v0.9.0

What's Changed

• chore(deps): Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in #1214
• chore(deps): Bump google-github-actions/setup-gcloud from 2.0.1 to 2.1.0 by @dependabot in #1213
• chore(deps): Bump google-github-actions/auth from 2.0.1 to 2.1.0 by @dependabot in #1215
• chore(deps): Bump k8s.io/code-generator from 0.29.0 to 0.29.1 by @dependabot in #1203
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.1 to 1.50.2 by @dependabot in #1217
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.2 to 1.50.3 by @dependabot in #1218
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.3 to 1.50.4 by @dependabot in #1222
• chore(deps): Bump codecov/codecov-action from 3.1.4 to 3.1.5 by @dependabot in #1221
• chore(deps): Bump anchore/sbom-action from 0.15.5 to 0.15.6 by @dependabot in #1223
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.4 to 1.50.5 by @dependabot in #1224
• chore(deps): Bump github.com/google/go-containerregistry from 0.18.0 to 0.19.0 by @dependabot in #1225
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.5 to 1.50.6 by @dependabot in #1226
• chore(deps): Bump codecov/codecov-action from 3.1.5 to 3.1.6 by @dependabot in #1229
• chore(deps): Bump anchore/sbom-action from 0.15.6 to 0.15.7 by @dependabot in #1230
• chore(deps): Bump anchore/sbom-action from 0.15.7 to 0.15.8 by @dependabot in #1234
• chore(deps): Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #1235
• chore(deps): Bump codecov/codecov-action from 3.1.6 to 4.0.0 by @dependabot in #1236
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.6 to 1.50.8 by @dependabot in #1231
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.8 to 1.50.9 by @dependabot in #1238
• chore(deps): Bump codecov/codecov-action from 4.0.0 to 4.0.1 by @dependabot in #1237
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.9 to 1.50.10 by @dependabot in #1240
• chore(deps): Bump github.com/sigstore/rekor from 1.3.4 to 1.3.5 by @dependabot in #1239
• chore(deps): Bump google-github-actions/auth from 2.1.0 to 2.1.1 by @dependabot in #1241
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.10 to 1.50.12 by @dependabot in #1244
• chore(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #1242
• chore(deps): Bump golang.org/x/net from 0.20.0 to 0.21.0 by @dependabot in #1247
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.12 to 1.50.13 by @dependabot in #1249
• chore(deps): Bump mikefarah/yq from 4.40.5 to 4.40.7 by @dependabot in #1252
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.13 to 1.50.14 by @dependabot in #1250
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.14 to 1.50.15 by @dependabot in #1253
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.15 to 1.50.16 by @dependabot in #1254
• chore(deps): Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in #1251
• chore(deps): Bump k8s.io/client-go from 0.29.1 to 0.29.2 by @dependabot in #1256
• Bump cosign to v2.2.3 by @priyawadhwa in #1270
• ci: remove support for Kubernetes v1.22.x by @hectorj2f in #1269
• chore(deps): Bump codecov/codecov-action from 4.0.1 to 4.0.2 by @dependabot in #1272
• chore(deps): Bump mikefarah/yq from 4.40.7 to 4.41.1 by @dependabot in #1262
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.16 to 1.50.25 by @dependabot in #1273
• chore(deps): Bump k8s.io/code-generator from 0.29.1 to 0.29.2 by @dependabot in #1258
• chore(deps): Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.2 by @dependabot in #1277
• chore(deps): Bump mikefarah/yq from 4.41.1 to 4.42.1 by @dependabot in #1275
• chore(deps): Bump google-github-actions/auth from 2.1.1 to 2.1.2 by @dependabot in #1276
• chore(deps): Bump golang.org/x/crypto from 0.19.0 to 0.20.0 by @dependabot in #1279
• chore(deps): Bump codecov/codecov-action from 4.0.2 to 4.1.0 by @dependabot in #1280
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.25 to 1.50.26 by @dependabot in #1278
• chore(deps): Bump go.uber.org/zap from 1.26.0 to 1.27.0 by @dependabot in #1266
• chore(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.1 to 1.8.2 by @dependabot in #1283
• chore(deps): Bump imranismail/setup-kustomize from a76db1c6419124d51470b1e388c4b29476f495f1 to 2ba527d4d055ab63514ba50a99456fc35684947f # v2.1.0 by @dependabot in #1274
• chore(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.1 to 1.8.2 by @dependabot in #1285
• chore(deps): Bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 by @dependabot in #1281
• chore(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.1 to 1.8.2 by @dependabot in #1284
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.26 to 1.50.29 by @dependabot in #1288
• chore(deps): Bump actions/cache from 4.0.0 to 4.0.1 by @dependabot in #1290
• chore(deps): Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #1289
• Add missing tool name in local development documentation by @malancas in #1265
• chore(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.1 to 1.8.2 by @dependabot in #1286
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.29 to 1.50.30 by @dependabot in #1291
• chore(deps): Bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #1294
• chore(deps): Bump anchore/sbom-action from 0.15.8 to 0.15.9 by @dependabot in #1293
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.30 to 1.50.31 by @dependabot in #1292
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.31 to 1.50.32 by @dependabot in #1296
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.32 to 1.50.33 by @dependabot in #1298
• chore(deps): Bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 by @dependabot in #1300
• chore(deps): Bump gopkg.in/go-jose/go-jose.v2 from 2.6.2 to 2.6.3 by @dependabot in #1299
• chore(deps): Bump github.com/docker/docker from 24.0.7+incompatible to 25.0.4+incompatible by @dependabot in #1301
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.33 to 1.50.35 by @dependabot in #1302
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.35 to 1.50.36 by @dependabot in #1305
• chore(deps): Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #1304
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.50.36 to 1.50.37 by @dependabot in #1306
• chore(deps): Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in https://github.com/sigst...

