Bump github.com/theupdateframework/notary from 0.6.2-0.20200804143915-84287fd8df4f to 0.7.0

[dependabot]

Bumps github.com/theupdateframework/notary from 0.6.2-0.20200804143915-84287fd8df4f to 0.7.0.

Changelog

Sourced from github.com/theupdateframework/notary's changelog.

v0.7.0 12/01/2021

• Switch to Go modules #1523
• Use golang/x/crypto for ed25519 #1344
• Update Go version
• Update dependency versions
• Fixes from using Gosec for source analysis

v0.6.1 04/10/2018

• Fixed bug where CLI requested admin privileges for all metadata operations, including listing targets on a repo #1315
• Prevented notary signer from being dumpable or being ptraced in Linux, except in debug mode #1327
• Bumped JWT dependency to fix potential Invalid Curve Attack on NIST curves within ECDH key management #1334
• If the home directory cannot be found, log a warning instead of erroring out #1318
• Bumped go version and various dependencies #1323 #1332 #1335 #1336
• Various internal and documentation fixes #1312 #1313 #1319 #1320 #1324 #1326 #1328 #1329 #1333

v0.6.0 02/28/2018

• The project has been moved from https://github.com/docker/notary to https://github.com/theupdateframework/notary, as it has been accepted into the CNCF. Downstream users should update their go imports.
• Removed support for RSA-key exchange ciphers supported by the server and signer and require TLS >= 1.2 for the server and signer. #1307
• libykcs11 can be found in several additional locations on Fedora. #1286
• If a certificate is used as a delegation public key, notary no longer warns if the certificate has expired, since notary should be relying on the role expiry instead. #1263
• An error is now returned when importing keys if there were invalid PEM blocks. #1260
• Notary server authentication credentials can now be provided as an environment variable NOTARY_AUTH, which should contain a base64-encoded "username:password" value. #1246
• Changefeeds are now supported for RethinkDB as well as SQL servers. #1214
• Notary CLI will now time out after 30 seconds if a username and password are not provided when authenticating to anotary server, fixing an issue where scripts for the notary CLI may hang forever. #1200
• Fixed potential race condition in the signer keystore. #1198
• Notary now no longer provides the option to generate RSA keys for a repository, but externally generated RSA keys can still be imported as keys for a repository. #1191
• Fixed bug where the notary client would ioutil.ReadAll responses from the server without limiting the size. #1186
• Default notary CLI log level is now warn, and if the -v option is passed, it is at info. #1179
• Example Postgres config now includes an example of mutual TLS authentication between the server/signer and Postgres. #1160 #1163
• Fixed an error where piping the server authentication credentials via STDIN when scripting the notary CLI did not work. #1155
• If the server and signer configurations forget to specify parseTime=true when using MySQL, notary server and signer will automatically add the option. #1150
• Custom metadata can now be provided and read on a target when using the notary client as a library (not yet exposed on the CLI). #1146
• notary init now accepts a --root-cert and --root-key flag for use with privately generated certificates and keys. #1144
• notary key generate now accepts a --role flag as well as a --output flag. This means it can generate new targets or delegation keys, and it can also output keys to a file instead of storing it in the default notary key store. #1134
• Newly generated keys are now stored encrypted and encoded in PKCS#8 format. This is not forwards-compatible against notary=17.12.x is not forwards compatible with notary<0.6.0.. #1130 #1201
• Added support for wildcarded certificate IDs in the trustpinning configuration #1126
• Added support using the client against notary servers which are hosted as subpath under another server (e.g. https://domain.com/notary instead of https://notary.com) #1108
• If no changes were made to the targets file, you are no longer required to sign the target #1104
• escrow placeholder #1096
• Added support for wildcard suffixes for root certificates CNs for root keys, so that a single root certificate would be valid for multiple repositories #1088
• Root key rotations now do not require all previous root keys sign new root metadata. #942.
  • New keys are trusted if the root metadata file specifying the new key was signed by the previous root key/threshold
  • Root metadata can now be requested by version from the server, allowing clients with older root metadata to validate each new version one by one up to the current metadata
• notary key rotate now accepts a flag specifying which key to rotate to #942
• Refactoring of the client to make it easier to use as a library and to inject dependencies:
  • References to GUN have now been changed to "imagename". #1081
  • NewNotaryRepository can now be provided with a remote store and changelist, as opposed to always constructing its own. #1094
  • If needed, the notary repository will be initialized first when publishing. #1105
  • NewNotaryReository now requires a non-nil cache store. #1185
  • The "No valid trust data" error is now typed. #1212

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)