Skip to content

Releases: notaryproject/notation

v1.1.2

15 Oct 02:17
v1.1.2
d055873
Compare
Choose a tag to compare

Bug Fixes

  • Fixed debug log to show correct notation-go signingAgent.
  • Removed the blob signing related documents as they were not implemented yet.

Other Changes

  • Updated dependencies with highlights below

What's Changed since v1.1.1

Full Changelog: v1.1.1...v1.1.2

v1.3.0-rc.1

09 Oct 02:29
0d9ceac
Compare
Choose a tag to compare
v1.3.0-rc.1 Pre-release
Pre-release

Vote PASSED [+4 -0]: #1056

New Features

  • Support of CRL revocation check with built-in file cache. See more details here.

Changelog

  • 0d9ceac bump: release v1.3.0-rc.1
  • 2819637 refactor!: remove blob sign/verify for v1.3.0-rc.1 release (#1045)
  • 4c0a3da feat: crl with file cache (#1043)
  • c2cff5b build(deps): Bump github.com/notaryproject/notation-core-go from 1.1.0-rc.1 to 1.1.0 in /test/e2e (#1037)
  • a109519 build(deps): Bump golang.org/x/net from 0.28.0 to 0.29.0 (#1034)
  • 3bb6ef7 build(deps): Bump github.com/notaryproject/notation-core-go from 1.1.0-rc.1 to 1.1.0 in /test/e2e/plugin (#1038)
  • 687d29e build(deps): Bump oras.land/oras-go/v2 from 2.4.0 to 2.5.0 in /test/e2e (#1035)
  • 1ab2505 build(deps): Bump github/codeql-action from 3.26.6 to 3.26.8 (#1044)
  • 8f8f8c9 build(deps): Bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.20.2 in /test/e2e (#1036)
  • 9283467 build(deps): Bump golang.org/x/term from 0.23.0 to 0.24.0 (#1033)
  • 1af69fc chore: updated dependabot.yml to cover test/e2e (#1030)
  • e8f37d0 build(deps): Bump github.com/notaryproject/notation-core-go from 1.1.0-rc.1 to 1.1.0 (#1024)
  • b620496 build(deps): Bump github/codeql-action from 3.26.0 to 3.26.6 (#1026)
  • 780df48 build(deps): Bump actions/upload-artifact from 4.3.6 to 4.4.0 (#1025)
  • 83ade99 bump: upgrade golang version to v1.23 (#1019)
  • b683029 build(deps): Bump github/codeql-action from 3.25.15 to 3.26.0 (#1010)
  • fe327c7 build(deps): Bump actions/upload-artifact from 4.3.4 to 4.3.6 (#1009)
  • 3a35b3b build(deps): Bump golang.org/x/net from 0.27.0 to 0.28.0 (#1007)

Full changelog: v1.2.0...v1.3.0-rc.1

v1.2.0

29 Aug 07:02
4700ad6
Compare
Choose a tag to compare

Vote PASSED [+4 -0]: #1022

Notation v1.2.0

Notation v1.2.0 is an implementation of the Notary Project Specifications v1.1.0.

Key features

  • Support OCI image-spec v1.1.0 and distribution-spec v1.1.0

    • Introduced new flag --force-referrers-tag (default to true) to the notation sign command, which allows users opt to the referrers tag schema instead of the referrers API.
    • The notation verify / list / inspect commands always attempt the referrers API first, automatically falling back to the referrers tag schema if the referrers API is not supported by the registry.
  • Support for RFC 3161 compliant Timestamping

    • Introduced two new flags --timestamp-url and --timestamp-root-cert in notation sign command for signing with timestamping, see the notation sign CLI spec for more details.
    • Support a new trust store type tsa in notation certificate command.
    • Support RFC 3161 timestamp verification in the notation verify command with updated trust policy, see the notation verify CLI spec for more details.
    • Support RFC 3161 timestamp in notation inspect command's output.
  • Added support for armv7 binary release.

