Commit 8e8aaf4
committed
Update to SigStore 2.0.0
Bumps [dev.sigstore:sigstore-java](https://github.com/sigstore/sigstore-java) from 1.3.0 to 2.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/sigstore/sigstore-java/releases">dev.sigstore:sigstore-java's releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<p>See <a href="https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md">CHANGELOG.md</a> for more details.</p>
<h2>v2.0.0-rc2</h2>
<p>See <a href="https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md">CHANGELOG.md</a> for more details.</p>
<h2>What's Changed</h2>
<ul>
<li>Updates after 2.0.0-rc1 release by <a href="https://github.com/loosebazooka"><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1050">sigstore/sigstore-java#1050</a></li>
<li>Update README.md by <a href="https://github.com/loosebazooka"><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1051">sigstore/sigstore-java#1051</a></li>
<li>Update google-github-actions/get-secretmanager-secrets action to v2.2.4 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1057">sigstore/sigstore-java#1057</a></li>
<li>Update dependency org.assertj:assertj-core to v3.27.4 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1056">sigstore/sigstore-java#1056</a></li>
<li>Update dependency com.github.autostyle:com.github.autostyle.gradle.plugin to v4.0.1 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1054">sigstore/sigstore-java#1054</a></li>
<li>Update sigstore/community digest to ff42fd8 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1053">sigstore/sigstore-java#1053</a></li>
<li>Update dependency com.gradleup.nmcp:com.gradleup.nmcp.gradle.plugin to v1.0.3 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1055">sigstore/sigstore-java#1055</a></li>
<li>Update google-github-actions/auth digest to dac4e13 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1052">sigstore/sigstore-java#1052</a></li>
<li>Group gradleup.nmcp in renovate.json by <a href="https://github.com/loosebazooka"><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1058">sigstore/sigstore-java#1058</a></li>
<li>Update conformance with new xfail by <a href="https://github.com/loosebazooka"><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1060">sigstore/sigstore-java#1060</a></li>
<li>tuf Updater: fix snapshot version rollback case by <a href="https://github.com/jku"><code>@jku</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1061">sigstore/sigstore-java#1061</a></li>
<li>cli: Add working directory and enable Rekor v2 by <a href="https://github.com/aaronlew02"><code>@aaronlew02</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1062">sigstore/sigstore-java#1062</a></li>
<li>Use HTTP server for TUF conformance testing by <a href="https://github.com/aaronlew02"><code>@aaronlew02</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1045">sigstore/sigstore-java#1045</a></li>
<li>ref: Simplify hashedrekord and DSSE parsing exceptions by <a href="https://github.com/aaronlew02"><code>@aaronlew02</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1064">sigstore/sigstore-java#1064</a></li>
<li>fix: Reject unsupported DSSE version by <a href="https://github.com/aaronlew02"><code>@aaronlew02</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1063">sigstore/sigstore-java#1063</a></li>
<li>Fix userAgent string in requests by <a href="https://github.com/loosebazooka"><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1066">sigstore/sigstore-java#1066</a></li>
<li>Add Rekor v2 types to RekorTypes by <a href="https://github.com/aaronlew02"><code>@aaronlew02</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1073">sigstore/sigstore-java#1073</a></li>
<li>Handle null inputs parsing rekor entry by <a href="https://github.com/loosebazooka"><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1074">sigstore/sigstore-java#1074</a></li>
<li>Catch json parse error from gson by <a href="https://github.com/loosebazooka"><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1075">sigstore/sigstore-java#1075</a></li>
<li>chore(deps): update sigstore/community digest to d7264e2 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1067">sigstore/sigstore-java#1067</a></li>
<li>chore(deps): update google-github-actions/auth action to v2.1.13 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1068">sigstore/sigstore-java#1068</a></li>
<li>chore(deps): update gradle/actions action to v4.4.3 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1070">sigstore/sigstore-java#1070</a></li>
<li>chore(deps): update google-github-actions/get-secretmanager-secrets action to v2.2.5 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1069">sigstore/sigstore-java#1069</a></li>
<li>chore(deps): update sigstore/sigstore-conformance action to v0.0.20 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1071">sigstore/sigstore-java#1071</a></li>
