v0.2.0

Changelog

⚠️ Warning ⚠️

go modules have been renamed from github.com/testifysec/witness => github.com/in-toto/witness

Features

• 0bca967: feat: add algo hash list for digest calc in config (#292) (@DataDavD)

Bug fixes

• be20100: fix: dev/Dockerfile.go-builder to reduce vulnerabilities (@snyk-bot)
• 8e9d798: fix: dev/Dockerfile.go-builder to reduce vulnerabilities (@snyk-bot)
• 2219a76: fix: updating urls to in-toto from testifysec and -L to the curl for version (#297) (@lmco-seth)

Documentation

• edef808: docs: Update key to signer-file-key-path in getting starter .witness.yaml (@blhagadorn)
• 8dde14c: docs: correct sign policy file command in README.md (@shenxianpeng)

Others

• 27f68b9: chore(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 (@dependabot[bot])
• 602dc48: chore(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3 (@dependabot[bot])
• 5beb113: Add maintainers file (@jkjell)
• b3d7207: Add dependabot config and add reusable workflow for calling witness (#298) (@jkjell)
• 21cb944: chore: bump docker/login-action from 2 to 3 (#299) (@dependabot[bot])
• 9380cbe: chore: bump github/codeql-action from 1.0.26 to 2.22.6 (#300) (@dependabot[bot])
• 1880baa: chore: bump ossf/scorecard-action from 2.1.3 to 2.3.1 (#302) (@dependabot[bot])
• 873f55c: chore: bump golangci/golangci-lint-action from 2 to 3 (#303) (@dependabot[bot])
• f49ff8e: chore: bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#304) (@dependabot[bot])
• 5e56558: chore: bump github.com/stretchr/testify from 1.8.1 to 1.8.4 (#305) (@dependabot[bot])
• 932ff1e: chore: bump actions/checkout from 2 to 4 (#301) (@dependabot[bot])
• e7a6f44: chore: bump github/codeql-action from 2.22.6 to 2.22.7 (@dependabot[bot])
• a412c18: chore: bump actions/cache from 2 to 3 (@dependabot[bot])
• 0363ee3: chore: bump actions/setup-go from 2 to 4 (@dependabot[bot])
• 15bec9e: chore: bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (@dependabot[bot])
• 752b9e0: chore: bump github/codeql-action from 2.22.7 to 2.22.8 (@dependabot[bot])
• bcf7ecf: Update README.md - fixing quickstart url (@clemenko)
• f65b232: [StepSecurity] Apply security best practices (#316) (@step-security-bot)
• 81bdfce: Improve gha (#318) (@kairoaraujo)
• a56715e: Refactoring error messages to use %w formatting directive and fix logging issue (#314) (@ChaosInTheCRD)
• b19afc8: Fix initial pre-commit violations (#319) (@jkjell)
• 862d8c4: chore: bump actions/upload-artifact from 3.0.0 to 3.1.3 (#320) (@dependabot[bot])
• a823f58: chore: bump actions/checkout from 3.6.0 to 4.1.1 (#321) (@dependabot[bot])
• 684fd6a: chore: bump actions/setup-go from 4.1.0 to 5.0.0 (#322) (@dependabot[bot])
• 709ad35: chore: bump github/codeql-action from 2.22.8 to 2.22.9 (#323) (@dependabot[bot])
• 71856fd: chore: bump actions/dependency-review-action from 2.5.1 to 3.1.4 (#324) (@dependabot[bot])
• f0c8f43: Adding help to Makefile and updating make test target (#325) (@ChaosInTheCRD)
• 937eab8: Adding the contributing.md from archivista (#327) (@ChaosInTheCRD)
• c0f5843: Migrating go module (#328) (@ChaosInTheCRD)
• c06555d: Migrating to the use of in-toto/go-witness module (#331) (@ChaosInTheCRD)
• b36c96d: Bumping Go version for goreleaser (#333) (@ChaosInTheCRD)

New Contributors

• @blhagadorn made their first contribution in #288
• @jkjell made their first contribution in #294
• @lmco-seth made their first contribution in #297
• @shenxianpeng made their first contribution in #311
• @clemenko made their first contribution in #313
• @step-security-bot made their first contribution in #316
• @kairoaraujo made their first contribution in #318
• @DataDavD made their first contribution in #292
• @ChaosInTheCRD made their first contribution in #314

Full Changelog: v0.1.14...v0.2.0