CHANGELOG.md

v1.5.0

This release fixes GHSA-273p-m2cw-6833 and GHSA-4c4x-jm2x-pf9j. Note that this drops support for fetching public keys via URL when querying the search API.

Vulnerability Fixes

• Handle malformed COSE and DSSE entries (#2729)
• Drop support for fetching public keys by URL in the search index (#2731)

Features

• Add support for a custom TLS config for clients (#2709)

v1.4.3

This release reduces dependencies for a number of exported packages.

This release also changes the format of the binary and container signature, which is now a Sigstore bundle. To verify a release, use the latest Cosign 3.x, verifying with cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.

Improvements

• use interruptable context to elegantly handle signals in rekor-cli (#2681)
• restapi: Don't log client errors as errors (#2680)
• pkg: separate pki types from implementations (#2668)
• e2e: don't mix e2e and regular utilities (#2672)
• pkg: remove viper config from spec definitions (#2669)
• log: remove zap & go-chi dependecy from pkg/types (#2667)
• chore: update go-openapi/runtime to v0.29.0 (#2670)
• chore: remove double imported mapstructure pkg (#2671)
• remove archived dependency and use stdlib slices (#2650)

Documentation

• (docs): guard unsafe int/uint conversions flagged by gosec (#2679)

Contributors

• AdamKorcz
• Bob Callaway
• Jussi Kukkonen
• Sachin Sampras M
• Tõnis Tiigi

v1.4.2

This release includes some performance optimizations and a bug fix for publishing events to a pub/sub topic.

Fixes

• use pubsub client to check IAM permissions (#2605)
• process type contents serially (#2604)
• move to direct decoding instead of mapstructure (#2598)
• optimize performance of regex operations (#2603)

Contributors

• Bob Callaway

v1.4.1

This release includes updated dependencies for known CVEs, as well as some optimizations to minimize gRPC traffic between Rekor and Trillian.

Fixes

• use less expensive gRPC call to implement GetLeafAndProofByHash (#2581)
• move to per-shard trillian client manager (#2564)
• use cheaper gRPC endpoint when we already have the inclusion proof (#2580)
• simplify hash and signature verification in rekord type (#2579)
• use correct type; just look for len() instead of nil check (#2576)
• return correct error if GetLeafAndProofByHash fails (#2574)
• fix incorrect client lb policy in test config (#2551)
• numerous upgraded dependencies

Contributors

• Bob Callaway
• Carlos Alexandro Becker

v1.4.0

This is a minor version release given the removal of the stable checkpoint feature. To our knowledge, this was not used effectively anywhere and therefore was removed from Rekor v1. Witnessing will be added as part of the upcoming Rekor v2 release.

Features

• enable retries and timeouts on GCP KMS calls (#2548)
• allow configuring gRPC default service config for trillian client load balancing & timeouts (#2549)
• move context handling in trillian RPC calls to be request based and idiomatic (#2536)

Fixes

• Fix docker compose up --wait failing when Trillian server isn't healthy (#2473)
• better mysql healthcheck (#2459)
• numerous upgraded dependencies, including moving to go 1.24

Removed

• remove stable checkpoint feature (#2537)
• Don't initialize index storage with stable checkpoint publishing (#2486)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Emmanuel Ferdman
• Hayden B
• Ramon Petgrave

v1.3.10

Note that Rekor v1 is in maintenance mode as we are actively developing its successor, Rekor v2, designed to be easy to maintain and cheaper to operate.. See the README for more information.

Features

• Added --client-signing-algorithms flag (#1974)

Fixes / Misc

• emit unpopulated values when marshalling (#2438)
• pkg/api: better logs when algorithm registry rejects a key (#2429)
• chore: improve mysql readiness checks (#2397)

Contributors

• Bob Callaway
• cangqiaoyuzhuo
• Carlos Tadeu Panato Junior
• cpanato
• Hayden B
• Praful Khanduri
• Ramon Petgrave
• Riccardo Schirone
• rubyisrust
• Sascha Grunert

v1.3.9

Features

• Cache checkpoint for inactive shards (#2332)
• Support per-shard signing keys (#2330)

Contributors

• Hayden B

v1.3.8

Bug Fixes

• fix zizmor issues (#2298)
• remove unneeded value in log message (#2282)

Quality Enhancements

• chore: relax go directive to permit 1.22.x
• fetch minisign from homebrew instead of custom ppa (#2329)
• fix(ci): simplify GOVERSION extraction
• chore(deps): bump actions pins to latest
• Updates go and golangci-lint (#2302)
• update builder to use go1.23.4 (#2301)
• clean up spaces
• log request body on 500 error to aid debugging (#2283)

Contributors

• Appu Goundan
• Bob Callaway
• Carlos Tadeu Panato Junior
• Dominic Evans
• sgpinkus

v1.3.7

New Features

• log request body on 500 error to aid debugging (#2283)
• Add support for signing with Tink keyset (#2228)
• Add public key hash check in Signed Note verification (#2214)
• update Trillian TLS configuration (#2202)
• Add TLS support for Trillian server (#2164)
• Replace docker-compose with plugin if available (#2153)
• Add flags to backfill script (#2146)
• Unset DisableKeepalive for backfill HTTP client (#2137)
• Add script to delete indexes from Redis (#2120)
• Run CREATE statement in backfill script (#2109)
• Add MySQL support to backfill script (#2081)
• Run e2e tests on mysql and redis index backends (#2079)

Bug Fixes

• remove unneeded value in log message (#2282)
• Add error message when computing consistency proof (#2278)
• fix validation error handling on API (#2217)
• fix error in pretty-printed inclusion proof from verify subcommand (#2210)
• Fix index scripts (#2203)
• fix failing sharding test
• Better error handling in backfill script (#2148)
• Batch entries in cleanup script (#2158)
• Add missing workflow for index cleanup test (#2121)
• hashedrekord: fix schema $id (#2092)

Contributors

• Aditya Sirish
• Bob Callaway
• Colleen Murphy
• cpanato
• Firas Ghanmi
• Hayden B
• Hojoung (Brian) Jang
• William Woodruff

v1.3.6

New Features

• Add support for IEEE P1363 encoded ECDSA signatures
• Add index performance script (#2042)
• Add support for ed25519ph user keys in hashedrekord (#1945)
• Add metrics for index insertion (#2015)
• Add TLS support for Redis Client implementation (#1998)