Other changes

  • Upgraded to Golang v1.23

Deprecation

What's changed since v1.2.0-rc.1

  • bump: release v1.2.0-rc.1 (#1017)
  • bump: bump up for v1.2.0 stable release (#1021)

Full Changelog: v1.2.0-rc.1...v1.2.0

v1.2.0-rc.1

20 Aug 01:44
b806f58
Compare
Choose a tag to compare
v1.2.0-rc.1 Pre-release
Pre-release

Vote PASSED [+4 -0]: #1017

Changes

  1. Added support for armv7 binary release.
  2. Updated notation inspect command with RFC 3161 timestamp in the output.

What's Changed

New Contributors

Full Changelog: v1.2.0-beta.1...v1.2.0-rc.1

v1.2.0-beta.1

23 Jul 03:49
787665f
Compare
Choose a tag to compare
v1.2.0-beta.1 Pre-release
Pre-release

Vote PASSED [+4 -0]: #995

New Features

  • Support for RFC 3161 compliant Timestamping
    • Introduce two new flags --timestamp-url and --timestamp-root-cert in notation sign command for signing with timestamping, see the notation sign CLI spec for more details.
    • Support a new trust store type tsa in notation certificate command.
    • Support RFC 3161 timestamp verification in the notation verify command with updated trust policy, see the notation verify CLI spec for more details.

Detailed Commits

  • 787665f Merge pull request #995 from Two-Hearts/release
  • 00af3ce bump: release v1.2.0-beta.1
  • bbeb75d bump: bump up dependencies for v1.2.0-beta.1 (#994)
  • e604a4f build(deps): Bump golang.org/x/net from 0.22.0 to 0.23.0 (#993)
  • a034721 feat: Timestamp (#978)
  • 26c0b36 build(deps): Bump github/codeql-action from 3.25.11 to 3.25.13 (#991)
  • d8c77d1 build(deps): Bump actions/setup-go from 5.0.1 to 5.0.2 (#986)
  • cab4fef docs: update RELEASE_CHECKLIST.md (#713)
  • c6636ca build(deps): Bump github/codeql-action from 3.25.8 to 3.25.11 (#980)
  • e9ed3d5 build(deps): Bump actions/add-to-project from 1.0.1 to 1.0.2 (#981)
  • 214b0b2 build(deps): Bump golang.org/x/term from 0.21.0 to 0.22.0 (#982)
  • 2de7110 build(deps): Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#983)
  • acf54be build(deps): Bump codecov/codecov-action from 4.4.1 to 4.5.0 (#972)
  • ae6ff01 build(deps): Bump actions/checkout from 4.1.6 to 4.1.7 (#970)
  • 944c661 build(deps): Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#969)
  • 626002a Merge pull request #967 from JeyJeyGao/vote/v1.2.0-alpha.1

Full Changelog: v1.2.0-alpha.1...v1.2.0-beta.1

v1.2.0-alpha.1

13 Jun 10:43
v1.2.0-alpha.1
2f43872
Compare
Choose a tag to compare
v1.2.0-alpha.1 Pre-release
Pre-release

Vote PASSED [+4 -0]: #967

New Features

  • Support OCI image-spec v1.1.0 and distribution-spec v1.1.0.
    • Introduce a new flag --force-referrers-tag (default to true) to the notation sign command, which allows users opt to the referrers tag schema instead of the referrers API.
    • The notation verify / list / inspect commands will always attempt the referrers API first, automatically falling back to the referrers tag schema if the referrers API is not supported by the registry.