<li>fix(deps): update jetty monorepo to v11.0.26 - autoclosed by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1072">sigstore/sigstore-java#1072</a></li>
<li>chore(deps): update sigstore/sigstore-conformance action to v0.0.21 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1078">sigstore/sigstore-java#1078</a></li>
<li>chore(deps): update sigstore/community digest to f539f57 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1077">sigstore/sigstore-java#1077</a></li>
<li>fix(deps): update dependency com.google.code.gson:gson to v2.13.2 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1079">sigstore/sigstore-java#1079</a></li>
<li>fix(deps): update dependency org.assertj:assertj-core to v3.27.6 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1080">sigstore/sigstore-java#1080</a></li>
<li>chore(deps): update actions/checkout action to v4.3.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1081">sigstore/sigstore-java#1081</a></li>
<li>chore(deps): update dependency go to 1.25.x by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1082">sigstore/sigstore-java#1082</a></li>
<li>remove oidc config from gradle plugin by <a href="https://github.com/loosebazooka"><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1076">sigstore/sigstore-java#1076</a></li>
<li>fix(deps): update dependency com.google.guava:guava to v33.5.0-jre by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1090">sigstore/sigstore-java#1090</a></li>
<li>fix(deps): update dependency com.google.errorprone:error_prone_core to v2.42.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1089">sigstore/sigstore-java#1089</a></li>
<li>fix(deps): update bouncycastle to v1.82 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1087">sigstore/sigstore-java#1087</a></li>
<li>chore(deps): update sigstore/community digest to f09be1d by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1085">sigstore/sigstore-java#1085</a></li>
<li>chore(deps): update gradle/actions action to v4.4.4 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1086">sigstore/sigstore-java#1086</a></li>
<li>fix(deps): update dependency com.code-intelligence:jazzer-api to v0.26.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1088">sigstore/sigstore-java#1088</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jku"><code>@jku</code></a> made their first contribution in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1061">sigstore/sigstore-java#1061</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/sigstore-java/compare/v2.0.0-rc1...v2.0.0-rc2">https://github.com/sigstore/sigstore-java/compare/v2.0.0-rc1...v2.0.0-rc2</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md">dev.sigstore:sigstore-java's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to <code>sigstore-java</code> will be documented in this file.</p>
<p>The format is based on <a href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>.</p>
<p>All versions prior to 1.0.0 are untracked</p>
<h2>[Unreleased]</h2>
<h1>[2.0.0-rc2] - 2025-10-21</h1>
<h2>Fixed</h2>
<ul>
<li>Fix TUF snapshot version rollback case: <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1061">sigstore/sigstore-java#1061</a></li>
<li>Fix userAgent string in requests: <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1066">sigstore/sigstore-java#1066</a></li>
<li>Handle parsing/format failures: <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1063">sigstore/sigstore-java#1063</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1064">sigstore/sigstore-java#1064</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1073">sigstore/sigstore-java#1073</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1074">sigstore/sigstore-java#1074</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1075">sigstore/sigstore-java#1075</a></li>
</ul>
<h2>Changed</h2>
<ul>
<li>Remove oidc config from gradle plugin: <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1076">sigstore/sigstore-java#1076</a></li>
</ul>
<h1>[2.0.0-rc1] - 2025-08-14</h1>
<h2>Added</h2>
<ul>
<li>Add support for rekor v2 logs <a href="https://redirect.github.com/sigstore/sigstore-java/pull/990">sigstore/sigstore-java#990</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1016">sigstore/sigstore-java#1016</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1017">sigstore/sigstore-java#1017</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1008">sigstore/sigstore-java#1008</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1031">sigstore/sigstore-java#1031</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1040">sigstore/sigstore-java#1040</a></li>