Bug Fixes

• fix typo in remoteIp and set full name for trace field

Contributors

• Bob Callaway
• Colleen Murphy
• cpanato
• Hayden B
• Mihkel Pärna
• Riccardo Schirone

v1.3.5

New Features

• output trace in slog and override correlation header name (#1986)
• give log timestamps nanosecond precision (#1985)
• Added support for sha384/sha512 hash algorithms in hashedrekords (#1959)
• Change Redis value for locking mechanism (#1957)

Bug Fixes

• Fix panic for DSSE canonicalization (#1923)
• Drop conditional when verifying entry checkpoint (#1917)
• Remove timestamp from checkpoint (#1888)
• Additional unique index correction (#1885)

Quality Enhancements

• bump trillian images to v1.6.0 (#1984)
• remove trillian images from release process (#1983)
• update builder to use go1.21

Contributors

• Andrew Block
• Bob Callaway
• Carlos Tadeu Panato Junior
• Hayden Blauzvern
• Riccardo Schirone

v1.3.4

New Features

• add mysql indexstorage backend
• add s3 storage for attestations

Bug Fixes

• fix: Do not check for pubsub.topics.get on initialization (#1853)
• fix optional field in cose schema

Quality Enhancements

• Update ranges.go (#1852)
• update indexstorage interface to reduce roundtrips (#1838)
• use a single validator library in rekor-cli (#1818)
• Remove go-playground/validator dependency from pkg/pki (#1817)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Hayden B
• James Alseth
• Kenny Leung
• Noah Kreiger
• Zach Steindler

v1.3.3

New Features

• update trillian to 1.5.3 (#1803)
• adds redis_auth (#1627)
• Add method to get artifact hash for an entry (#1777)

Bug Fixes

• Update signer flag description (#1804)
• install go at correct version for codeql (#1762)

Quality Enhancements

• make e2e tests more usable with docker-compose (#1770)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Hayden B
• ian hundere
• Kenny Leung

v1.3.2

• move to go 1.21.3 to pick up fixes for CVE-2023-39325

Bug Fixes

• build(deps): Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1753)
• build(deps): Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1755)
• build(deps): Bump google/cloud-sdk from 449.0.0 to 450.0.0 (#1757)
• build(deps): Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#1754)
• update Dockerfile for go 1.21.3 (#1752)
• update builder image to use go1.21.3 (#1751)

Contributors

• Carlos Tadeu Panato Junior

v1.3.1

New Features

• enable GCP cloud profiling on rekor-server (#1746)
• move index storage into interface (#1741)
• add info to readme to denote additional documentation sources (#1722)
• Add type of ed25519 key for TUF (#1677)
• Allow parsing base64-encoded TUF metadata and root content (#1671)

Quality Enhancements

• disable quota in trillian in test harness (#1680)

Bug Fixes

• Update contact for code of conduct (#1720)
• fix: typo (#1711)
• Fix panic when parsing SSH SK pubkeys (#1712)
• Correct index creation (#1708)
• Update .ko.yaml (#1682)
• docs: fixzes a small typo on the readme (#1686)
• chore: fix backfill-redis Makefile target (#1685)

Contributors

• Andres Galante
• Andrew Block
• Appu
• Bob Callaway
• Carlos Tadeu Panato Junior
• guangwu
• Hayden B
• jonvnadelberg
• Lance Ball

v1.3.0

New Features

• feat: Support publishing new log entries to Pub/Sub topics (#1580)
• Change values of Identity.Raw, add fingerprints (#1628)
• Extract all subjects from SANs for x509 verifier (#1632)
• Fix type comment for Identity struct (#1619)
• Refactor Identities API (#1611)
• Refactor Verifiers to return multiple keys (#1601)

Quality Enhancements

• set min go version to 1.21 (#1651)
• Upgrade to go1.21 (#1636)

Bug Fixes

• Update openapi.yaml (#1655)
• pass transient errors through retrieveLogEntry (#1653)
• return full entryID on HTTP 409 responses (#1650)
• Update checkpoint link (#1597)
• Use correct log index in inclusion proof (#1599)
• remove instrumentation library (#1595)
• pki: clean up fuzzer (#1594)
• alpine: add max metadata size to fuzzer (#1571)

Contributors

• AdamKorcz
• Appu
• Bob Callaway
• Carlos Tadeu Panato Junior
• Ceridwen Coghlan
• Hayden B
• James Alseth

v1.2.2

Quality Enhancements

• swap killswitch for 'docker-compose restart' (#1562)
• pass treeSize and rootHash to avoid trillian import (#1513)
• Move github.com/sigstore/protobuf-specs users into a separate subpackage (#1511)

Bug Fixes

• pass down error with message instead of nil (#1560)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Eng Zer Jun
• Miloslav Trmač

v1.2.1

Bug Fixes

• run go mod tidy in hack/tools (#1510)

Contributors

• Bob Callaway

v1.2.0

Functional Enhancements

• add client method to generate TLE struct (#1498)
• add dsse type (#1487)
• support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (#1488)
• Add concurrency to backfill-redis (#1504)
• omit informational message if machine-parseable output has been requested (#1486)
• Publish stable checkpoint periodically to Redis (#1461)
• Add intoto v0.0.2 to backfill script (#1500)
• add new method to test insertability of proposed entries into log (#1410)

Quality Enhancements

• use t.Skip() in fuzzers (#1506)
• improve fuzzing coverage (#1499)
• Remove watcher script (#1484)

Bug Fixes

• Merge pull request from GHSA-frqx-jfcm-6jjr
• Remove requirement of PayloadHash for intoto 0.0.1 (#1490)
• fix lint errors, bump linter up to 1.52 (#1485)
• Remove dependencies from pkg/util (#1469)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Ceridwen Coghlan
• Cody Soyland
• Hayden B
• Miloslav Trmač

v1.1.1

Functional Enhancements

• Refactor Trillian client with exported methods (#1454)
• Switch to official redis-go client (#1459)
• Remove replace in go.mod (#1444)
• Add Rekor OID info. (#1390)

Quality Enhancements

• remove legacy encrypted cosign key (#1446)
• swap cjson dependency (#1441)
• Update release readme (#1456)