v0.8.4

Changelog

• 8596f22 Merge pull request #1212 from tcnghia/update-aws-sdk

Thanks to all contributors!

v0.8.3

What's Changed

• Update link to security policy by @haydentherapper in #953
• upgrade Go to 1.21 by @cpanato in #1017
• update sigstore/rekor dependency by @k4leung4 in #1068

New Contributors

• @haydentherapper made their first contribution in #953

Full Changelog: v0.8.2...v0.8.3

v0.8.2

Changelog

• 3c52aec Merge pull request #912 from hectorj2f/bump_scaffolding

Thanks to all contributors!

What's Changed

• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.299 to 1.44.300 by @dependabot in #893
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.300 to 1.44.301 by @dependabot in #895
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.301 to 1.44.304 by @dependabot in #902
• chore(deps): Bump k8s.io/client-go from 0.27.3 to 0.27.4 by @dependabot in #900
• chore(deps): Bump sigstore/scaffolding from 0.6.4 to 0.6.5 by @dependabot in #897
• chore(deps): Bump k8s.io/code-generator from 0.26.5 to 0.27.4 by @dependabot in #898
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.304 to 1.44.305 by @dependabot in #904
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.305 to 1.44.306 by @dependabot in #905
• Add support for local registry use to the local-dev tooling by @malancas in #894
• chore(deps): Bump github.com/docker/docker from 24.0.0+incompatible to 24.0.5+incompatible by @dependabot in #907
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.306 to 1.44.307 by @dependabot in #906
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.307 to 1.44.308 by @dependabot in #908
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.308 to 1.44.309 by @dependabot in #909
• chore(deps): Bump google.golang.org/grpc from 1.56.2 to 1.57.0 by @dependabot in #910
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.309 to 1.44.311 by @dependabot in #911
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.311 to 1.44.312 by @dependabot in #913
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.312 to 1.44.313 by @dependabot in #914
• chore(deps): Bump golang.org/x/net from 0.12.0 to 0.13.0 by @dependabot in #915
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.313 to 1.44.314 by @dependabot in #916
• chore(deps): Bump go.uber.org/zap from 1.24.0 to 1.25.0 by @dependabot in #917
• chore(deps): Bump github.com/google/go-containerregistry from 0.15.3-0.20230607134719-145eebe7465d to 0.16.1 by @dependabot in #919
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.314 to 1.44.315 by @dependabot in #918
• chore(deps): Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.8.0 by @dependabot in #920
• chore(deps): Bump golang.org/x/net from 0.13.0 to 0.14.0 by @dependabot in #922
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.315 to 1.44.317 by @dependabot in #923
• chore(deps): Bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #933
• chore(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.7.1 to 1.7.2 by @dependabot in #932
• chore(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.7.1 to 1.7.2 by @dependabot in #931
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.317 to 1.44.319 by @dependabot in #934
• chore(deps): Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.2 by @dependabot in #927
• chore(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.7.1 to 1.7.2 by @dependabot in #928
• chore(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.1 to 1.7.2 by @dependabot in #930
• Store the digest of each verified attestation in the PolicyAttestation object by @hectorj2f in #925
• chore(deps): Bump github.com/theupdateframework/go-tuf from 0.5.2 to 0.6.0 by @dependabot in #903
• chore(deps): Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 by @dependabot in #937
• chore(deps): Bump github.com/hashicorp/golang-lru from 0.5.4 to 1.0.2 by @dependabot in #926
• bump scaffolding version by @hectorj2f in #912