Deprecation

Other changes

Detailed Commits

  • bump: tag and release version v1.1.0 by @Two-Hearts in #876
  • build(deps): Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in #878
  • build(deps): Bump codecov/codecov-action from 3.1.4 to 3.1.5 by @dependabot in #879
  • build(deps): Bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in #877
  • bump: bump up oras-go and image-spec by @Two-Hearts in #881
  • build(deps): Bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in #883
  • build(deps): Bump codecov/codecov-action from 3.1.5 to 4.0.1 by @dependabot in #884
  • build(deps): Bump golang.org/x/term from 0.16.0 to 0.17.0 by @dependabot in #886
  • build(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #887
  • build(deps): Bump codecov/codecov-action from 4.0.1 to 4.0.2 by @dependabot in #896
  • build(deps): Bump github/codeql-action from 3.24.0 to 3.24.5 by @dependabot in #895
  • build(deps): Bump github.com/opencontainers/image-spec from 1.1.0-rc6 to 1.1.0 by @dependabot in #891
  • build(deps): Bump codecov/codecov-action from 4.0.2 to 4.1.0 by @dependabot in #898
  • build(deps): Bump actions/cache from 4.0.0 to 4.0.1 by @dependabot in #900
  • build(deps): Bump actions/add-to-project from 0.5.0 to 0.6.0 by @dependabot in #901
  • docs: spec updates for arbitrary blob signing by @rgnote in #811
  • build(deps): Bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in #899
  • build(deps): Bump golang.org/x/term from 0.17.0 to 0.18.0 by @dependabot in #906
  • chore: add GitHub action for stale issues and PRs by @yizha1 in #841
  • build(deps): Bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in #908
  • build(deps): Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #907
  • build(deps): Bump actions/stale from 8 to 9 by @dependabot in #915
  • build(deps): Bump actions/add-to-project from 0.6.0 to 0.6.1 by @dependabot in #912
  • build(deps): Bump github/codeql-action from 3.24.7 to 3.24.9 by @dependabot in #913
  • build(deps): Bump actions/cache from 4.0.1 to 4.0.2 by @dependabot in #914
  • build(deps): Bump actions/add-to-project from 0.6.1 to 1.0.0 by @dependabot in #918
  • build(deps): Bump codecov/codecov-action from 4.1.0 to 4.1.1 by @dependabot in #917
  • Moved org maintainers to emeritus by @toddysm in #919
  • fix(ci): update codecov token by @JeyJeyGao in #920
  • feat: upgrade to OCI 1.1 by @Two-Hearts in #916
  • fix: improve error message for --signature-format flag by @JeyJeyGao in #925
  • build(deps): Bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in #922
  • build(deps): Bump golang.org/x/term from 0.18.0 to 0.19.0 by @dependabot in #924
  • build(deps): Bump codecov/codecov-action from 4.1.1 to 4.3.0 by @dependabot in #927
  • build(deps): Bump actions/add-to-project from 1.0.0 to 1.0.1 by @dependabot in #928
  • build(deps): Bump golang.org/x/net from 0.17.0 to 0.23.0 in /test/e2e by @dependabot in #929
  • build(deps): Bump actions/upload-artifact from 4.3.1 to 4.3.3 by @dependabot in #936
  • build(deps): Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #939
  • build(deps): Bump golang.org/x/term from 0.19.0 to 0.20.0 by @dependabot in #940
  • build(deps): Bump codecov/codecov-action from 4.3.0 to 4.4.0 by @dependabot in #944
  • build(deps): Bump github/codeql-action from 3.24.10 to 3.25.5 by @dependabot in #945
  • build(deps): Bump actions/checkout from 4.1.2 to 4.1.6 by @dependabot in #946
  • fix: error message for trust policy by @JeyJeyGao in #933
  • doc: add Notation CLI Error Handling and Message Guideline by @FeynmanZhou in #834
  • build(deps): Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #951
  • build(deps): Bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #950
  • build(deps): Bump codecov/codecov-action from 4.4.0 to 4.4.1 by @dependabot in #949
  • build(deps): Bump github/codeql-action from 3.25.5 to 3.25.6 by @dependabot in #948
  • build(deps): Bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #955
  • bump: bump up notation-go v1.1.1 and other dependencies by @JeyJeyGao in #952
  • build(deps): Bump golang.org/x/term from 0.20.0 to 0.21.0 by @dependabot in #960
  • build(deps): Bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in #961
  • build(deps): Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by @dependabot in #962
  • fix(ci): update goreleaser to use --clean flag by @JeyJeyGao in #964

