Bump dev.sigstore:sigstore-java from 1.0.0 to 1.2.0 in /maven-resolver-generator-sigstore

[dependabot]

Bumps dev.sigstore:sigstore-java from 1.0.0 to 1.2.0.

Release notes

Sourced from dev.sigstore:sigstore-java's releases.

v1.2.0

See CHANGELOG.md for more details.

What's Changed

• Fix checkpoint verification sigstore/sigstore-java@23fb488
• Update versions and changelog by @​loosebazooka in sigstore/sigstore-java#858
• Add arifactDigest as input option for conformance by @​loosebazooka in sigstore/sigstore-java#859

Full Changelog: sigstore/sigstore-java@v1.1.0...v1.2.0

v1.1.0

See CHANGELOG.md for more details.

What's Changed

• update versions after 1.0.0 by @​loosebazooka in sigstore/sigstore-java#800
• Update dependency org.eclipse.jetty:jetty-server to v11.0.24 by @​renovate in sigstore/sigstore-java#803
• Update gradle/actions action to v4.0.1 by @​renovate in sigstore/sigstore-java#804
• Update dependency com.google.errorprone:error_prone_core to v2.31.0 by @​renovate in sigstore/sigstore-java#805
• Update dependency com.google.http-client:google-http-client-bom to v1.45.0 by @​renovate in sigstore/sigstore-java#806
• Update sigstore/community digest to af27ecc by @​renovate in sigstore/sigstore-java#801
• Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.2.2 by @​renovate in sigstore/sigstore-java#802
• Update dependency com.google.guava:guava to v33.3.1-jre by @​renovate in sigstore/sigstore-java#815
• Update actions/checkout action to v4.2.0 by @​renovate in sigstore/sigstore-java#818
• Update actions/setup-java action to v4.4.0 by @​renovate in sigstore/sigstore-java#819
• Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.0 by @​renovate in sigstore/sigstore-java#821
• Update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.7 by @​renovate in sigstore/sigstore-java#816
• Update protobuf_grpc by @​renovate in sigstore/sigstore-java#824
• Update gradle/actions action to v4.1.0 by @​renovate in sigstore/sigstore-java#823
• Update dependency org.mockito:mockito-bom to v5.14.1 by @​renovate in sigstore/sigstore-java#822
• Update sigstore/community digest to 95ef39c by @​renovate in sigstore/sigstore-java#814
• Update dependency org.junit:junit-bom to v5.11.1 by @​renovate in sigstore/sigstore-java#817
• Move known roles in TUF by @​loosebazooka in sigstore/sigstore-java#826
• Separate meta fetching from target fetching by @​loosebazooka in sigstore/sigstore-java#827
• Non inferred file names by @​loosebazooka in sigstore/sigstore-java#828
• Update actions/checkout action to v4.2.1 by @​renovate in sigstore/sigstore-java#830
• Update dependency org.junit:junit-bom to v5.11.2 by @​renovate in sigstore/sigstore-java#831
• Update dependency org.mockito:mockito-bom to v5.14.2 by @​renovate in sigstore/sigstore-java#832
• Update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.8 by @​renovate in sigstore/sigstore-java#833
• Update dependency org.junit:junit-bom to v5.11.3 by @​renovate in sigstore/sigstore-java#835
• Update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.1.0 by @​renovate in sigstore/sigstore-java#834
• Update sigstore/community digest to dcc3c01 by @​renovate in sigstore/sigstore-java#829
• Store meta state in memory by @​loosebazooka in sigstore/sigstore-java#836
• Update tuf updater api surface by @​loosebazooka in sigstore/sigstore-java#839
• More tuf updates for conformance by @​loosebazooka in sigstore/sigstore-java#840
• Start adding tuf conformance by @​loosebazooka in sigstore/sigstore-java#838
• Update protobuf_grpc by @​renovate in sigstore/sigstore-java#842
• Update softprops/action-gh-release action to v2.1.0 by @​renovate in sigstore/sigstore-java#844
• Update actions/setup-go action to v5.1.0 by @​renovate in sigstore/sigstore-java#845
• Update staging and public good embedded starter roots by @​loosebazooka in sigstore/sigstore-java#848

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-java's changelog.

[1.2.0] - 2024-12-4

Added

• Add option to sigstore conformance cli to verify artifact digests in addition to file paths sigstore/sigstore-java#859

Security

• Ensure checkpoints for log inclusion proofs in sigstore bundles are correctly verified. sigstore/sigstore-java@23fb488

[1.1.0] - 2024-11-22

Added

• Update sigstore tuf roots to v10 for staging and public-good sigstore/sigstore-java#848
• Tuf conformance tests for tuf client spec conformance sigstore/sigstore-java#838

Changed

• Allow tuf updater to fetch meta without downloading targets sigstore/sigstore-java#839
• Allow tuf targets and metadata to be stored and fetched separately sigstore/sigstore-java#827

Fixed

• Fix handling of tuf targets in subdirectories sigstore/sigstore-java#853
• Fix tuf spec conformance for valid but duplicate signatures on a role sigstore/sigstore-java#852
• Fix handling of rsa-pss and ed25519 signatures in tuf metadata sigstore/sigstore-java#849

Security

• Ensure log entries in sigstore bundles are entries that correspond to the verification material (signature, artifact, public-key) provided to the verifier. sigstore/sigstore-java#856

Commits

• 23fb488 Merge commit from fork
• d2e8a8d Fix checkpoint signature verification
• f20f4db Merge pull request #859 from sigstore/add_digest_to_conformance
• 7ab9079 Add arifactDigest as input option for conformance
• 763c500 Merge pull request #858 from sigstore/post1.1.0
• a2adec6 Update versions and changelog
• 2e59559 Merge pull request #856 from sigstore/rekor_types
• 1dd557b Rekor Entry should be reconstructued to match
• b440f06 Merge pull request #852 from sigstore/fix_tuf_dup_keys
• 602aa10 Fix test_duplicate_sig_keyids
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.