Bug Fixes

• Merge pull request from GHSA-2h5h-59f5-c5x9

Contributors

• Billy Lynch
• Bob Callaway
• Carlos Tadeu Panato Junior
• Ceridwen Coghlan
• Hayden B

v1.1.0

Functional Enhancements

• improve validation on intoto v0.0.2 type (#1351)
• add feature to limit HTTP request body length to process (#1334)
• add information about the file size limit (#1313)
• Add script to backfill Redis from Rekor (#1163)
• Feature: add search support for sha512 (#1142)

Quality Enhancements

• fuzzing: refactor OSS-Fuzz build script (#1377)
• Update cloudbuild for cosign 2.0 (#1375)
• Tests - Additional sharding tests (#1180)
• jar type: add fuzzer for 3rd-party dep (#1360)
• update cosign to 2.0.0 and builder image and also cosign flags (#1368)
• fuzzing: move alpine utils to fuzz utils (#1335)
• fuzzing: add seed for alpine fuzzer (#1342)
• jar: add v001 fuzzer (#1327)
• fuzzing: open writer later in fuzz utils (#1326)
• fuzzing: remove tar operations in alpine fuzzer (#1322)
• alpine: add v001 fuzzer (#1316)
• hashedrekord: add v001 fuzzer (#1315)
• fuzzing: add call to IndexKeys in multiple fuzzers (#1302)
• fuzzing: improve cose fuzzer (#1300)
• fuzzing: improve fuzz utils (#1298)
• fuzzing: improve alpine fuzzer (#1273)
• fuzzing: go mod edit go-fuzz-headers (#1272)
• fuzzing: add .options file (#1271)
• fuzzing: build helm fuzzer from correct dir (#1264)
• types: refactor multiple fuzzers (#1258)
• helm: add fuzzer for provenance unmarshalling (#1243)
• pki: add fuzzer (#1256)
• Fuzzing: Add more bug detectors (#1253)
• Refactor e2e - part 5 (#1236)
• Removed unused tool/deps (#1244)
• Fixed the invalid path (#1245)
• Run latest fuzzers in OSS-Fuzz (#1221)
• Fuzz tests - hashedrekord (#1224)
• Update builder (#1228)
• Revamping rekor e2e - part 4 of N (#1218)
• types: add fuzzers (#1225)
• jar type: add fuzzer (#1215)
• Revamping rekor e2e - part 3 of N (#1177)
• modify OSS-Fuzz build script (#1214)
• move over oss-fuzz build script (#1204)
• wrap redis client errors to aid debugging (#1176)
• don't test release candidate builds in harness (#1183)
• types/alpine: add fuzzer (#1200)
• logging tweaks to improve usability (#1235)
• Add backfill-redis to the release artifacts (#1174)
• ensure jobs run on release branches (#1181)
• update builder image and cosign (#1165)
• Refactor e2e tests - x509 apk (#1152)
• Sharding - Additional tests (#1156)
• Ran gofmt and cleaned up (#1157)
• Fuzz - Fuzz tests for sharding (#1147)
• Revamping rekor e2e - part 1 of N (#1089)

Bug Fixes

• remove goroutine usage from SearchLogQuery (#1407)
• drop log messages regarding attestation storage to debug (#1408)
• fix ko-local build (#1381)
• disable blocking checks (#1353)
• fix validation for proposed vs committed log entries for intoto v0.0.1 (#1309)
• fix: fix regex for multi-digit counts (#1321)
• return NotFound if treesize is 0 rather than calling trillian (#1311)
• enumerate slice to get sugared logs (#1312)
• put a reasonable size limit on ssh key reader (#1288)
• CLIENT: Fix Custom Host and Path Issue (#1306)
• do not persist local state if log is empty; fail consistency proofs from 0 size (#1290)
• correctly handle invalid or missing pki format (#1281)
• Add Verifier to get public key/cert and identities for entry type (#1210)
• fix goroutine leak in client; add insecure TLS option (#1238)
• Fix - Remove the force-recreate flag (#1179)
• trim whitespace around public keys before parsing (#1175)
• stop inserting envelope hash for intoto:0.0.2 types into index (#1171)
• Revert "remove double encoding of payload and signature fields for intoto (#1150)" (#1158)
• remove double encoding of payload and signature fields for intoto (#1150)
• fix SearchLogQuery behavior to conform to openapi spec (#1145)
• Remove pem-certificate-chain from client (#1138)
• fix flag type for operator in search (#1136)
• use sigstore/community dep review (#1132)

Contributors

• AdamKorcz
• Batuhan Apaydın
• Bob Callaway
• Carlos Tadeu Panato Junior
• Fabian Kammel
• Fredrik Skogman
• Hayden B
• Joyce
• Naveen
• Noah Kreiger
• Priya Wadhwa

v1.0.1

Enhancements

• stop inserting envelope hash for intoto:0.0.2 types into index (#1171) (#1172)

Bug Fixes

• ensure jobs run on release branches (#1181) (#1182)

Contributors

• Bob Callaway

v1.0.0

Rekor is 1.0! No changes, as this is tagged at the same commit as v1.0.0-rc.1.

Thank you to all of the contributors to Rekor in the past couple years who helped make Rekor 1.0 possible!

Contributors

• Aastha Bist
• Aditya Sirish
• Ahmet Alp Balkan
• Andrew Block
• Appu
• Asra Ali
• axel simon
• Azeem Shaikh
• Batuhan Apaydın
• Bob Callaway
• Carlos Tadeu Panato Junior
• Ceridwen Driskill
• Christian Rebischke
• Dan Lorenc
• Dan Luhring
• Eddie Zaneski
• Efe Barlas
• Fredrik Skogman
• Harry Fallows
• Hayden B
• Hector Fernandez
• Jake Sanders
• Jason Hall
• Jehan Shah
• John Speed Meyers
• Kenny Leung
• Koichi Shiraishi
• Lily Sturmann
• Luke Hinds
• Mikhail Swift
• Morten Linderud
• Nathan Smith
• Naveen
• Olivier Cedric Barbier
• Parth Patel
• Priya Wadhwa
• Robert James Hernandez
• Romain Aviolat
• Samsondeen
• Sascha Grunert
• Scott Nichols
• Shiwei Zhang
• Simon Kent
• Sylvestre Ledru
• Tiziano Santoro
• Trishank Karthik Kuppusamy
• Ville Aikas
• dhaus67
• endorama
• kpcyrd

v1.0.0-rc.1

Enhancements

• add retry command line flag on rekor-cli (#1097)
• Add some info and debug logging to commonly used funcs (#1106)