Full Changelog: v1.1.0...v1.2.0-alpha.1

v1.1.1

13 Jun 03:20
v1.1.1
3dafd53
Compare
Choose a tag to compare

Vote PASSED [+4 -0]: #963

Changes

Detailed Commits

  • bump: tag and release version v1.1.0 by @Two-Hearts in #876
  • build(deps): Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in #878
  • build(deps): Bump codecov/codecov-action from 3.1.4 to 3.1.5 by @dependabot in #879
  • build(deps): Bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in #877
  • bump: bump up oras-go and image-spec by @Two-Hearts in #881
  • build(deps): Bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in #883
  • build(deps): Bump codecov/codecov-action from 3.1.5 to 4.0.1 by @dependabot in #884
  • build(deps): Bump golang.org/x/term from 0.16.0 to 0.17.0 by @dependabot in #886
  • build(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #887
  • build(deps): Bump codecov/codecov-action from 4.0.1 to 4.0.2 by @dependabot in #896
  • build(deps): Bump github/codeql-action from 3.24.0 to 3.24.5 by @dependabot in #895
  • build(deps): Bump github.com/opencontainers/image-spec from 1.1.0-rc6 to 1.1.0 by @dependabot in #891
  • build(deps): Bump codecov/codecov-action from 4.0.2 to 4.1.0 by @dependabot in #898
  • build(deps): Bump actions/cache from 4.0.0 to 4.0.1 by @dependabot in #900
  • build(deps): Bump actions/add-to-project from 0.5.0 to 0.6.0 by @dependabot in #901
  • docs: spec updates for arbitrary blob signing by @rgnote in #811
  • build(deps): Bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in #899
  • build(deps): Bump golang.org/x/term from 0.17.0 to 0.18.0 by @dependabot in #906
  • chore: add GitHub action for stale issues and PRs by @yizha1 in #841
  • build(deps): Bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in #908
  • build(deps): Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #907
  • build(deps): Bump actions/stale from 8 to 9 by @dependabot in #915
  • build(deps): Bump actions/add-to-project from 0.6.0 to 0.6.1 by @dependabot in #912
  • build(deps): Bump github/codeql-action from 3.24.7 to 3.24.9 by @dependabot in #913
  • build(deps): Bump actions/cache from 4.0.1 to 4.0.2 by @dependabot in #914
  • build(deps): Bump actions/add-to-project from 0.6.1 to 1.0.0 by @dependabot in #918
  • build(deps): Bump codecov/codecov-action from 4.1.0 to 4.1.1 by @dependabot in #917
  • Moved org maintainers to emeritus by @toddysm in #919
  • fix(ci): update codecov token by @JeyJeyGao in #920
  • feat: upgrade to OCI 1.1 by @Two-Hearts in #916
  • fix: improve error message for --signature-format flag by @JeyJeyGao in #925
  • build(deps): Bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in #922
  • build(deps): Bump golang.org/x/term from 0.18.0 to 0.19.0 by @dependabot in #924
  • build(deps): Bump codecov/codecov-action from 4.1.1 to 4.3.0 by @dependabot in #927
  • build(deps): Bump actions/add-to-project from 1.0.0 to 1.0.1 by @dependabot in #928
  • build(deps): Bump golang.org/x/net from 0.17.0 to 0.23.0 in /test/e2e by @dependabot in #929
  • build(deps): Bump actions/upload-artifact from 4.3.1 to 4.3.3 by @dependabot in #936
  • build(deps): Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #939
  • build(deps): Bump golang.org/x/term from 0.19.0 to 0.20.0 by @dependabot in #940
  • build(deps): Bump codecov/codecov-action from 4.3.0 to 4.4.0 by @dependabot in #944
  • build(deps): Bump github/codeql-action from 3.24.10 to 3.25.5 by @dependabot in #945
  • build(deps): Bump actions/checkout from 4.1.2 to 4.1.6 by @dependabot in #946
  • fix: error message for trust policy by @JeyJeyGao in #933
  • doc: add Notation CLI Error Handling and Message Guideline by @FeynmanZhou in #834
  • build(deps): Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #951
  • build(deps): Bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #950
  • build(deps): Bump codecov/codecov-action from 4.4.0 to 4.4.1 by @dependabot in #949
  • build(deps): Bump github/codeql-action from 3.25.5 to 3.25.6 by @dependabot in #948
  • build(deps): Bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #955
  • bump: bump up notation-go v1.1.1 and other dependencies by @JeyJeyGao in #952
  • revert: "feat: upgrade to OCI 1.1 (#916)" by @JeyJeyGao in #958
  • build(deps): Bump golang.org/x/term from 0.20.0 to 0.21.0 by @JeyJeyGao in #966

