Sourced from slsa-framework/slsa-github-generator's releases.

v2.1.0

This is an un-finalized release.

See the CHANGELOG for details.

What's Changed

• chore: v2.0.0: update tags to v2.0.0 by @​ramonpetgrave64 in slsa-framework/slsa-github-generator#3584
• fix: use @​sigstore/cli in e2e.sign-attestations.schedule.yml by @​ramonpetgrave64 in slsa-framework/slsa-github-generator#3572
• docs: fix broken links by @​suzuki-shunsuke in slsa-framework/slsa-github-generator#3605
• chore(setup-go): update actions/setup-go to resolve the warning by @​suzuki-shunsuke in slsa-framework/slsa-github-generator#3604
• fix: Update release docs by @​ramonpetgrave64 in slsa-framework/slsa-github-generator#3589
• docs: Add Atsign-Foundation NoPorts to the Hall of Fame by @​cpswan in slsa-framework/slsa-github-generator#3616
• docs: Add v2.0.0 to SECURITY.md by @​ianlewis in slsa-framework/slsa-github-generator#3630
• docs: Add links to CHANGELOG by @​ianlewis in slsa-framework/slsa-github-generator#3631
• ci: fix PR title checker by @​ianlewis in slsa-framework/slsa-github-generator#3632
• ci: Add issue reopener by @​ianlewis in slsa-framework/slsa-github-generator#3629
• fix: update softprops/action-gh-release to v2.0.5 by @​suzuki-shunsuke in slsa-framework/slsa-github-generator#3619
• chore(renovate): use cron syntax for schedule by @​rarkins in slsa-framework/slsa-github-generator#3638
• chore: Fix Renovate config by @​ianlewis in slsa-framework/slsa-github-generator#3635
• feat: workflow to update actions dist by @​ramonpetgrave64 in slsa-framework/slsa-github-generator#3653
• fix(deps): update dependency @​sigstore/rekor-types to v2 by @​renovate-bot in slsa-framework/slsa-github-generator#3650
• chore(deps): update github-actions (major) by @​renovate-bot in slsa-framework/slsa-github-generator#3648
• fix(deps): update dependency org.json:json to v20231013 [security] by @​renovate-bot in slsa-framework/slsa-github-generator#3641
• fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by @​renovate-bot in slsa-framework/slsa-github-generator#3640
• chore(deps): update dependency pathspec to v0.12.1 by @​renovate-bot in slsa-framework/slsa-github-generator#3644
• fix(deps): update dependency @​actions/github to v6 by @​renovate-bot in slsa-framework/slsa-github-generator#3649
• fix(deps): update module golang.org/x/oauth2 to v0.20.0 by @​renovate-bot in slsa-framework/slsa-github-generator#3646
• fix(deps): update npm by @​renovate-bot in slsa-framework/slsa-github-generator#3647
• chore: formatting by @​ianlewis in slsa-framework/slsa-github-generator#3655
• chore(deps): update github-actions by @​renovate-bot in slsa-framework/slsa-github-generator#3642
• docs: Add openfga as another user of slsa-github-generator via Github Actions by @​aaguiarz in slsa-framework/slsa-github-generator#2950
• fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by @​renovate-bot in slsa-framework/slsa-github-generator#3645
• chore: allow Renovate to create new config warning issues by @​HonkingGoose in slsa-framework/slsa-github-generator#3662
• chore: Fix markdown issues by @​ianlewis in slsa-framework/slsa-github-generator#3658
• chore(deps): update npm dev by @​renovate-bot in slsa-framework/slsa-github-generator#3643
• feat: Record vars in SLSA generators by @​ianlewis in slsa-framework/slsa-github-generator#3633
• chore(deps): update github-actions by @​renovate-bot in slsa-framework/slsa-github-generator#3679
• fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.7 by @​renovate-bot in slsa-framework/slsa-github-generator#3680
• docs: Remove expected GA for Node.js builder by @​ianlewis in slsa-framework/slsa-github-generator#3659
• ci: Add formatting pre-submit check by @​ianlewis in slsa-framework/slsa-github-generator#3654
• fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.8 by @​renovate-bot in slsa-framework/slsa-github-generator#3712
• chore(deps): bump the npm_and_yarn group across 10 directories with 2 updates by @​dependabot in slsa-framework/slsa-github-generator#3714
• chore(deps): update github-actions by @​renovate-bot in slsa-framework/slsa-github-generator#3711
• chore(deps): bump the go_modules group with 2 updates by @​dependabot in slsa-framework/slsa-github-generator#3715
• chore: slsa-verifier v2.6.0: Update action.yml by @​ramonpetgrave64 in slsa-framework/slsa-github-generator#3736
• fix: Update maven helper plugin build by @​loosebazooka in slsa-framework/slsa-github-generator#3746
• fix: maven e2e: remove verify job by @​ramonpetgrave64 in slsa-framework/slsa-github-generator#3748
• chore(deps): update github-actions by @​renovate-bot in slsa-framework/slsa-github-generator#3753
• chore(deps): bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible in the go_modules group by @​dependabot in slsa-framework/slsa-github-generator#3760
• chore(config): migrate renovate config by @​renovate-bot in slsa-framework/slsa-github-generator#3774

... (truncated)

Sourced from slsa-framework/slsa-github-generator's changelog.

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

The workflows generator_generic_slsa3.yml and builder_go_slsa3.yml have been updated to produce signed Sigstore Bundles, just like all the other builders that use the BYOB framework.

The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on https://search.sigstore.dev/.

v2.1.0: Vars context recorded in provenance

• Updated: GitHub vars context is now recorded in provenance for the generic and container generators. The vars context cannot affect the build in the Go builder so it is not recorded.

• f7dd8c5 update the ref in the pre-submit
• 0a5124b fix jq for the sigstore bundles
• fbeecf0 update docs
• f701310 update workflows
• 3618598 v2.1.0-rc.3
• 46f81fc chore: update refs to v2.1.0-rc.1 (#4120)
• 5d20c93 chore: use builder tag v2.1.0-rc.0 (#4118)
• e27b237 chore: braces and ejs vulns (#4116)
• 8967e1c chore: Update CODEOWNERS (#4115)
• 47d1954 chore: update octokit deps (#4114)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)