Full Changelog: v0.8.1...v0.8.2

v0.8.1

Changelog

• 45ec96c Merge pull request #892 from sigstore/dependabot/github_actions/mikefarah/yq-4.34.2

Thanks to all contributors!

v0.8.0

What's Changed

• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.209 to 1.44.210 by @dependabot in #624
• chore(deps): Bump sigstore/scaffolding from 0.5.4 to 0.6.3 by @dependabot in #622
• chore(deps): Bump sigstore/cosign-installer from 4079ad3567a89f68395480299c77e40170430341 to 77560e399fb1b0d50a89024c16dd3a908f8d44b5 by @dependabot in #625
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.210 to 1.44.211 by @dependabot in #630
• chore(deps): Bump k8s.io/api from 0.26.1 to 0.26.2 by @dependabot in #626
• chore(deps): Bump sigstore/cosign-installer from 3.0.0 to 3.0.1 by @dependabot in #633
• chore(deps): Bump mikefarah/yq from 4.31.1 to 4.31.2 by @dependabot in #634
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.211 to 1.44.212 by @dependabot in #635
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.212 to 1.44.213 by @dependabot in #636
• Use default cosign-installer version by @hectorj2f in #637
• add new required input parameter by @cpanato in #639
• update sigstore deps by @cpanato in #641
• chore(deps): Bump golang.org/x/crypto from 0.6.0 to 0.7.0 by @dependabot in #644
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.213 to 1.44.214 by @dependabot in #645
• Point README to our sigstore docs website by @hectorj2f in #646
• upgrade to use go1.20 by @cpanato in #642
• Add an optional Message to Static actions for custom fail message. by @vaikas in #652
• chore(deps): Bump actions/cache from 3.2.6 to 3.3.0 by @dependabot in #653
• chore(deps): Bump sigstore/scaffolding from 0.6.3 to 0.6.4 by @dependabot in #654
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.214 to 1.44.217 by @dependabot in #655
• chore(deps): Bump google.golang.org/protobuf from 1.28.1 to 1.29.0 by @dependabot in #650
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.217 to 1.44.218 by @dependabot in #656
• chore(deps): Bump actions/cache from 3.3.0 to 3.3.1 by @dependabot in #658
• chore(deps): Bump google.golang.org/protobuf from 1.29.0 to 1.29.1 by @dependabot in #661
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.218 to 1.44.220 by @dependabot in #660
• chore(deps): Bump github/codeql-action from 2.2.5 to 2.2.7 by @dependabot in #663
• chore(deps): Bump actions/setup-go from 3.5.0 to 4.0.0 by @dependabot in #664
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.220 to 1.44.221 by @dependabot in #665
• chore(deps): Bump google.golang.org/protobuf from 1.29.1 to 1.30.0 by @dependabot in #667
• chore(deps): Bump github.com/google/go-containerregistry from 0.13.1-0.20230203223142-b3c23b4c3f28 to 0.14.0 by @dependabot in #668
• chore(deps): Bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #666
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.221 to 1.44.223 by @dependabot in #670
• chore(deps): Bump mikefarah/yq from 4.31.2 to 4.32.2 by @dependabot in #672
• chore(deps): Bump anchore/sbom-action from 0.13.3 to 0.13.4 by @dependabot in #671
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.223 to 1.44.225 by @dependabot in #674
• chore(deps): Bump k8s.io/apimachinery from 0.26.2 to 0.26.3 by @dependabot in #675