Full Changelog: v1.1.0...v1.1.1

v1.1.0

25 Jan 05:09
v1.1.0
99ca669
Compare
Choose a tag to compare

Vote PASSED [+4 -0]: #876

New Features

  • Added new command notation plugin install. Users are now able to install a notation plugin directly from a URL or from their file system. Supported plugin installation formats are .zip, .tar.gz, and single plugin executable file.
  • Added new command notation plugin uninstall. Users are now able to uninstall a notation plugin by providing the plugin name.
  • Added NOTATION_CONFIG and NOTATION_LIBEXEC environment variables. Users are now able to override the default Notation configuration and plugins directory with these two variables.

Other changes

Detailed Commits

  • feat: update notation cert list command output by @Two-Hearts in #798
  • fix: fix the license check by @Two-Hearts in #826
  • bump: bump up to go version 1.21 by @Two-Hearts in #833
  • doc: update plugin spec by @FeynmanZhou in #809
  • build(deps): Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in #823
  • build(deps): Bump github/codeql-action from 2.22.5 to 2.22.7 by @dependabot in #835
  • Correct broken link to quick start guide by @rcrozean in #831
  • chore: update tag to digest by @yizha1 in #837
  • feat: add notation plugin uninstall command by @Two-Hearts in #842
  • chore: update references with the tag version by @yizha1 in #836
  • build(deps): Bump golang.org/x/term from 0.13.0 to 0.15.0 by @dependabot in #843
  • build(deps): Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #845
  • build(deps): Bump github/codeql-action from 2.22.7 to 2.22.9 by @dependabot in #846
  • build(deps): Bump golang.org/x/crypto from 0.15.0 to 0.17.0 by @dependabot in #850
  • build(deps): Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/e2e/plugin by @dependabot in #849
  • build(deps): Bump github/codeql-action from 2.22.9 to 3.22.11 by @dependabot in #847
  • build(deps): Bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in #848
  • feat: notation plugin install command by @Two-Hearts in #827
  • feat: add notation config environment variable by @JeyJeyGao in #821
  • fix: fix bug in SetHTTPDebugLog by @Two-Hearts in #857
  • fix: notation plugin install error messages and tests by @Two-Hearts in #855
  • build(deps): Bump github/codeql-action from 3.22.11 to 3.22.12 by @dependabot in #854
  • Updated CODEOWNERS and MAINTAINERS files by @toddysm in #862
  • build(deps): Bump golang.org/x/term from 0.15.0 to 0.16.0 by @dependabot in #860
  • bump: bump up notation-go by @Two-Hearts in #863
  • build(deps): Bump actions/cache from 3.3.2 to 3.3.3 by @dependabot in #866
  • build(deps): Bump github/codeql-action from 3.22.12 to 3.23.0 by @dependabot in #865
  • build(deps): Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in #864
  • fix: improve error message for plugin by @JeyJeyGao in #870
  • build(deps): Bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in #872
  • build(deps): Bump actions/cache from 3.3.3 to 4.0.0 by @dependabot in #873
  • build(deps): Bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in #874
  • bump: bump up notation-go and notation-core-go including e2e tests by @Two-Hearts in #875