Contributors

• Bob Callaway
• Priya Wadhwa

v1.0-rc

Enhancements

• update swagger API version to 1.0.0 (#1102)
• verify: verify checkpoint's STH against the inclusion proof root hash (#1092)
• add ability to enable/disable specific rekor API endpoints (#1080)
• enable configurable client retries with backoff in RekorClient (#1096)

Bug Fixes

• remove unused RekorVersion API definition (#1101)
• remove unused api-key and timestamp references (#1098)

Contributors

• Bob Callaway
• asraa

v0.12.2

Enhancements

• add changelog for 0.12.0 and 0.12.1 (#1064)
• add description on /api/v1/index/retrieve endpoint (#1073)
• Adding e2e test coverage (#1071)
• export rekor build/version information (#1074)

Bug Fixes

• Search through all shards when searching by hash (#1082)
• Use POST instead of GET for /api/log/entries/retrieve metrics (#1083)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Ceridwen Driskill
• Simon Kent
• Priya Wadhwa

v0.12.1

** Rekor v0.12.1 comes with a breaking change to rekor-cli v0.12.1. Users of rekor-cli MUST upgrade to the latest version ** The addition of the intotov2 created a breaking change for the rekor-cli

Enhancements

• Adds new rekor metrics for latency and QPS. (#1059)
• feat: add file based signer and password (#1049)

Bug Fixes

• fix: fix harness tests with intoto v0.0.2 (#1052)

Contributors

• Asra Ali (@asraa)
• Simon Kent (@var-sdk)

v0.12.0

Enhancements

• remove /api/v1/version endpoint (#1022)
• Include checkpoint (STH) in entry upload and retrieve responses (#1015)
• Validate tree ID on calls to /api/v1/log/entries/retrieve (#1017)
• feat: add verification functions (#986)
• Change Checkpoint origin to be "Hostname - Tree ID" (#1013)
• Add bounds on number of elements in api/v1/log/entries/retrieve (#1011)
• Intoto v0.0.2 (#973)
• api.SearchLogQueryHandler thread safety (#1006)
• enable blocking specific pluggable type versions from being inserted into the log (#1004)
• check supportedVersions list rather than directly reading from version map (#1003)

Bug Fixes

• fix retrieve endpoint response code and add testing (#1043)
• Fix harness tests @ main (#1038)
• Fix rekor-cli backwards incompatibility & run harness tests against HEAD (#1030)
• fix: use entry uuid uniformly (#1012)

Others

• Fetch all tags in harness tests (#1039)

Contributors

• Asra Ali (@asraa)
• Bob Callaway (@bobcallaway)
• Carlos Tadeu Panato Junior (@cpanato)
• Ceridwen Driskill (@cdris)
• Hayden Blauzvern (@haydentherapper)
• Kenny Leung (@k4leung4)
• Mikhail Swift (@mikhailswift)
• Parth Patel (@pxp928)
• Priya Wadhwa (@priyawadhwa)

v0.11.0

Enhancements

• add support for intersection & union in search operations (#968)
• Allow sharding config to be written in yaml or json (#974)
• update field documentation on publicKey for hashedrekord (#969)
• compute payload and envelope hashes upon validating intoto proposed entries (#967)
• Add prometheus summary to track metric latency (#966)
• Add harness test for getting all entries by UUID and EntryID (#957)
• Persist and check attestations across harness tests (#952)
• Add rekor harness tests for adding and getting entries from previous versions (#945)

Bug Fixes

• fix: make rekor verify work with sharded uuids (#970)
• fix incorrect schema id for cose type (#979)
• fix nil-pointer error when artifact-hash is passed without artifact (#965)
• change default value for rekor_server.hostname to server's hostname (#963)
• api: fix inclusion proof verification flake (#956)

Others

• Update sccorecard-action to v2:alpha (#987)
• add changelog for v0.11.0 release (#982)
• remove trailing slash on directories (#984)
• update builder and cosign images (#981)
• Bump github.com/go-openapi/spec from 0.20.6 to 0.20.7 (#976)
• Bump github.com/go-openapi/loads from 0.21.1 to 0.21.2 (#977)
• Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 (#978)
• Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#975)
• Bump github.com/mediocregopher/radix/v4 from 4.1.0 to 4.1.1 (#972)
• Bump actions/github-script from 6.1.0 to 6.1.1 (#971)
• Bump github.com/go-openapi/errors from 0.20.2 to 0.20.3 (#964)
• Bump gopkg.in/ini.v1 from 1.66.6 to 1.67.0 (#960)
• Bump go.uber.org/zap from 1.21.0 to 1.22.0 (#961)
• Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 (#959)
• Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 (#958)
• Bump github/codeql-action from 2.1.17 to 2.1.18 (#955)
• Bump golang from 1.18.4 to 1.18.5 (#950)
• Bump golang from 6e10f44 to 8a62670 (#948)
• Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (#947)

Contributors

• Asra Ali (@asraa)
• Azeem Shaikh (@azeemshaikh38)
• Bob Callaway (@bobcallaway)
• Carlos Tadeu Panato Junior (@cpanato)
• Samsondeen (@dsa0x)
• Priya Wadhwa (@priyawadhwa)

v0.10.0

** Note: Rekor will not send application/yaml responses anymore only application/json responses

Enhancements

• Drop application/yaml content type (#933)
• Return 404 if entry isn't found in log (#915)
• reuse dsse signature wrappers instead of having a copy (#912)

