chore(deps): update dependency sigstore/cosign to v3
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| sigstore/cosign | major |
2.6.1 -> 3.0.2
|
View the Renovate pipeline for this MR
Release Notes
sigstore/cosign (sigstore/cosign)
v3.0.2
v3.0.2 is a functionally equivalent release to v3.0.0 and v3.0.1, with a fix for CI to publish signed releases in the new bundle format.
- Note that the
--bundleflag specifying an output file to write the Sigstore bundle (which contains all relevant verification material) has moved from optional to required in v3.
Changes
- choose different signature filename for KMS-signed release signatures (#4448)
- Update rekor-tiles version path (#4450)
v3.0.1
v3.0.1 is an equivalent release to v3.0.0, which was never published due to a failure in our CI workflows.
- Note that the
--bundleflag specifying an output file to write the Sigstore bundle (which contains all relevant verification material) has moved from optional to required in v3.
Changes
- update goreleaser config for v3.0.0 release (#4446)
v3.0.0
Announcing the next major release of Cosign!
Cosign v3 is a minor change from Cosign v2.6.x, with all of the new capabilities of recent
releases on by default, but will still allow you to disable them if you need the older functionality.
These new features include support for the standardized bundle format (--new-bundle-fomat), providing roots
of trust for verification and service URLs for signing via one file (--trusted-root, --signing-config),
and container signatures stored as an OCI Image 1.1 referring artifact.
Learn more on our v3 announcement blog post! See the changelogs for v2.6.0, v2.5.0, and v2.4.0 for more information on recent changes.
If you have any feedback, please reach out on Slack or file an issue on GitHub.
Changes
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.