New Contributors

Full Changelog: v1.0.0...v1.1.0

v1.0.1

07 Nov 09:22
v1.0.1
e2f4237
Compare
Choose a tag to compare

Vote PASSED [+4 -0]: #820

Changes

Detailed Commits

New Contributors

Full Changelog: v1.0.0...v1.0.1

v1.0.0

15 Aug 01:12
v1.0.0
80e3fc4
Compare
Choose a tag to compare

Notation CLI V1

notation is a CLI reference implementation of the Notary Project Specifications v1.0.0 to sign and verify artifacts with signatures as standard items in the OCI registry ecosystem. After a long journey of development, notation has reached a notable milestone for its first stable release v1.0.0. 🎉🎉🎉

Important

Experimental features are intended for testing and evaluation purposes only and should not be used in production environments. Experimental features can be enabled by setting the environment variable NOTATION_EXPERIMENTAL=1.

Release blog posts of previous RC versions can be found at notaryproject.dev.

Key Features

Experimental Features

Security Audit

What's Changed Since RC.7

Bug Fixes

  • Fix #696: desktop.exe credential store is not supported in WSL
  • Fix #697: notation login fails to detect existing credentials for docker.io

Other Changes

  • Minor security improvements (#746)
  • Better code quality with more E2E tests cases
  • Better debug tracing
  • Dependency updates

Detailed Commits

  • fix(test): E2E test cases for OCI layout by @JeyJeyGao in #692
  • build(deps): Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by @dependabot in #702
  • fix: fix the issue with getting credentials for docker.io by @Wwwsylvia in #703
  • build(deps): Bump github.com/notaryproject/notation-go from 1.0.0-rc.3 to 1.0.0-rc.6 in /test/e2e/plugin by @dependabot in #710
  • fix: Updating documentation with AWS Plugin support by @priteshbandi in #711
  • fix: login and logout will leverage docker config and os default store by @Wwwsylvia in #712
  • chore: update issue templates by @yizha1 in #594
  • bump: bump oras-credentials-go v0.2.0 by @wangxiaoxuan273 in #717
  • build(deps): Bump golang.org/x/term from 0.8.0 to 0.9.0 by @dependabot in #716
  • fix(e2e): update testdata OCI layout images by @JeyJeyGao in #727
  • build(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in #724
  • [StepSecurity] ci: Harden GitHub Actions for fixing Pinned-Dependencies by @step-security-bot in #731
  • [StepSecurity] ci: Harden GitHub Actions for fixing Token-Permissions by @step-security-bot in #730
  • build(deps): Bump oras.land/oras-go/v2 from 2.2.0 to 2.2.1 by @dependabot in #735
  • chore: add license header to files and github action workflow to check license by @Two-Hearts in #739
  • build(deps): Bump golang.org/x/term from 0.9.0 to 0.10.0 by @dependabot in #734
  • build(deps): Bump actions/checkout from 3.0.2 to 3.5.3 by @dependabot in #737
  • build(deps): Bump actions/add-to-project from 0da8e46333d7b6e01d0e857452a1e99cb47be205 to edc057aef96b993afe5d68104418f68a536264aa by @dependabot in #745
  • build(deps): Bump github/codeql-action from 2.20.1 to 2.20.4 by @dependabot in #742
  • fix: unset NOTATION_USERNAME and NOTATION_PASSWORD to avoid leaking credentials to plugin by @JeyJeyGao in #746
  • feat: add trace for executables by @wangxiaoxuan273 in #744
  • build(deps): Bump github.com/notaryproject/notation-core-go from 1.0.0-rc.4 to 1.0.0 by @dependabot in #752
  • build(deps): Bump github/codeql-action from 2.20.4 to 2.21.0 by @dependabot in #751
  • bump: upgrade notation-go to v1.0.0 by @shizhMSFT in #754
  • doc: update README to align with the new brand name by @FeynmanZhou in #750
  • bump: tag and release v1.0.0 by @shizhMSFT in #748

New Contributors

Full Changelog: v1.0.0-rc.7...v1.0.0