Others

• update go mod in hack/tools to go1.18 (#935)
• Enable Scorecard badge (#941)
• Add rekor test harness to presubmit tests (#921)
• Bump imjasonh/setup-ko from 0.4 to 0.5 (#940)
• update go builder and cosign image (#934)
• Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 (#937)
• Bump github.com/google/trillian from 1.4.1 to 1.4.2 in /hack/tools (#939)
• Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#936)
• Bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3 (#930)
• Update cosign image in validate-release job (#931)
• Bump sigs.k8s.io/release-utils from 0.7.1 to 0.7.2 (#927)
• Bump github.com/veraison/go-cose from 1.0.0-alpha.1 to 1.0.0-rc.1 (#928)
• Bump actions/dependency-review-action from 2.0.2 to 2.0.4 (#925)
• Bump github/codeql-action from 2.1.15 to 2.1.16 (#924)
• Bump golang from 1.18.3 to 1.18.4 (#919)
• Bump google.golang.org/grpc from 1.47.0 to 1.48.0 (#920)
• Bump actions/setup-go from 3.2.0 to 3.2.1 (#916)
• Updates on the release job/makefile cleanup (#914)
• add changelog for v0.9.1 (#911)

Contributors

• Azeem Shaikh (@azeemshaikh38)
• Bob Callaway (@bobcallaway)
• Carlos Tadeu Panato Junior (@cpanato)
• Hayden Blauzvern (@haydentherapper)
• Priya Wadhwa (@priyawadhwa)

v0.9.1

Enhancements

• Optimize lookup of attestation from storage layer (#909)
• feat: add subject URIs to index for x509 certificates (#897)
• ensure log messages have requestID where possible (#907)
• Check inactive shards for UUID for /retrieve endpoint (#905)

Bug Fixes

• Fix bug where /retrieve endpoint returns wrong logIndex across shards (#908)
• fix: sql syntax in dbcreate script (#903)

Others

• cleanup makefile with generated code; cleanup unused files (#910)
• Bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.1 (#906)
• Pin release-utils to v0.7.1 (#904)
• Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (#898)

Contributors

• Asra Ali (@asraa)
• Bob Callaway (@bobcallaway)
• Priya Wadhwa (@priyawadhwa)
• Romain Aviolat (@xens)
• Sascha Grunert (@saschagrunert)

v0.9.0

Enhancements

• Add COSE support to Rekor (#867)

Bug Fixes

• Resolve virtual log index when calling /api/v1/log/entries/retrieve endpoint (#894)
• Fix intoto index keys (#889)
• ensure fallback logic executes if attestation key is empty when fetching attestation (#878)

Others

• Bump github/codeql-action from 2.1.14 to 2.1.15 (#893)
• Bump ossf/scorecard-action from 1.1.1 to 1.1.2 (#888)
• Bump github/codeql-action from 2.1.13 to 2.1.14 (#885)
• add changelog for v0.8.2 (#882)
• Bump github/codeql-action from 2.1.12 to 2.1.13 (#880)
• Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#881)

Contributors

• Bob Callaway (@bobcallaway)
• Carlos Tadeu Panato Junior (@cpanato)
• Fredrik Skogman (@kommendorkapten)
• Priya Wadhwa (@priyawadhwa)

v0.8.2

Bug Fixes

• ensure fallback logic executes if attestation key is empty when fetching attestation (#878)

Others

• Bump github/codeql-action from 2.1.12 to 2.1.13 (#880)
• Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#881)
• collect docker-compose logs if sharding tests fail, also trim IDs (#869)

Contributors

• Bob Callaway (@bobcallaway)

v0.8.1

Bug Fixes

• Allow an expired certificate chain to be uploaded and verified (#873)
• Fix indexing bug for intoto attestations (#870)

Others

• Bump actions/dependency-review-action from 1.0.2 to 2 (#871)
• Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 (#868)
• add changelog for v0.8.0 (#866)

Contributors

• Carlos Tadeu Panato Junior (@cpanato)
• Hayden Blauzvern (@haydentherapper)
• Priya Wadhwa (@priyawadhwa)

v0.8.0

Enhancements

• Print total tree size, including inactive shards in rekor-cli loginfo (#864)
• Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint (#859)
• Improve error message when using ED25519 with HashedRekord type (#862)

Others

• Bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#844)
• Bump github.com/go-openapi/validate from 0.21.0 to 0.22.0 (#863)
• update go.mod to go1.17 (#861)
• update cross-builder image to use go1.17.11 and dockerfile base image (#860)
• Bump github/codeql-action from 2.1.11 to 2.1.12 (#858)
• Bump ossf/scorecard-action from 1.1.0 to 1.1.1 (#857)
• Bump google.golang.org/grpc from 1.46.2 to 1.47.0 (#852)
• Bump github.com/secure-systems-lab/go-securesystemslib (#853)
• Configure rekor server in e2e tests via env variable (#850)
• Bump gopkg.in/ini.v1 from 1.66.5 to 1.66.6 (#848)
• Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. (#847)
• Bump gopkg.in/ini.v1 from 1.66.4 to 1.66.5 (#846)

Contributors

• Carlos Tadeu Panato Junior (@cpanato)
• dhaus67 (@dhaus67)
• Hayden Blauzvern (@haydentherapper)
• Priya Wadhwa (@priyawadhwa)

v0.7.0

Breaking Change: Removed timestamping authority API. This is a breaking API change. If you are relying on the timestamping authority to issue signed timestamps, create signed timestamps using either OpenSSL or a service such as FreeTSA.

Enhancements

• Remove timestamping authority (#813)
• Limit the number of certificates parsed in a chain (#823)
• Retrieve shard tree length if it isn't provided in the config (#810)
• Don't try to index on hash for intoto obj if one isn't available (#800)
• intoto: add index on materials digest of slsa provenance (#793)
• remove URL fetch of keys/artifacts server-side (#735)