<li>Add support for timestamps <a href="https://redirect.github.com/sigstore/sigstore-java/pull/960">sigstore/sigstore-java#960</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/975">sigstore/sigstore-java#975</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/977">sigstore/sigstore-java#977</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/978">sigstore/sigstore-java#978</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/979">sigstore/sigstore-java#979</a></li>
<li>Library support for token string auth <a href="https://redirect.github.com/sigstore/sigstore-java/pull/925">sigstore/sigstore-java#925</a></li>
<li>ED25519 support in trusted_root <a href="https://redirect.github.com/sigstore/sigstore-java/pull/983">sigstore/sigstore-java#983</a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Fixed windows support <a href="https://redirect.github.com/sigstore/sigstore-java/pull/974">sigstore/sigstore-java#974</a></li>
<li>Parsing json with unknown fields <a href="https://redirect.github.com/sigstore/sigstore-java/pull/966">sigstore/sigstore-java#966</a></li>
</ul>
<h2>Changed</h2>
<ul>
<li>Users can no longer specify signer object in KeylessSigner, use Algorithm Registry instead <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1027">sigstore/sigstore-java#1027</a></li>
<li>Users with custom sigstore infrastructure deployments must specify a SigningConfig to configure the KeylessSigner, individual urls for infrastructure pieces are removed <a href="https://redirect.github.com/sigstore/sigstore-java/pull/956">sigstore/sigstore-java#956</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/965">sigstore/sigstore-java#965</a>, <a href="https://redirect.github.com/sigstore/sigstore-java/pull/981">sigstore/sigstore-java#981</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/sigstore/sigstore-java/commit/411721f4879abebd95bd9ab6ed3724366b13cdce"><code>411721f</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1117">#1117</a> from sigstore/prep200</li>
<li><a href="https://github.com/sigstore/sigstore-java/commit/735ab1056e88f474579cc658ea74030bf530acb6"><code>735ab10</code></a> Prepare for 2.0.0</li>
<li><a href="https://github.com/sigstore/sigstore-java/commit/69cbe67ce5db4c847b56c3c0728acf0f6e30079e"><code>69cbe67</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1010">#1010</a> from sigstore/renovate/maven</li>
<li><a href="https://github.com/sigstore/sigstore-java/commit/f90015d7105e60032d2496b2b3451d2ec1dafac5"><code>f90015d</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1115">#1115</a> from sigstore/fix-funky-exception</li>
<li><a href="https://github.com/sigstore/sigstore-java/commit/b81ab3e2aba8b8d9bedd5cd8164ccdb932309f0d"><code>b81ab3e</code></a> Wrap json operations for checked exceptions</li>
<li><a href="https://github.com/sigstore/sigstore-java/commit/e2f2f2b701d8db36ab69e67a8e77ed56911fa55a"><code>e2f2f2b</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1114">#1114</a> from sigstore/maven-badge</li>
<li><a href="https://github.com/sigstore/sigstore-java/commit/0ffa58e20401d1a54fac65b4882fc9ad062621a0"><code>0ffa58e</code></a> docs: Update Maven Central badge URL in README</li>
<li><a href="https://github.com/sigstore/sigstore-java/commit/da48db2ef95a79b7a174a1fb2b2570eb21f7a632"><code>da48db2</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1109">#1109</a> from jku/run-tuf-conformance-in-parallel</li>
<li><a href="https://github.com/sigstore/sigstore-java/commit/6c1941340c1707ff491f22777c23fa8758686c68"><code>6c19413</code></a> workflows: Run conformance in parallel</li>
<li><a href="https://github.com/sigstore/sigstore-java/commit/11c2d22773705dc89d8fb2a1346e5e6fff113abd"><code>11c2d22</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1111">#1111</a> from sigstore/jetty-12</li>
<li>Additional commits viewable in <a href="https://github.com/sigstore/sigstore-java/compare/v1.3.0...v2.0.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>1 parent 60b0678 commit 8e8aaf4
File tree
3 files changed
+9
-4
lines changed- maven-resolver-generator-sigstore
- src
- main/java/org/eclipse/aether/generator/sigstore
- test/java/org/eclipse/aether/generator/sigstore
3 files changed
+9
-4
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
33 | 33 | | |
34 | 34 | | |
35 | 35 | | |
36 | | - | |
| 36 | + | |
37 | 37 | | |
38 | 38 | | |
39 | 39 | | |
| |||
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
| 37 | + | |
37 | 38 | | |
38 | 39 | | |
39 | 40 | | |
| |||
134 | 135 | | |
135 | 136 | | |
136 | 137 | | |
| 138 | + | |
| 139 | + | |
137 | 140 | | |
138 | 141 | | |
139 | 142 | | |
| |||
Lines changed: 5 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
| 38 | + | |
38 | 39 | | |
39 | 40 | | |
40 | 41 | | |
| |||
64 | 65 | | |
65 | 66 | | |
66 | 67 | | |
| 68 | + | |
67 | 69 | | |
68 | 70 | | |
69 | 71 | | |
| |||
99 | 101 | | |
100 | 102 | | |
101 | 103 | | |
102 | | - | |
| 104 | + | |
103 | 105 | | |
104 | | - | |
| 106 | + | |
105 | 107 | | |
106 | | - | |
| 108 | + | |
107 | 109 | | |
108 | 110 | | |
109 | 111 | | |
| |||
0 commit comments