0 by @dependabot in #126
  • Bump the actions group with 2 updates by @dependabot in #129
  • Bump the actions group across 1 directory with 3 updates by @dependabot in #132
  • Update required_ruby_version to >= 3.1 by @segiddins in #133
  • Bump the actions group across 1 directory with 5 updates by @dependabot in #135
  • Bump actions/upload-artifact from 4.4.2 to 4.4.3 in the actions group by @dependabot in #136
  • Bump theupdateframework/tuf-conformance from 1df5840ac7d0c8cdec6129f13e448312156e4f2f to 3c2a7a9f839fc1b954c28a1f31fdc9023a63fff5 in the actions group by @dependabot in #137
  • Bump rubocop from 1.66.1 to 1.67.0 by @dependabot in #139
  • Bump the actions group with 2 updates by @dependabot in #138
  • Add a release workflow by @segiddins in #131
  • Remove more files from built gem to save space by @segiddins in #141
  • Drastically speed up test running on CI by @segiddins in #142

Full Changelog: https://github.com/sigstore/sigstore-ruby/commits/v0.1.0