Others

• all: remove dependency on deprecated github.com/pkg/errors (#834)
• Add back owners for rfc3161 package type (#833)
• Bump google-github-actions/auth from 0.7.2 to 0.7.3 (#832)
• Bump github/codeql-action from 2.1.10 to 2.1.11 (#829)
• Bump google-github-actions/auth from 0.7.1 to 0.7.2 (#830)
• Bump google.golang.org/grpc from 1.46.0 to 1.46.2 (#828)
• Bump actions/dependency-review-action (#825)
• Bump actions/github-script from 6.0.0 to 6.1.0 (#826)
• Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 (#827)
• update go to 1.17.10 in the dockerfile (#819)
• Bump github.com/google/trillian from 1.4.0 to 1.4.1 in /hack/tools (#818)
• Bump github.com/google/trillian from 1.4.0 to 1.4.1 (#817)
• Bump actions/setup-go from 3.0.0 to 3.1.0 (#822)
• Bump github/codeql-action (#821)
• update release builder images to use go 1.17.10 and cosign image to 1.18.0 (#820)
• Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#815)
• Bump github/codeql-action from 2.1.9 to 2.1.10 (#816)
• Bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 (#811)
• Bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 (#802)
• Move trillian/merkly to transparency-dev (#807)
• Bump github.com/go-playground/validator/v10 from 10.10.1 to 10.11.0 (#803)
• chore(deps): Included dependency review (#788)
• Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#799)
• Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#794)
• Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 (#795)
• Bump github/codeql-action from 2.1.8 to 2.1.9 (#796)
• Bump google.golang.org/grpc from 1.45.0 to 1.46.0 (#791)
• Bump google-github-actions/auth from 0.7.0 to 0.7.1 (#790)
• Bump actions/checkout from 3.0.1 to 3.0.2 (#786)
• Bump codecov/codecov-action from 3.0.0 to 3.1.0 (#785)
• Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 (#782)
• Bump github.com/mediocregopher/radix/v4 from 4.0.0 to 4.1.0 (#781)
• Bump anchore/sbom-action from 0.10.0 to 0.11.0 (#779)
• Bump actions/checkout from 3.0.0 to 3.0.1 (#778)
• Bump github.com/spf13/viper from 1.10.1 to 1.11.0 (#777)
• Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 (#776)

Contributors

• Asra Ali (@asraa)
• Bob Callaway (@bobcallaway)
• Carlos Tadeu Panato Junior (@cpanato)
• Hayden Blauzvern (@haydentherapper)
• Koichi Shiraishi (@zchee)
• Naveen Srinivasan (@naveensrinivasan)
• Priya Wadhwa (@priyawadhwa)

v0.6.0

Notice: The server side remote fetching of resources will be removed in the next release

Enhancements

• Create EntryID for new artifacts and return EntryID to user (#623)
• Add search through inactive shards for GET by UUID (#750)
• Add in configmap to release for sharding config (#766)
• set p.Block after parsing; other cleanup (#759)
• Add index to hashed intoto envelope (#761)
• Add the SHA256 digest of the intoto payload into the rekor entry (#764)
• Add support for providing certificate chain for X509 signature types (#747)
• Specify public key for inactive shards in shard config (#746)
• Use active tree on server startup (#727)
• Require tlog_id when inactive shard config file is passed in (#739)
• Replace trillian_log_server.log_id_ranges flag with a config file (#742)
• Update loginfo API endpoint to return information about inactive shards (#738)
• Refactor rekor-cli loginfo (#734)
• Get log proofs by Tree ID (#733)
• Return virtual index when creating and getting a log entry (#725)
• Clearer logging for createAndInitTree (#724)
• Change TreeID to be of type string instead of int64 (#712)
• Switch to using the swag library for pointer manipulation. (#719)
• Make the loginfo command a bit more future/backwards proof. (#718)
• Use logRangesFlag in API, route reads based on TreeID (#671)
• Set rekor-cli User-Agent header on requests (#684)
• create namespace for rekor config in yaml. (#680)
• add securityContext to deployment. (#678)
• Move k8s objects out of the default namespace (#674)

Bug Fixes

• Fix search without sha prefix (#767)
• Fix link in types README (#765)
• fix typo in filename (#758)
• fix build date format for version command (#745)
• fix merge conflict (#720)

Documentation

• Add documentation about Alpine type (#697)
• update security process link (#685)
• Add intoto type documentation (#679)
• Add docs about API stabilitly and deprecation policy (#661)

Others

• Bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 (#768)
• Bump anchore/sbom-action from 0.9.0 to 0.10.0 (#763)
• Bump github/codeql-action from 2.1.7 to 2.1.8 (#762)
• Update release jobs and trillian images (#756)
• Bump sigstore/cosign-installer from 2.1.0 to 2.2.0 (#757)
• Bump anchore/sbom-action from 0.8.0 to 0.9.0 (#754)
• Bump codecov/codecov-action from 2.1.0 to 3 (#753)
• Bump github/codeql-action from 2.1.6 to 2.1.7 (#752)
• Bump google-github-actions/auth from 0.6.0 to 0.7.0 (#751)
• Bump github/codeql-action from 1.1.5 to 2.1.6 (#748)
• Bump anchore/sbom-action from 0.7.0 to 0.8.0 (#743)
• Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 (#744)
• Bump github.com/go-openapi/runtime from 0.23.2 to 0.23.3 (#740)
• Bump github/codeql-action from 1.1.4 to 1.1.5 (#736)
• Use reusuable release workflow in sigstore/sigstore (#729)
• Fix copy/paste mistake in repo name. (#730)
• Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 (#728)
• Bump golang from ca70980 to c7c9458 (#722)
• Bump google.golang.org/grpc from 1.44.0 to 1.45.0 (#723)
• Add sharding e2e test to Github Actions (#714)
• Bump github.com/go-playground/validator/v10 from 10.10.0 to 10.10.1 (#717)
• Bump github/codeql-action from 1.1.3 to 1.1.4 (#716)
• Add trillian container to existing release. (#715)
• Bump golang from 0168c35 to ca70980 (#707)
• Mirror signed release images from GCR to GHCR as part of release (#701)
• Bump anchore/sbom-action from 0.6.0 to 0.7.0 (#709)
• Bump github.com/go-openapi/runtime from 0.23.1 to 0.23.2 (#710)
• Bump sigstore/cosign-installer from 2.0.1 to 2.1.0 (#708)
• Generate release yaml artifact. (#702)
• Bump actions/upload-artifact from 2.3.1 to 3 (#704)
• Go update to 1.17.8 and cosign to 1.6.0 (#705)
• Consistent parenthesis use in Makefile (#700)
• add code coverage to pull request. (#676)
• Bump actions/checkout from 2.4.0 to 3 (#698)
• Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1 (#696)
• Bump actions/setup-go from 2.2.0 to 3.0.0 (#694)
• Bump github.com/secure-systems-lab/go-securesystemslib (#695)
• Bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 (#693)
• Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0 (#692)
• Bump golangci/golangci-lint-action from 2.5.2 to 3 (#691)
• Bump github/codeql-action from 1.1.2 to 1.1.3 (#690)
• Bump github.com/go-openapi/runtime from 0.23.0 to 0.23.1 (#689)
• explicitly set permissions for github actions (#687)
• Bump sigstore/cosign-installer from 2.0.0 to 2.0.1 (#686)
• Bump ossf/scorecard-action from 1.0.3 to 1.0.4 (#683)
• Bump github/codeql-action from 1.1.0 to 1.1.2 (#682)
• Bump actions/github-script from 5.1.0 to 6 (#669)
• Bump github/codeql-action from 1.0.32 to 1.1.0 (#668)
• update cross-build and dockerfile to use go 1.17.7 (#666)
• Bump gopkg.in/ini.v1 from 1.66.3 to 1.66.4 (#664)
• Bump actions/setup-go from 2.1.5 to 2.2.0 (#663)
• Bump golang from 301609e to fff998d (#662)
• use upstream k8s version lib (#657)
• Bump github/codeql-action from 1.0.31 to 1.0.32 (#659)
• Bump go.uber.org/zap from 1.20.0 to 1.21.0 (#660)
• Bump github.com/go-openapi/strfmt from 0.21.1 to 0.21.2 (#656)
• Bump github.com/go-openapi/runtime from 0.22.0 to 0.23.0 (#655)
• Update the warning text for the GA release. (#654)
• attempting to fix codeowners file (#653)
• update release job (#651)
• Bump google-github-actions/auth from 0.5.0 to 0.6.0 (#652)

