v0.6.8

Changes

• feat(deps): bump google.golang.org/api from 0.201.0 to 0.202.0 @dependabot (#210)
• Update go git @jonnystoten (#209)

🚀 Features

• feat: add internal reproducible git checksum builtin @jonnystoten (#203)
• feat: add code of conduct @mrjoelkamp (#206)
• feat: add pr and issue templates @mrjoelkamp (#205)

🧰 Maintenance

• chore: skip DCO requirement for org members @jonnystoten (#208)
• feat: add code of conduct @mrjoelkamp (#206)
• feat: add pr and issue templates @mrjoelkamp (#205)
• chore: apply license headers @mrjoelkamp (#204)

v0.6.7

Changes

• feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.9 to 1.8.10 @dependabot (#198)
• feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.9 to 1.8.10 @dependabot (#199)
• feat(deps): bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 @dependabot (#200)
• feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.43 to 1.28.0 @dependabot (#202)
• feat(deps): bump google.golang.org/api from 0.200.0 to 0.201.0 @dependabot (#197)

🚀 Features

• feat: add verifier version to vsa @mrjoelkamp (#201)

v0.6.6

Changes

• feat(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 @dependabot (#188)
• feat(deps): bump google.golang.org/api from 0.199.0 to 0.200.0 @dependabot (#195)
• feat(deps): bump github.com/containerd/containerd/v2 from 2.0.0-rc.4 to 2.0.0-rc.5 @dependabot (#187)
• feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.27.43 @dependabot (#194)

🚀 Features

• feat: support arbitrary rego input parameters @kipz (#196)
• feat: vsa input attestations @mrjoelkamp (#191)

v0.6.5

Changes

• feat(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.1 to 2.0.2 @dependabot (#186)

v0.6.4

Changes

• feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.38 to 1.27.39 @dependabot (#182)
• feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0 @dependabot (#185)
• feat(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1 @dependabot (#184)

v0.6.3

Changes

• Support images as well as indexes in ImageDetailResolvers @kipz (#183)

v0.6.2

Changes

• feat(deps): bump google.golang.org/api from 0.198.0 to 0.199.0 @dependabot (#181)
• feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.35 to 1.27.38 @dependabot (#180)
• feat(deps): bump google.golang.org/api from 0.197.0 to 0.198.0 @dependabot (#175)

🚀 Features

• feat: add function for parsing DOI definition files @jonnystoten (#172)

🐛 Bug Fixes

• fix: only sign statements @mrjoelkamp (#179)

🧰 Maintenance

• Remove long-term aspiration from README @whalelines (#174)
• chore: add rekor prod TUF system test @kipz (#176)

v0.6.1

Changes

🚀 Features

• feat: support containerd subject annotations @mrjoelkamp (#173)

v0.6.0

Changes

• feat(deps): bump github.com/sigstore/sigstore from 1.8.8 to 1.8.9 @dependabot (#169)
• chore(deps): bump actions/create-github-app-token from 1.10.4 to 1.11.0 @dependabot (#164)
• BREAKING Use a Factory to create signature verifiers at policy evaluation time @kipz (#165)
• feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.33 to 1.27.35 @dependabot (#168)

🧰 Maintenance

• chore: add test for RegoFnOpts @kipz (#171)
• refactor: remove explicit closures. expose rego fns @kipz (#170)
• Add platform filtering support to mapping.yml @kipz (#167)

v0.5.2

Changes

• fix: suppress logs from ecr credential helper @jonnystoten (#163)
• feat(deps): bump google.golang.org/api from 0.196.0 to 0.197.0 @dependabot (#162)

🚀 Features

• feat: add a prefix path to TUF client @jonnystoten (#159)

🐛 Bug Fixes

• fix: regexes for autolabeler @jonnystoten (#160)

🧰 Maintenance

• chore: test on Go 1.23 as well @jonnystoten (#161)