Skip to content

v1.0.0
Compare
Choose a tag to compare
@github-actions github-actions released this 15 Aug 01:12
· 259 commits to main since this release
v1.0.0
This tag was signed with the committer’s verified signature.
shizhMSFT Shiwei Zhang
SSH Key Fingerprint: /USo+/l2qt5BGyRz/au8alBhetBI7qMvFrGJrnBg0kg
Verified
Learn about vigilant mode.
80e3fc4
This commit was signed with the committer’s verified signature.
shizhMSFT Shiwei Zhang
SSH Key Fingerprint: /USo+/l2qt5BGyRz/au8alBhetBI7qMvFrGJrnBg0kg
Verified
Learn about vigilant mode.

Notation CLI V1

notation is a CLI reference implementation of the Notary Project Specifications v1.0.0 to sign and verify artifacts with signatures as standard items in the OCI registry ecosystem. After a long journey of development, notation has reached a notable milestone for its first stable release v1.0.0. 🎉🎉🎉

Important

Experimental features are intended for testing and evaluation purposes only and should not be used in production environments. Experimental features can be enabled by setting the environment variable NOTATION_EXPERIMENTAL=1.

Release blog posts of previous RC versions can be found at notaryproject.dev.

Key Features

Experimental Features

Security Audit

What's Changed Since RC.7

Bug Fixes

  • Fix #696: desktop.exe credential store is not supported in WSL
  • Fix #697: notation login fails to detect existing credentials for docker.io

Other Changes

  • Minor security improvements (#746)
  • Better code quality with more E2E tests cases
  • Better debug tracing
  • Dependency updates

Detailed Commits

  • fix(test): E2E test cases for OCI layout by @JeyJeyGao in #692
  • build(deps): Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by @dependabot in #702
  • fix: fix the issue with getting credentials for docker.io by @Wwwsylvia in #703
  • build(deps): Bump github.com/notaryproject/notation-go from 1.0.0-rc.3 to 1.0.0-rc.6 in /test/e2e/plugin by @dependabot in #710
  • fix: Updating documentation with AWS Plugin support by @priteshbandi in #711
  • fix: login and logout will leverage docker config and os default store by @Wwwsylvia in #712
  • chore: update issue templates by @yizha1 in #594
  • bump: bump oras-credentials-go v0.2.0 by @wangxiaoxuan273 in #717
  • build(deps): Bump golang.org/x/term from 0.8.0 to 0.9.0 by @dependabot in #716
  • fix(e2e): update testdata OCI layout images by @JeyJeyGao in #727
  • build(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in #724
  • [StepSecurity] ci: Harden GitHub Actions for fixing Pinned-Dependencies by @step-security-bot in #731
  • [StepSecurity] ci: Harden GitHub Actions for fixing Token-Permissions by @step-security-bot in #730
  • build(deps): Bump oras.land/oras-go/v2 from 2.2.0 to 2.2.1 by @dependabot in #735
  • chore: add license header to files and github action workflow to check license by @Two-Hearts in #739
  • build(deps): Bump golang.org/x/term from 0.9.0 to 0.10.0 by @dependabot in #734
  • build(deps): Bump actions/checkout from 3.0.2 to 3.5.3 by @dependabot in #737
  • build(deps): Bump actions/add-to-project from 0da8e46333d7b6e01d0e857452a1e99cb47be205 to edc057aef96b993afe5d68104418f68a536264aa by @dependabot in #745
  • build(deps): Bump github/codeql-action from 2.20.1 to 2.20.4 by @dependabot in #742
  • fix: unset NOTATION_USERNAME and NOTATION_PASSWORD to avoid leaking credentials to plugin by @JeyJeyGao in #746
  • feat: add trace for executables by @wangxiaoxuan273 in #744
  • build(deps): Bump github.com/notaryproject/notation-core-go from 1.0.0-rc.4 to 1.0.0 by @dependabot in #752
  • build(deps): Bump github/codeql-action from 2.20.4 to 2.21.0 by @dependabot in #751
  • bump: upgrade notation-go to v1.0.0 by @shizhMSFT in #754
  • doc: update README to align with the new brand name by @FeynmanZhou in #750
  • bump: tag and release v1.0.0 by @shizhMSFT in #748

New Contributors

Full Changelog: v1.0.0-rc.7...v1.0.0

Contributors

priteshbandi, Wwwsylvia, and 8 other contributors
Assets 8
Loading