Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/timestamp-authority
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.0.5
Choose a base ref
...
head repository: sigstore/timestamp-authority
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.0.6
Choose a head ref
  • 16 commits
  • 12 files changed
  • 3 contributors

Commits on Mar 3, 2026

  1. Add changelog for v2.0.5 (#1308) 

    Signed-off-by: Hayden <[email protected]>
    @Hayden-IO
    Hayden-IO authored Mar 3, 2026
    Configuration menu
    Copy the full SHA
    f2af9df View commit details
    Browse the repository at this point in the history

Commits on Mar 25, 2026

  1. chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#1318) 

    Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.78.0 to 1.79.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.78.0...v1.79.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 25, 2026
    Configuration menu
    Copy the full SHA
    32702c8 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump the actions group across 1 directory with 5 updates ( 

    …#1319)

Bumps the actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.0.0` | `4.1.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.23.0` | `0.23.1` |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.4` | `4.33.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.3` | `5.0.4` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `5.5.3` |



Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@faadad0...ba7bc0a)

Updates `anchore/sbom-action` from 0.23.0 to 0.23.1
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@17ae174...57aae52)

Updates `github/codeql-action` from 4.32.4 to 4.33.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@89a39a4...b1bff81)

Updates `actions/cache` from 5.0.3 to 5.0.4
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@cdf6c1f...6682284)

Updates `codecov/codecov-action` from 5.5.2 to 5.5.3
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@671740a...1af5884)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: anchore/sbom-action
  dependency-version: 0.23.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: github/codeql-action
  dependency-version: 4.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/cache
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 25, 2026
    Configuration menu
    Copy the full SHA
    7bf4e03 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump the gomod group across 1 directory with 4 updates (#… 

    …1314)

Bumps the gomod group with 3 updates in the / directory: [github.com/go-openapi/errors](https://github.com/go-openapi/errors), [github.com/go-openapi/loads](https://github.com/go-openapi/loads) and [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime).


Updates `github.com/go-openapi/errors` from 0.22.6 to 0.22.7
- [Release notes](https://github.com/go-openapi/errors/releases)
- [Commits](go-openapi/errors@v0.22.6...v0.22.7)

Updates `github.com/go-openapi/loads` from 0.23.2 to 0.23.3
- [Release notes](https://github.com/go-openapi/loads/releases)
- [Commits](go-openapi/loads@v0.23.2...v0.23.3)

Updates `github.com/go-openapi/runtime` from 0.29.2 to 0.29.3
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](go-openapi/runtime@v0.29.2...v0.29.3)

Updates `github.com/go-openapi/strfmt` from 0.25.0 to 0.26.0
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](go-openapi/strfmt@v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/errors
  dependency-version: 0.22.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/go-openapi/loads
  dependency-version: 0.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/go-openapi/runtime
  dependency-version: 0.29.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/go-openapi/strfmt
  dependency-version: 0.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 25, 2026
    Configuration menu
    Copy the full SHA
    2df4290 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#1310) 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.50.0 to 0.51.0.
- [Commits](golang/net@v0.50.0...v0.51.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 25, 2026
    Configuration menu
    Copy the full SHA
    df3259a View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#1312) 

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b7c566a...bbbca2d)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 25, 2026
    Configuration menu
    Copy the full SHA
    1c0676c View commit details
    Browse the repository at this point in the history

Commits on Mar 30, 2026

  1. chore(deps): bump the actions group across 1 directory with 4 updates ( 

    …#1325)

Bumps the actions group with 4 updates in the / directory: [actions/setup-go](https://github.com/actions/setup-go), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer), [anchore/sbom-action](https://github.com/anchore/sbom-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/setup-go` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4b73464...4a36011)

Updates `sigstore/cosign-installer` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@ba7bc0a...cad07c2)

Updates `anchore/sbom-action` from 0.23.1 to 0.24.0
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@57aae52...e22c389)

Updates `github/codeql-action` from 4.33.0 to 4.35.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b1bff81...c10b806)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: anchore/sbom-action
  dependency-version: 0.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github/codeql-action
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 30, 2026
    Configuration menu
    Copy the full SHA
    ffb897a View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump the gomod group across 1 directory with 6 updates (#… 

    …1324)

Bumps the gomod group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) | `0.26.0` | `0.26.1` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.10.4` | `1.10.5` |
| [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.10.4` | `1.10.5` |
| [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.10.4` | `1.10.5` |
| [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.10.4` | `1.10.5` |
| [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.10.4` | `1.10.5` |