• chore(deps): Bump k8s.io/api from 0.26.2 to 0.26.3 by @dependabot in #677
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.225 to 1.44.226 by @dependabot in #680
• chore(deps): Bump google.golang.org/grpc from 1.53.0 to 1.54.0 by @dependabot in #679
• chore(deps): Bump github/codeql-action from 2.2.7 to 2.2.8 by @dependabot in #682
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.226 to 1.44.227 by @dependabot in #683
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.227 to 1.44.228 by @dependabot in #685
• chore(deps): Bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #684
• chore(deps): Bump mikefarah/yq from 4.32.2 to 4.33.1 by @dependabot in #687
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.228 to 1.44.229 by @dependabot in #688
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.229 to 1.44.230 by @dependabot in #690
• chore(deps): Bump github/codeql-action from 2.2.8 to 2.2.9 by @dependabot in #686
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.230 to 1.44.231 by @dependabot in #691
• chore(deps): Bump github.com/sigstore/rekor from 1.0.1 to 1.1.0 by @dependabot in #692
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.231 to 1.44.232 by @dependabot in #695
• chore(deps): Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #694
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.232 to 1.44.233 by @dependabot in #697
• chore(deps): Bump mikefarah/yq from 4.33.1 to 4.33.2 by @dependabot in #696
• Load a TrustRoot reference when using the policy-tester by @hectorj2f in #698
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.233 to 1.44.234 by @dependabot in #699
• chore(deps): Bump anchore/sbom-action from 0.13.4 to 0.14.1 by @dependabot in #700
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.234 to 1.44.235 by @dependabot in #701
• chore(deps): Bump github/codeql-action from 2.2.9 to 2.2.10 by @dependabot in #702
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.235 to 1.44.236 by @dependabot in #703
• chore(deps): Bump github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible by @dependabot in #705
• chore(deps): Bump github.com/sigstore/sigstore from 1.6.0 to 1.6.1 by @dependabot in #704
• chore(deps): Bump golang.org/x/net from 0.8.0 to 0.9.0 by @dependabot in #706
• chore(deps): Bump actions/github-script from 6.4.0 to 6.4.1 by @dependabot in #707
• chore(deps): Bump github/codeql-action from 2.2.10 to 2.2.11 by @dependabot in #709
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.236 to 1.44.237 by @dependabot in #708
• chore(deps): Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 by @dependabot in #711
• chore(deps): Bump golang.org/x/crypto from 0.7.0 to 0.8.0 by @dependabot in #714
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.237 to 1.44.239 by @dependabot in #715
• bump scorecard script to use latest versions by @hectorj2f in #716
• chore(deps): Bump mikefarah/yq from 4.33.2 to 4.33.3 by @dependabot in #719
• chore(deps): Bump github.com/aws/aws-sdk-go from 1.44.239 to 1.44.240 by @dependabot in #720
• update links to use CDN-backed TUF endpoint by @bobcallaway in #718
• chore(deps): Bump githu...

v0.4.3

Changelog

• 58fbefc Merge pull request #689 from elfotografo007/fix-GHSA-vvpx-j8f3-3w6h-0.4.x

Thanks to all contributors!