Contributors

• Asra Ali (@asraa)
• Bob Callaway (@bobcallaway)
• Carlos Tadeu Panato Junior (@cpanato)
• Dan Lorenc (@dlorenc)
• Eddie Zaneski (@eddiezane)
• Hayden Blauzvern (@haydentherapper)
• John Speed Meyers
• Kenny Leung (@k4leung4)
• Lily Sturmann (@lkatalin)
• Priya Wadhwa (@priyawadhwa)
• Scott Nichols (@n3wscott)

v0.5.0

Highlights

• Add Rekor logo to README (#650)
• update API calls to v5 (#591)
• Refactor helm type to remove intermediate state. (#575)
• Refactor the shard map parsing so we can pass it down into the API object. (#564)
• Refactor the alpine type to reduce intermediate state. (#573)

Enhancements

• Add logic to GET artifacts via old or new UUID (#587)
• helpful error message for hashedrekord types (#605)
• Set Accept header in dynamic counter requests (#594)
• Add sharding package and update validators (#583)
• rekor-cli: show the url in case of error (#581)
• Enable parsing of incomplete minisign keys, to enable re-indexing. (#567)
• Cleanups on the TUF pluggable type. (#563)
• Refactor the RPM type to remove more intermediate state. (#566)
• Do some cleanups of the jar type to remove intermediate state. (#561)

Others

• Update Makefile (#621)
• update version comments since dependabot doesn't do it (#617)
• Use workload identity provider instead of GitHub Secret for GCR access (#600)
• add OSSF scorecard action (#599)
• enable the sbom for rekor releases (#586)
• Point to the official website (instead of a 404) (#580)
• add milestone to closed prs (#574)
• Add a Makefile target for the "ko apply" step. (#572)
• types/README.md: Corrected documentation link (#568)

Dependencies Updates

• Bump github.com/prometheus/client_golang from 1.12.0 to 1.12.1 (#636)
• Bump github.com/go-openapi/runtime from 0.21.1 to 0.22.0 (#635)
• Bump github.com/go-openapi/swag from 0.19.15 to 0.20.0 (#634)
• Bump golang from f71d4ca to 301609e (#627)
• Bump golang from 0fa6504 to f71d4ca (#624)
• Bump google.golang.org/grpc from 1.43.0 to 1.44.0 (#622)
• Bump github/codeql-action from 1.0.29 to 1.0.30 (#619)
• Bump ossf/scorecard-action from 1.0.1 to 1.0.2 (#618)
• bump swagger and go mod tidy (#616)
• Bump github.com/go-openapi/runtime from 0.21.0 to 0.21.1 (#614)
• Bump github.com/go-openapi/errors from 0.20.1 to 0.20.2 (#613)
• Bump google-github-actions/auth from 0.4.4 to 0.5.0 (#612)
• Bump github/codeql-action from 1.0.28 to 1.0.29 (#611)
• Bump gopkg.in/ini.v1 from 1.66.2 to 1.66.3 (#608)
• Bump github.com/google/go-cmp from 0.5.6 to 0.5.7 (#609)
• Update github/codeql-action requirement to 8a4b243fbf9a03a93e93a71c1ec257347041f9c4 (#606)
• Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0 (#607)
• Bump ossf/scorecard-action from 0fe1afdc40f536c78e3dc69147b91b3ecec2cc8a to 1.0.1 (#603)
• Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1 (#602)
• Bump golang from 8c0269d to 0fa6504 (#597)
• Pin dependencies in github action workflows and Dockerfile (#595)
• update release image to use go 1.17.6 (#589)
• Bump golang from 1.17.5 to 1.17.6 (#588)
• Bump go.uber.org/goleak from 1.1.11 to 1.1.12 (#585)
• Bump go.uber.org/zap from 1.19.1 to 1.20.0 (#584)
• Bump github.com/go-playground/validator/v10 from 10.9.0 to 10.10.0 (#579)
• Bump actions/github-script from 4 to 5 (#577)

Contributors

• Asra Ali (@asraa)
• Bob Callaway (@bobcallaway)
• Carlos Tadeu Panato Junior (@cpanato)
• Dan Lorenc (@dlorenc)
• Jason Hall (@imjasonh)
• Lily Sturmann (@lkatalin)
• Morten Linderud (@Foxboron)
• Nathan Smith (@nsmith5)
• Sylvestre Ledru (@sylvestre)
• Trishank Karthik Kuppusamy (@trishankatdatadog)

v0.4.0

Highlights

• Adds hashed rekord type that can be used to upload signatures along with the hashed content signed (#501)