Updates `github.com/go-openapi/strfmt` from 0.26.0 to 0.26.1
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](go-openapi/strfmt@v0.26.0...v0.26.1)

Updates `github.com/sigstore/sigstore` from 1.10.4 to 1.10.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.4...v1.10.5)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.10.4 to 1.10.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.4...v1.10.5)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.10.4 to 1.10.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.4...v1.10.5)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.10.4 to 1.10.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.4...v1.10.5)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.10.4 to 1.10.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.4...v1.10.5)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-version: 0.26.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.10.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.10.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.10.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.10.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 30, 2026
    Configuration menu
    Copy the full SHA
    54bc0c1 View commit details
    Browse the repository at this point in the history

Commits on Apr 13, 2026

  1. chore(deps): bump golang from 1.26.0 to 1.26.2 in the docker group (#… 

    …1331)

Bumps the docker group with 1 update: golang.


Updates `golang` from 1.26.0 to 1.26.2

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.26.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: docker
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 13, 2026
    Configuration menu
    Copy the full SHA
    b9ce102 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump actions/upload-artifact in the actions group (#1332) 

    Bumps the actions group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 13, 2026
    Configuration menu
    Copy the full SHA
    d799204 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#… 

    …1329)

Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](go-jose/go-jose@v4.1.3...v4.1.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 13, 2026
    Configuration menu
    Copy the full SHA
    6a334a8 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump go.step.sm/crypto from 0.76.2 to 0.77.2 (#1328) 

    Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.76.2 to 0.77.2.
- [Release notes](https://github.com/smallstep/crypto/releases)
- [Commits](smallstep/crypto@v0.76.2...v0.77.2)

---
updated-dependencies:
- dependency-name: go.step.sm/crypto
  dependency-version: 0.77.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 13, 2026
    Configuration menu
    Copy the full SHA
    5812ba0 View commit details
    Browse the repository at this point in the history

  5. chore(deps): bump the gomod group with 2 updates (#1326) 

    Bumps the gomod group with 2 updates: [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) and [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils).


Updates `github.com/go-playground/validator/v10` from 10.30.1 to 10.30.2
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](go-playground/validator@v10.30.1...v10.30.2)

Updates `sigs.k8s.io/release-utils` from 0.12.3 to 0.12.4
- [Release notes](https://github.com/kubernetes-sigs/release-utils/releases)
- [Commits](kubernetes-sigs/release-utils@v0.12.3...v0.12.4)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-version: 10.30.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: sigs.k8s.io/release-utils
  dependency-version: 0.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 13, 2026
    Configuration menu
    Copy the full SHA
    49ca4e4 View commit details
    Browse the repository at this point in the history

  6. chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 (#1327) 

    Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.3 to 6.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@1af5884...57e3a13)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 13, 2026
    Configuration menu
    Copy the full SHA
    48c7b2c View commit details
    Browse the repository at this point in the history

  7. chore(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 (#1322) 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.51.0 to 0.52.0.
- [Commits](golang/net@v0.51.0...v0.52.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 13, 2026
    Configuration menu
    Copy the full SHA
    7aab8b4 View commit details
    Browse the repository at this point in the history

  8. Ensure correct certificate is used for TSA auth checks (GHSA-xm5m-wgh… 

    …2-rrg3) (#1333)

Currently VerifyLeafCert and verifyTSRWithChain may disagree
on which cert is the real leaf certificate (TSA certificate):
VerifyLeafCert should use the leaf certificate identified by
verifyTSRWithChain.

* Return the signer cert from verifyTSRWithChain() so
  verifyLeafCert() can just use the correct cert
* Make sure verifyTSRWithChain() ensures that we have signer cert
  (either embedded or provided as option)
* Make sure verifyTSRWithChain() verifies that embedded and
  provided cert match if both are present
* Modify verifyLeafCert() so it only operates on given leaf cert



* Remove unused function

verifyEmbeddedLeafCert is now not needed: the check is already
done in verifyTSRWithChain.

Remove the related test, add test cases to cover the same
situatation in verifyTSRWithChain.

Signed-off-by: Jussi Kukkonen <[email protected]>
    @jku
    jku authored Apr 13, 2026
    Configuration menu
    Copy the full SHA
    9583b61 View commit details
    Browse the repository at this point in the history
Loading