Bump dev.sigstore:sigstore-maven-plugin from 1.3.0 to 2.0.0 by dependabot[bot] · Pull Request #461

Bump dev.sigstore:sigstore-maven-plugin from 1.3.0 to 2.0.0 by dependabot[bot] · Pull Request #461 · oras-project/oras-java

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps dev.sigstore:sigstore-maven-plugin from 1.3.0 to 2.0.0.

Release notes

Sourced from dev.sigstore:sigstore-maven-plugin's releases.

v2.0.0

See CHANGELOG.md for more details.

What's Changed

Add repo info to create release by @loosebazooka in sigstore/sigstore-java#908

Update dependency dev.sigstore:protobuf-specs to v0.4.0 by @renovate[bot] in sigstore/sigstore-java#903

Update after v1.3.0 release by @loosebazooka in sigstore/sigstore-java#909

Update conformance.yml to 0.0.17 by @loosebazooka in sigstore/sigstore-java#910

Update dependency commons-codec:commons-codec to v1.18.0 by @renovate[bot] in sigstore/sigstore-java#902

Update sigstore/community digest to f1c21e9 by @renovate[bot] in sigstore/sigstore-java#894

Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.1 by @renovate[bot] in sigstore/sigstore-java#895

Update actions/upload-artifact action to v4.6.1 by @renovate[bot] in sigstore/sigstore-java#911

Update dependency com.google.oauth-client:google-oauth-client-bom to v1.38.0 by @renovate[bot] in sigstore/sigstore-java#913

Update dependency com.google.http-client:google-http-client-bom to v1.46.3 by @renovate[bot] in sigstore/sigstore-java#912

chore: bump junit to 5.12 by @vlsi in sigstore/sigstore-java#915

Update dependency org.junit:junit-bom to v5.12.0 by @renovate[bot] in sigstore/sigstore-java#914

chore(deps): update gradle/actions action to v4.3.0 by @renovate[bot] in sigstore/sigstore-java#916

fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7 by @renovate[bot] in sigstore/sigstore-java#919

fix(deps): update dependency org.jetbrains.dokka:org.jetbrains.dokka.gradle.plugin to v2 by @renovate[bot] in sigstore/sigstore-java#921

chore(deps): update dependency gradle to v8.13 by @renovate[bot] in sigstore/sigstore-java#807

Gradle plugin: Replace findProperty with Isolated Project compatible … by @hfhbd in sigstore/sigstore-java#811

fix: add workaround for providers.gradleProperty for pre-7.4 Gradle versions by @vlsi in sigstore/sigstore-java#924

Make token string oidc client available outside of cli by @loosebazooka in sigstore/sigstore-java#925

chore: use Gradle Java toolchains for the build and test execution by @vlsi in sigstore/sigstore-java#923

tuf: use cached targets when available by @loosebazooka in sigstore/sigstore-java#926

chore: do not require Java 17 for launching Gradle yet by @vlsi in sigstore/sigstore-java#927

fix(deps): update dependency com.google.errorprone:error_prone_core to v2.36.0 by @renovate[bot] in sigstore/sigstore-java#820

fix(deps): update dependency org.mockito:mockito-bom to v5.16.0 by @renovate[bot] in sigstore/sigstore-java#918

chore(deps): update theupdateframework/tuf-conformance action to v2.3.0 by @renovate[bot] in sigstore/sigstore-java#917

chore(deps): update sigstore/community digest to 61b77fe by @renovate[bot] in sigstore/sigstore-java#928

fix(deps): update dependency org.junit:junit-bom to v5.12.1 by @renovate[bot] in sigstore/sigstore-java#932

fix(deps): update dependency org.mockito:mockito-bom to v5.16.1 by @renovate[bot] in sigstore/sigstore-java#933

chore(deps): update actions/upload-artifact action to v4.6.2 by @renovate[bot] in sigstore/sigstore-java#929

chore(deps): update dependency go to 1.24.x by @renovate[bot] in sigstore/sigstore-java#935

fix(deps): update dependency com.google.guava:guava to v33.4.6-jre by @renovate[bot] in sigstore/sigstore-java#930

fix(deps): update dependency com.google.errorprone:error_prone_core to v2.37.0 by @renovate[bot] in sigstore/sigstore-java#936

