dependabot[bot] opened a new pull request, #1889: URL: https://github.com/apache/maven-resolver/pull/1889
Bumps [dev.sigstore:sigstore-java](https://github.com/sigstore/sigstore-java) from 2.0.0 to 2.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/sigstore-java/releases";>dev.sigstore:sigstore-java's releases</a>.</em></p> <blockquote> <h2>v2.1.0</h2> <p>See <a href="https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md";>CHANGELOG.md</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Update versions after 2.0.0 release by <a href="https://github.com/loosebazooka";><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1118";>sigstore/sigstore-java#1118</a></li> <li>chore(deps): update sigstore/community digest to c0c5605 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1119";>sigstore/sigstore-java#1119</a></li> <li>fix(deps): update gradleup_nmcp to v1.3.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1124";>sigstore/sigstore-java#1124</a></li> <li>fix(deps): update dependency com.google.errorprone:error_prone_core to v2.45.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1123";>sigstore/sigstore-java#1123</a></li> <li>fix(deps): update dependency com.code-intelligence:jazzer-api to v0.28.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1122";>sigstore/sigstore-java#1122</a></li> <li>fix(deps): update bouncycastle to v1.83 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1121";>sigstore/sigstore-java#1121</a></li> <li>chore(deps): update actions/checkout action to v4.3.1 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1120";>sigstore/sigstore-java#1120</a></li> <li>ref(deps): Migrate UpdaterTest from Jetty to MockWebServer by <a href="https://github.com/aaronlew02";><code>@aaronlew02</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1125";>sigstore/sigstore-java#1125</a></li> <li>workflows: schedule a weekly tuf-conformance run by <a href="https://github.com/jku";><code>@jku</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1126";>sigstore/sigstore-java#1126</a></li> <li>fix(deps): update dependency org.eclipse.jetty:jetty-server to v12.1.5 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1128";>sigstore/sigstore-java#1128</a></li> <li>fix(deps): update maven to v3.9.12 - autoclosed by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1129";>sigstore/sigstore-java#1129</a></li> <li>chore(deps): update actions/setup-go action to v5.6.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1130";>sigstore/sigstore-java#1130</a></li> <li>chore(deps): update actions/setup-java action to v4.8.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1131";>sigstore/sigstore-java#1131</a></li> <li>fix(deps): update dependency org.mockito:mockito-bom to v5.21.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1132";>sigstore/sigstore-java#1132</a></li> <li>fix(deps): update dependency com.code-intelligence:jazzer-api to v0.29.1 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1133";>sigstore/sigstore-java#1133</a></li> <li>chore(deps): update sigstore/community digest to bafa89c by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1127";>sigstore/sigstore-java#1127</a></li> <li>chore(deps): update actions/checkout action to v6 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1137";>sigstore/sigstore-java#1137</a></li> <li>fix(deps): update immutables to v2.12.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1135";>sigstore/sigstore-java#1135</a></li> <li>fix(deps): update gradleup_nmcp to v1.4.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1134";>sigstore/sigstore-java#1134</a></li> <li>Use StandardCharsets by <a href="https://github.com/loosebazooka";><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1138";>sigstore/sigstore-java#1138</a></li> <li>fix(test): Update sample bundle version from 0.2 to 0.1 by <a href="https://github.com/aaronlew02";><code>@aaronlew02</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1141";>sigstore/sigstore-java#1141</a></li> <li>fix(deps): update protobuf_grpc by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1136";>sigstore/sigstore-java#1136</a></li> <li>chore(deps): update actions/setup-go action to v6 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1139";>sigstore/sigstore-java#1139</a></li> <li>chore(deps): update actions/setup-java action to v5 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1140";>sigstore/sigstore-java#1140</a></li> <li>chore(deps): update actions/upload-artifact action to v6 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1142";>sigstore/sigstore-java#1142</a></li> <li>chore(deps): update google-github-actions/auth action to v3 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1143";>sigstore/sigstore-java#1143</a></li> <li>use full key fingerprints by <a href="https://github.com/loosebazooka";><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1147";>sigstore/sigstore-java#1147</a></li> <li>chore(deps): update google-github-actions/get-secretmanager-secrets action to v3 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1144";>sigstore/sigstore-java#1144</a></li> <li>Update conformance.yml to 0.0.25 by <a href="https://github.com/loosebazooka";><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1149";>sigstore/sigstore-java#1149</a></li> <li>chore(deps): update actions/setup-go action to v6.2.