Enhancements

• Update the schema to match that of Trillian repo. The map specific (#528)
• allow setting the user-agent string sent from the client (#521)
• update key usage for ts cert (#504)
• api/index/retrieve: allow searching on indicies with sha1 hashes (#499)
• Only include Attestation data if attestation storage enabled (#494)
• Fuzzing RequestFromRekor API (#488)
• Included pprof for profiling the application. (#485)
• refactor release and add signing (#483)
• More verbose error message for redis connection failure (#479) (#480)
• Fixed modtime for reproducible goreleaser (#473)
• add goreleaser and cloudbuild for releases (#443)
• Add dynamic JS tree size counter (#468)
• check that entry UUID == leafHash of returned entry (#469)
• chore: upgrade cosign version (#465)
• Reproducible builds with trimpath (#464)
• correct links, add Table of Contents of sorts (#449)
• update go tuf for rsa key impl (#446)
• Canonicalize JSON before inserting into trillian (#445)
• Export search UUIDs field (#438)
• Add a flag to start specifying log index ranges for virtual indices. (#435)
• Cleanup some initialization/flag parsing in rekor-server. (#433)
• Drop 404 errors down to a warning. (#426)
• Cleanup the output of search (the text goes to stderr not stdout). (#421)
• remove extradata field from types (#418)
• Update usage of ./cmd/rekor-cli/ from rekor to rekor-cli (#417)
• Add TUF type (#383)
• Updates to INSTALLATION.md notes (#415)
• Update snippets to use console type for snippets (#410)
• version: add way to display a version when using go get or go install (#405)
• Use an in memory timestamping key (#402)
• Links are case sensitive (#401)
• Installation guide (#400)
• Add a SignedTimestampNote (#397)
• Provide instructions on verifying releases (#399)
• rekor-server: add html page when humans reach the server via the browser (#394)
• use go modules to track tools (#395)

Bug Fixes

• bug: fix minisign prehashed entries (#639)
• fix timestamp addition and unmarshal (#525)
• Correct & parallelize tests (#522)
• Fix fuzz go.sum issue (#509)
• fix validation error (#503)
• Correct Helm index keys (#474)
• Fix a bug in x509 certificate handling. (#461)
• Fix a conflict from parallel dependabot merges. (#456)
• fix tuf metadata marshalling (#447)
• Switch DSSE provider to go-securesystemslib (#442)
• fix unmarshalling sth (#409)
• Fix port flag override (#396)
• makefile: small fix on the makefile for the rekor-server (#393)

Dependencies Updates

• Bump github.com/spf13/viper from 1.9.0 to 1.10.0 (#531)
• Bump sigstore/cosign-installer from 1.3.1 to 1.4.1 (#530)
• Bump the DSSE signing library. (#529)
• Bump golang from 1.17.4 to 1.17.5 (#527)
• Bump golang from 1.17.3 to 1.17.4 (#523)
• Bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (#520)
• Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 (#517)
• Bump github.com/secure-systems-lab/go-securesystemslib (#516)
• Bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (#513)
• Upgraded go-playground/validator module to v10 (#507)
• Bump gopkg.in/ini.v1 from 1.63.2 to 1.64.0 (#495)
• Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (#510)
• Bump the trillian import to v1.4.0. (#502)
• Bump the trillian versions to v1.4.0 in our docker-compose setup. (#500)
• update go.mod for go-fuzz (#496)
• Bump sigstore/cosign-installer from 1.3.0 to 1.3.1 (#491)
• Bump golang from 1.17.2 to 1.17.3 (#482)
• Bump google.golang.org/grpc from 1.41.0 to 1.42.0 (#478)
• Bump actions/checkout from 2.3.5 to 2.4.0 (#477)
• Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 (#470)
• bump go-swagger to v0.28.0 (#463)
• Bump github.com/in-toto/in-toto-golang from 0.3.2 to 0.3.3 (#459)
• Bump actions/checkout from 2.3.4 to 2.3.5 (#458)
• Bump github.com/mediocregopher/radix/v4 from 4.0.0-beta.1 to 4.0.0 (#460)
• Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 (#451)
• Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 (#454)
• Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 (#453)
• Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 (#452)
• Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 (#450)
• Bump golang from 1.17.1 to 1.17.2 (#448)
• Bump google.golang.org/grpc from 1.40.0 to 1.41.0 (#441)
• Bump golang.org/x/mod from 0.5.0 to 0.5.1 (#440)
• Bump github.com/spf13/viper from 1.8.1 to 1.9.0 (#439)
• Bump gopkg.in/ini.v1 from 1.63.0 to 1.63.2 (#437)
• Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 (#436)
• Bump gocloud to v0.24.0. (#434)
• Bump golang from 1.17.0 to 1.17.1 (#432)
• Bump go.uber.org/zap from 1.19.0 to 1.19.1 (#431)
• Bump gopkg.in/ini.v1 from 1.62.0 to 1.63.0 (#429)
• Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 (#425)
• Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 (#423)
• Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 (#422)
• Bump golang from 1.16.7 to 1.17.0 (#413)
• Bump golang.org/x/mod from 0.4.2 to 0.5.0 (#412)
• Bump google.golang.org/grpc from 1.39.1 to 1.40.0 (#411)
• Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 (#408)
• Bump go.uber.org/zap from 1.18.1 to 1.19.0 (#407)
• Bump golang from 1.16.6 to 1.16.7 (#403)
• Bump google.golang.org/grpc from 1.39.0 to 1.39.1 (#404)

Contributors

• Aditya Sirish (@adityasaky)
• Andrew Block (@sabre1041)
• Asra Ali (@asraa)
• Axel Simon (@axelsimon)
• Batuhan Apaydın (@developer-guy)
• Bob Callaway (@bobcallaway)
• Carlos Panato (@cpanato)
• Dan Lorenc (@dlorenc)
• Dan Luhring (@luhring)
• Harry Fallows (@harryfallows)
• Hector Fernandez (@hectorj2f)
• Jake Sanders (@dekkagaijin)
• Jason Hall (@imjasonh)
• Lily Sturmann (@lkatalin)
• Luke Hinds (@lukehinds)
• Marina Moore (@mnm678)
• Mikhail Swift (@mikhailswift)
• Naveen Srinivasan (@naveensrinivasan)
• Robert James Hernandez (@sarcasticadmin)
• Santiago Torres (@SantiagoTorres)
• Tiziano Santoro (@tiziano88)
• Trishank Karthik Kuppusamy (@trishankatdatadog)
• Ville Aikas (@vaikas)
• kpcyrd (@kpcyrd)