Bump dev.sigstore:sigstore-java from 1.0.0 to 1.2.0

[dependabot]

Bumps dev.sigstore:sigstore-java from 1.0.0 to 1.2.0.

Release notes

Sourced from dev.sigstore:sigstore-java's releases.

v1.2.0

See CHANGELOG.md for more details.

What's Changed

• Fix checkpoint verification sigstore/sigstore-java@23fb488
• Update versions and changelog by @​loosebazooka in sigstore/sigstore-java#858
• Add arifactDigest as input option for conformance by @​loosebazooka in sigstore/sigstore-java#859

Full Changelog: sigstore/sigstore-java@v1.1.0...v1.2.0

v1.1.0

See CHANGELOG.md for more details.

What's Changed

• update versions after 1.0.0 by @​loosebazooka in sigstore/sigstore-java#800
• Update dependency org.eclipse.jetty:jetty-server to v11.0.24 by @​renovate in sigstore/sigstore-java#803
• Update gradle/actions action to v4.0.1 by @​renovate in sigstore/sigstore-java#804
• Update dependency com.google.errorprone:error_prone_core to v2.31.0 by @​renovate in sigstore/sigstore-java#805
• Update dependency com.google.http-client:google-http-client-bom to v1.45.0 by @​renovate in sigstore/sigstore-java#806
• Update sigstore/community digest to af27ecc by @​renovate in sigstore/sigstore-java#801
• Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.2.2 by @​renovate in sigstore/sigstore-java#802
• Update dependency com.google.guava:guava to v33.3.1-jre by @​renovate in sigstore/sigstore-java#815
• Update actions/checkout action to v4.2.0 by @​renovate in sigstore/sigstore-java#818
• Update actions/setup-java action to v4.4.0 by @​renovate in sigstore/sigstore-java#819
• Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.0 by @​renovate in sigstore/sigstore-java#821
• Update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.7 by @​renovate in sigstore/sigstore-java#816
• Update protobuf_grpc by @​renovate in sigstore/sigstore-java#824
• Update gradle/actions action to v4.1.0 by @​renovate in sigstore/sigstore-java#823
• Update dependency org.mockito:mockito-bom to v5.14.1 by @​renovate in sigstore/sigstore-java#822
• Update sigstore/community digest to 95ef39c by @​renovate in sigstore/sigstore-java#814
• Update dependency org.junit:junit-bom to v5.11.1 by @​renovate in sigstore/sigstore-java#817
• Move known roles in TUF by @​loosebazooka in sigstore/sigstore-java#826
• Separate meta fetching from target fetching by @​loosebazooka in sigstore/sigstore-java#827
• Non inferred file names by @​loosebazooka in sigstore/sigstore-java#828
• Update actions/checkout action to v4.2.1 by @​renovate in sigstore/sigstore-java#830
• Update dependency org.junit:junit-bom to v5.11.2 by @​renovate in sigstore/sigstore-java#831
• Update dependency org.mockito:mockito-bom to v5.14.2 by @​renovate in sigstore/sigstore-java#832
• Update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.8 by @​renovate in sigstore/sigstore-java#833
• Update dependency org.junit:junit-bom to v5.11.3 by @​renovate in sigstore/sigstore-java#835
• Update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.1.0 by @​renovate in sigstore/sigstore-java#834
• Update sigstore/community digest to dcc3c01 by @​renovate in sigstore/sigstore-java#829
• Store meta state in memory by @​loosebazooka in sigstore/sigstore-java#836
• Update tuf updater api surface by @​loosebazooka in sigstore/sigstore-java#839
• More tuf updates for conformance by @​loosebazooka in sigstore/sigstore-java#840
• Start adding tuf conformance by @​loosebazooka in sigstore/sigstore-java#838
• Update protobuf_grpc by @​renovate in sigstore/sigstore-java#842
• Update softprops/action-gh-release action to v2.1.0 by @​renovate in sigstore/sigstore-java#844
• Update actions/setup-go action to v5.1.0 by @​renovate in sigstore/sigstore-java#845
• Update staging and public good embedded starter roots by @​loosebazooka in sigstore/sigstore-java#848

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-java's changelog.

[1.2.0] - 2024-12-4

Added

• Add option to sigstore conformance cli to verify artifact digests in addition to file paths sigstore/sigstore-java#859

Security

• Ensure checkpoints for log inclusion proofs in sigstore bundles are correctly verified. sigstore/sigstore-java@23fb488

[1.1.0] - 2024-11-22

Added

• Update sigstore tuf roots to v10 for staging and public-good sigstore/sigstore-java#848
• Tuf conformance tests for tuf client spec conformance sigstore/sigstore-java#838

Changed

• Allow tuf updater to fetch meta without downloading targets sigstore/sigstore-java#839
• Allow tuf targets and metadata to be stored and fetched separately sigstore/sigstore-java#827

Fixed

• Fix handling of tuf targets in subdirectories sigstore/sigstore-java#853
• Fix tuf spec conformance for valid but duplicate signatures on a role sigstore/sigstore-java#852
• Fix handling of rsa-pss and ed25519 signatures in tuf metadata sigstore/sigstore-java#849

Security

• Ensure log entries in sigstore bundles are entries that correspond to the verification material (signature, artifact, public-key) provided to the verifier. sigstore/sigstore-java#856

Commits

• 23fb488 Merge commit from fork
• d2e8a8d Fix checkpoint signature verification
• f20f4db Merge pull request #859 from sigstore/add_digest_to_conformance
• 7ab9079 Add arifactDigest as input option for conformance
• 763c500 Merge pull request #858 from sigstore/post1.1.0
• a2adec6 Update versions and changelog
• 2e59559 Merge pull request #856 from sigstore/rekor_types
• 1dd557b Rekor Entry should be reconstructued to match
• b440f06 Merge pull request #852 from sigstore/fix_tuf_dup_keys
• 602aa10 Fix test_duplicate_sig_keyids
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cstamas]

@dependabot rebase

[dependabot]

Looks like dev.sigstore:sigstore-java is up-to-date now, so this is no longer needed.