fix(deps): update protobuf_grpc by @renovate[bot] in sigstore/sigstore-java#938

fix(deps): update dependency com.google.oauth-client:google-oauth-client-bom to v1.39.0 by @renovate[bot] in sigstore/sigstore-java#937

chore(deps): update actions/setup-go action to v5.4.0 by @renovate[bot] in sigstore/sigstore-java#934

chore(deps): update sigstore/community digest to b9f2e38 by @renovate[bot] in sigstore/sigstore-java#939

chore(deps): update actions/setup-java action to v4.7.1 by @renovate[bot] in sigstore/sigstore-java#940

fix(deps): update dependency com.google.guava:guava to v33.4.8-jre by @renovate[bot] in sigstore/sigstore-java#943

fix(deps): update dependency dev.sigstore:protobuf-specs to v0.4.1 - autoclosed by @renovate[bot] in sigstore/sigstore-java#944

fix(deps): update dependency org.junit:junit-bom to v5.12.2 by @renovate[bot] in sigstore/sigstore-java#945

fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7.0.3 by @renovate[bot] in sigstore/sigstore-java#942

chore(deps): update gradle/actions action to v4.3.1 by @renovate[bot] in sigstore/sigstore-java#941

chore(deps): update dependency gradle to v8.14 by @renovate[bot] in sigstore/sigstore-java#949

chore(deps): update sigstore/sigstore-conformance action to v0.0.18 - autoclosed by @renovate[bot] in sigstore/sigstore-java#947

chore(deps): update sigstore/community digest to ab62b20 by @renovate[bot] in sigstore/sigstore-java#946

fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.2.0 by @renovate[bot] in sigstore/sigstore-java#955

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-maven-plugin's changelog.

[2.0.0] - 2025-11-20

Added

GA support for Rekor V2 based logs

Add support for creating and uploading DSSE attestations: sigstore/sigstore-java#1084

Changed

Json operations wrapped to produce checked exceptions: sigstore/sigstore-java#1115

[2.0.0-rc2] - 2025-10-21

Fixed

Fix TUF snapshot version rollback case: sigstore/sigstore-java#1061

Fix userAgent string in requests: sigstore/sigstore-java#1066

Handle parsing/format failures: sigstore/sigstore-java#1063, sigstore/sigstore-java#1064, sigstore/sigstore-java#1073, sigstore/sigstore-java#1074, sigstore/sigstore-java#1075

Changed

Remove oidc config from gradle plugin: sigstore/sigstore-java#1076

[2.0.0-rc1] - 2025-08-14

Added

Add support for rekor v2 logs sigstore/sigstore-java#990, sigstore/sigstore-java#1016, sigstore/sigstore-java#1017, sigstore/sigstore-java#1008, sigstore/sigstore-java#1031, sigstore/sigstore-java#1040

Add support for timestamps sigstore/sigstore-java#960, sigstore/sigstore-java#975, sigstore/sigstore-java#977, sigstore/sigstore-java#978, sigstore/sigstore-java#979

Library support for token string auth sigstore/sigstore-java#925

ED25519 support in trusted_root sigstore/sigstore-java#983

Fixed

Fixed windows support sigstore/sigstore-java#974

Parsing json with unknown fields sigstore/sigstore-java#966

Changed

Users can no longer specify signer object in KeylessSigner, use Algorithm Registry instead sigstore/sigstore-java#1027

Users with custom sigstore infrastructure deployments must specify a SigningConfig to configure the KeylessSigner, individual urls for infrastructure pieces are removed sigstore/sigstore-java#956, sigstore/sigstore-java#965, sigstore/sigstore-java#981

Commits

411721f Merge pull request #1117 from sigstore/prep200
735ab10 Prepare for 2.0.0
69cbe67 Merge pull request #1010 from sigstore/renovate/maven
f90015d Merge pull request #1115 from sigstore/fix-funky-exception
b81ab3e Wrap json operations for checked exceptions
e2f2f2b Merge pull request #1114 from sigstore/maven-badge
0ffa58e docs: Update Maven Central badge URL in README
da48db2 Merge pull request #1109 from jku/run-tuf-conformance-in-parallel
6c19413 workflows: Run conformance in parallel
11c2d22 Merge pull request #1111 from sigstore/jetty-12
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)