Bump dev.sigstore:sigstore-maven-plugin from 1.2.0 to 1.3.0 #442

dependabot · 2025-02-26T15:47:17Z

Bumps dev.sigstore:sigstore-maven-plugin from 1.2.0 to 1.3.0.

Release notes

Sourced from dev.sigstore:sigstore-maven-plugin's releases.

v1.3.0

See CHANGELOG.md for more details.

New Feature

Add support for verifying dsse-intoto by @loosebazooka in sigstore/sigstore-java#855

What's Changed

Update bouncycastle to v1.79 by @renovate in sigstore/sigstore-java#864

Update actions/setup-java action to v4.5.0 by @renovate in sigstore/sigstore-java#863

Update protobuf_grpc by @renovate in sigstore/sigstore-java#861

Update sigstore/community digest to ee857ea by @renovate in sigstore/sigstore-java#841

Update dependency com.google.http-client:google-http-client-bom to v1.45.1 by @renovate in sigstore/sigstore-java#860

Add tests for downloadTarget by @loosebazooka in sigstore/sigstore-java#854

Update sigstore/sigstore-conformance action to v0.0.13 by @renovate in sigstore/sigstore-java#862

Import dsse/hashrekord types from rekor by @loosebazooka in sigstore/sigstore-java#867

Parse DSSE bundles and Intoto payloads by @loosebazooka in sigstore/sigstore-java#868

Update conformance to 0.0.14 by @loosebazooka in sigstore/sigstore-java#869

Reorganize message signature checks by @loosebazooka in sigstore/sigstore-java#872

Change payload type to byte[] by @loosebazooka in sigstore/sigstore-java#873

Update dependency com.code-intelligence:jazzer-api to v0.23.0 by @renovate in sigstore/sigstore-java#879

Update actions/setup-go action to v5.2.0 - autoclosed by @renovate in sigstore/sigstore-java#877

Update dependency org.junit:junit-bom to v5.11.4 by @renovate in sigstore/sigstore-java#876

Update dependency com.google.http-client:google-http-client-bom to v1.45.3 by @renovate in sigstore/sigstore-java#875

Update sigstore/community digest to 859cddd by @renovate in sigstore/sigstore-java#874

Update actions/setup-java action to v4.6.0 by @renovate in sigstore/sigstore-java#878

Update gradle/actions action to v4.2.2 by @renovate in sigstore/sigstore-java#883

Update dependency org.assertj:assertj-core to v3.27.2 by @renovate in sigstore/sigstore-java#882

Update protobuf_grpc by @renovate in sigstore/sigstore-java#884

Update softprops/action-gh-release action to v2.2.0 by @renovate in sigstore/sigstore-java#885

Update dependency com.google.guava:guava to v33.4.0-jre by @renovate in sigstore/sigstore-java#880

Update dependency com.google.oauth-client:google-oauth-client-bom to v1.37.0 by @renovate in sigstore/sigstore-java#881

Update sigstore/sigstore-conformance action to v0.0.16 by @renovate in sigstore/sigstore-java#891

address CI issues reported by zizmor by @bobcallaway in sigstore/sigstore-java#892

Update sigstore/community digest to 9ce4322 by @renovate in sigstore/sigstore-java#886

Update dependency commons-codec:commons-codec to v1.17.2 - autoclosed by @renovate in sigstore/sigstore-java#887

Update dependency dev.sigstore:protobuf-specs to v0.3.3 by @renovate in sigstore/sigstore-java#888

Update dependency org.assertj:assertj-core to v3.27.3 by @renovate in sigstore/sigstore-java#889

Update protobuf_grpc by @renovate in sigstore/sigstore-java#890

Update actions/setup-go action to v5.3.0 by @renovate in sigstore/sigstore-java#896

Update actions/setup-java action to v4.7.0 by @renovate in sigstore/sigstore-java#897

Update bouncycastle to v1.80 by @renovate in sigstore/sigstore-java#898

Update dependency com.code-intelligence:jazzer-api to v0.24.0 by @renovate in sigstore/sigstore-java#899

Update dependency com.google.code.gson:gson to v2.12.1 by @renovate in sigstore/sigstore-java#900

Update dependency com.google.http-client:google-http-client-bom to v1.46.1 by @renovate in sigstore/sigstore-java#901

Doc should say .sigstore.json instead of .sigstore.java by @thomasleplus in sigstore/sigstore-java#906

New Contributors

@thomasleplus made their first contribution in sigstore/sigstore-java#906

Full Changelog: sigstore/sigstore-java@v1.2.0...v1.3.0

Changelog

Sourced from dev.sigstore:sigstore-maven-plugin's changelog.

Changelog

All notable changes to sigstore-java will be documented in this file.

The format is based on Keep a Changelog.

All versions prior to 1.0.0 are untracked

[Unreleased]

Commits

dc444d3 Merge pull request #906 from thomasleplus/main
964f8b7 Fix typo
ea34dca Merge pull request #901 from sigstore/renovate/com.google.http-client-google-...
abc5b3b Merge pull request #900 from sigstore/renovate/com.google.code.gson-gson-2.x
e7bd1d3 Merge pull request #899 from sigstore/renovate/com.code-intelligence-jazzer-a...
0e1a6e8 Update dependency com.google.http-client:google-http-client-bom to v1.46.1
ec6e766 Update dependency com.google.code.gson:gson to v2.12.1
17d4f0e Merge pull request #898 from sigstore/renovate/bouncycastle
74ab8f3 Merge pull request #897 from sigstore/renovate/actions-setup-java-4.x
5520aef Merge pull request #896 from sigstore/renovate/actions-setup-go-5.x
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [dev.sigstore:sigstore-maven-plugin](https://github.com/sigstore/sigstore-java) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/sigstore/sigstore-java/releases) - [Changelog](https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md) - [Commits](sigstore/sigstore-java@v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: dev.sigstore:sigstore-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 26, 2025

github-actions bot approved these changes Feb 26, 2025

View reviewed changes

github-actions bot enabled auto-merge (squash) February 26, 2025 15:47

github-actions bot merged commit 09a0277 into main Feb 26, 2025
17 checks passed

dependabot bot deleted the dependabot/maven/dev.sigstore-sigstore-maven-plugin-1.3.0 branch February 26, 2025 15:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump dev.sigstore:sigstore-maven-plugin from 1.2.0 to 1.3.0 #442

Bump dev.sigstore:sigstore-maven-plugin from 1.2.0 to 1.3.0 #442

dependabot bot commented on behalf of github Feb 26, 2025

Bump dev.sigstore:sigstore-maven-plugin from 1.2.0 to 1.3.0 #442

Bump dev.sigstore:sigstore-maven-plugin from 1.2.0 to 1.3.0 #442

Conversation

dependabot bot commented on behalf of github Feb 26, 2025

v1.3.0

New Feature

What's Changed

New Contributors

Changelog

[Unreleased]