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1155";>sigstore/sigstore-java#1155</a></li> <li>fix(deps): update protobuf_grpc to v4.33.4 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1154";>sigstore/sigstore-java#1154</a></li> <li>fix(deps): update immutables to v2.12.1 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1153";>sigstore/sigstore-java#1153</a></li> <li>chore(deps): update sigstore/community digest to a959c6f by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1150";>sigstore/sigstore-java#1150</a></li> <li>chore(deps): update gradle/actions action to v5 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1158";>sigstore/sigstore-java#1158</a></li> <li>fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.4.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1157";>sigstore/sigstore-java#1157</a></li> <li>fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v8 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1159";>sigstore/sigstore-java#1159</a></li> <li>fix(deps): update dependency com.google.errorprone:error_prone_core to v2.46.0 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1156";>sigstore/sigstore-java#1156</a></li> <li>fix(deps): update dependency org.junit:junit-bom to v5.14.2 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1151";>sigstore/sigstore-java#1151</a></li> <li>add nonce parameter to OIDC flow by <a href="https://github.com/bobcallaway";><code>@bobcallaway</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1148";>sigstore/sigstore-java#1148</a></li> <li>fix(deps): update dependency com.squareup.okhttp3:mockwebserver to v5 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1163";>sigstore/sigstore-java#1163</a></li> <li>fix(deps): update dependency com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-extensions.gradle.plugin to v3 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1160";>sigstore/sigstore-java#1160</a></li> <li>fix(deps): update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v2 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1162";>sigstore/sigstore-java#1162</a></li> <li>fix(deps): update dependency com.google.http-client:google-http-client-bom to v2 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1161";>sigstore/sigstore-java#1161</a></li> <li>Add test for rekor v2 in prod by <a href="https://github.com/loosebazooka";><code>@loosebazooka</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1165";>sigstore/sigstore-java#1165</a></li> <li>Add prod attestation test by <a href="https://github.com/aaronlew02";><code>@aaronlew02</code></a> in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1167";>sigstore/sigstore-java#1167</a></li> <li>chore(deps): update plugin org.gradlex.build-parameters to v1.4.5 by <a href="https://github.com/renovate";><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1172";>sigstore/sigstore-java#1172</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md";>dev.sigstore:sigstore-java's changelog</a>.</em></p> <blockquote> <h1>[2.1.0] - 2026-05-21</h1> <h2>Added</h2> <ul> <li>Add HTTP Fulcio client: <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1176";>sigstore/sigstore-java#1176</a></li> </ul> <h2>Fixed</h2> <ul> <li>Re-add and enhance SET verification in KeylessVerifier: <a href="https://redirect.github.com/sigstore/sigstore-java/pull/1185";>sigstore/sigstore-java#1185</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/sigstore-java/commit/97d295e6b08fe734e21e605f95ee15125889ae7a";><code>97d295e</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1190";>#1190</a> from sigstore/fix-nmcp-dependency</li> <li><a href="https://github.com/sigstore/sigstore-java/commit/27bb9275f720bb6e8a0d560637759e30c47ae228";><code>27bb927</code></a> add repositories for nmcp plugin to use</li> <li><a href="https://github.com/sigstore/sigstore-java/commit/b529335728fc5cfb574161b4b3c06859a8a2aa88";><code>b529335</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1185";>#1185</a> from sigstore/set-verification</li> <li><a href="https://github.com/sigstore/sigstore-java/commit/49c27f1c7e2d5988539aadf963f8ed4e1e61b824";><code>49c27f1</code></a> Add KeylessVerifier test for expired certificates</li> <li><a href="https://github.com/sigstore/sigstore-java/commit/87e28765fd98bb3259bd7357867c683b554bde88";><code>87e2876</code></a> Re-add and enhance SET verification in KeylessVerifier</li> <li><a href="https://github.com/sigstore/sigstore-java/commit/f6934e57a2cb0cdd432f76a18452a51ccbef6570";><code>f6934e5</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1186";>#1186</a> from sigstore/update-conformance</li> <li><a href="https://github.com/sigstore/sigstore-java/commit/164ec97400f1c8f54299e8cb168ccf5edff9a6ef";><code>164ec97</code></a> Prioritize email over subject for SAN from OIDC token string</li> <li><a href="https://github.com/sigstore/sigstore-java/commit/224cbcb57437aaff85613f3d8d88ff6a96aa62c3";><code>224cbcb</code></a> Update conformance to latest</li> <li><a href="https://github.com/sigstore/sigstore-java/commit/6d736e2f49fce2ae2b3127471acb475639a69912";><code>6d736e2</code></a> Merge pull request <a href="https://redirect.github.com/sigstore/sigstore-java/issues/1183";>#1183</a> from sigstore/uri-resolve-replace</li> <li><a href="https://github.com/sigstore/sigstore-java/commit/c2d39dab43f1d4dbf179c3fe5deebdcdd11aa082";><code>c2d39da</code></a> Replace URI.resolve with URIFormat.appendPath</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/sigstore-java/compare/v2.0.0...v2.1.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