@elfotografo007

What's Changed

• Bump golang.org/x/net by @elfotografo007 in #689

Full Changelog: v0.4.2...v0.4.3

v0.7.0

Changelog

• 89ef904 Merge pull request #619 from sigstore/dependabot/go_modules/github.com/aws/aws-sdk-go-1.44.209

Thanks to all contributors!

v0.6.3

Changelog

• 7de0227 change validation to avoid only setting rfc3161timestamp #7de0227 @hectorj2f
• d0d1797 fix policy conversion from v1beta1 to v1alpha1 #d0d1797 @hectorj2f

Thanks to all contributors!

@hectorj2f

v0.6.2

What's Changed

• Add TrustRoot crd. by @vaikas in #291
• keep the matrix jobs running if one fail by @cpanato in #441
• Plumb TrustRoot CRD through to CIP CRDs. Make TrustRoot available to webhook, clean up and refactor checkOpts logic. by @vaikas in #436
• update scaffolding releases to v0.5.4 by @vaikas in #443
• e2e test for bring your own keys with trustroot. by @vaikas in #444
• expose webhook validator getters by @joshrwolf in #449
• Generate slsa provenance by @hectorj2f in #447
• policy-tester: use UnmarshalStrict by @hectorj2f in #453
• Add support for policy.configMapRef in attestation / cip.spec by @vaikas in #457
• Add support for bring your own serialized tuf repository. by @vaikas in #452
• If TLog.url is specified, use it if trustroot does not have one + test. by @vaikas in #461
• Fix: Fix private multi-arch fetchConfigFile by @mattmoor in #462
• Add support for TUF remote. by @vaikas in #463
• bring in latest cosign changes + udpate interfaces. by @vaikas in #467
• fix: wrong api field ref in error msg by @hectorj2f in #470
• chore: Relax certificate authority validation in trustRoots by @hectorj2f in #471
• chore: add TSA cert chain validation by @hectorj2f in #472
• fix: script field identation by @hectorj2f in #476
• feature: add TSA support when verifying authorities by @hectorj2f in #468
• Fix: Use the apiVersion when matching resources. by @mattmoor in #482
• Feature: Create an interface for downstream CIP integrations. by @mattmoor in #480
• user sigstore cosign-installer by @hectorj2f in #485
• cleanup: switch to using cosign v2.0.0-rc.0 by @k4leung4 in #484
• Allow fully specified URLs in predicateTypes. by @vaikas in #491
• cleanup: update sigstore/cosign dep by @k4leung4 in #493
• Require issuer/subject or issuerRegExp/subjectRegExp by @vaikas in #495
• cleanup: bump cosign to latest by @k4leung4 in #501
• Fix keyless behauvior when ctlog is absent by @hectorj2f in #508
• test: change error message for empty keyless/key by @hectorj2f in #509
• Add InsecureIgnoreSCT field to the keyless authorities by @hectorj2f in #511
• Add a policy example for GCP KMS by @mathieu-benoit in #520
• Improve kms key validations and error messages for awskms by @hectorj2f in #524
• chore(deps): Bump github/codeql-action from 2.1.39 to 2.2.0 by @dependabot in #527
• Bump cosign to v2.0.0.rc.1 by @hectorj2f in #530
• Add support for Policy URLs by @hectorj2f in #518
• only sub&rbac. by @vaikas in #534
• Bump cosign e2e tests to rc2.0.0.rc.1 by @hectorj2f in #536
• cleanup: update repo to use cosign v2.0.0-rc.1 by @k4leung4 in #535
• remove COSIGN_EXPERIMENTAL evn var by @hectorj2f in #537
• bump timeout for goreleaser to 60 minutes. by @vaikas in #539
• set yes confirmation flag and bump timeout by @cpanato in #540

New Contributors

• @joshrwolf made their first contribution in #449
• @mathieu-benoit made their first contribution in #520

Full Changelog: v0.5.2...v0.6.2