build(deps): bump dev.sigstore:sigstore-java from 2.0.0 to 2.1.0 by dependabot[bot] · Pull Request #413 · ReVanced/revanced-cli

dependabot · 2026-06-02T21:35:05Z

Bumps dev.sigstore:sigstore-java from 2.0.0 to 2.1.0.

Release notes

Sourced from dev.sigstore:sigstore-java's releases.

v2.1.0

See CHANGELOG.md for more details.

What's Changed

Update versions after 2.0.0 release by @loosebazooka in sigstore/sigstore-java#1118

chore(deps): update sigstore/community digest to c0c5605 by @renovate[bot] in sigstore/sigstore-java#1119

fix(deps): update gradleup_nmcp to v1.3.0 by @renovate[bot] in sigstore/sigstore-java#1124

fix(deps): update dependency com.google.errorprone:error_prone_core to v2.45.0 by @renovate[bot] in sigstore/sigstore-java#1123

fix(deps): update dependency com.code-intelligence:jazzer-api to v0.28.0 by @renovate[bot] in sigstore/sigstore-java#1122

fix(deps): update bouncycastle to v1.83 by @renovate[bot] in sigstore/sigstore-java#1121

chore(deps): update actions/checkout action to v4.3.1 by @renovate[bot] in sigstore/sigstore-java#1120

ref(deps): Migrate UpdaterTest from Jetty to MockWebServer by @aaronlew02 in sigstore/sigstore-java#1125

workflows: schedule a weekly tuf-conformance run by @jku in sigstore/sigstore-java#1126

fix(deps): update dependency org.eclipse.jetty:jetty-server to v12.1.5 by @renovate[bot] in sigstore/sigstore-java#1128

fix(deps): update maven to v3.9.12 - autoclosed by @renovate[bot] in sigstore/sigstore-java#1129

chore(deps): update actions/setup-go action to v5.6.0 by @renovate[bot] in sigstore/sigstore-java#1130

chore(deps): update actions/setup-java action to v4.8.0 by @renovate[bot] in sigstore/sigstore-java#1131

fix(deps): update dependency org.mockito:mockito-bom to v5.21.0 by @renovate[bot] in sigstore/sigstore-java#1132

fix(deps): update dependency com.code-intelligence:jazzer-api to v0.29.1 by @renovate[bot] in sigstore/sigstore-java#1133

chore(deps): update sigstore/community digest to bafa89c by @renovate[bot] in sigstore/sigstore-java#1127

chore(deps): update actions/checkout action to v6 by @renovate[bot] in sigstore/sigstore-java#1137

fix(deps): update immutables to v2.12.0 by @renovate[bot] in sigstore/sigstore-java#1135

fix(deps): update gradleup_nmcp to v1.4.0 by @renovate[bot] in sigstore/sigstore-java#1134

Use StandardCharsets by @loosebazooka in sigstore/sigstore-java#1138

fix(test): Update sample bundle version from 0.2 to 0.1 by @aaronlew02 in sigstore/sigstore-java#1141

fix(deps): update protobuf_grpc by @renovate[bot] in sigstore/sigstore-java#1136

chore(deps): update actions/setup-go action to v6 by @renovate[bot] in sigstore/sigstore-java#1139

chore(deps): update actions/setup-java action to v5 by @renovate[bot] in sigstore/sigstore-java#1140

chore(deps): update actions/upload-artifact action to v6 by @renovate[bot] in sigstore/sigstore-java#1142

chore(deps): update google-github-actions/auth action to v3 by @renovate[bot] in sigstore/sigstore-java#1143

use full key fingerprints by @loosebazooka in sigstore/sigstore-java#1147

chore(deps): update google-github-actions/get-secretmanager-secrets action to v3 by @renovate[bot] in sigstore/sigstore-java#1144

Update conformance.yml to 0.0.25 by @loosebazooka in sigstore/sigstore-java#1149

chore(deps): update actions/setup-go action to v6.2.0 by @renovate[bot] in sigstore/sigstore-java#1155

fix(deps): update protobuf_grpc to v4.33.4 by @renovate[bot] in sigstore/sigstore-java#1154

fix(deps): update immutables to v2.12.1 by @renovate[bot] in sigstore/sigstore-java#1153

chore(deps): update sigstore/community digest to a959c6f by @renovate[bot] in sigstore/sigstore-java#1150

chore(deps): update gradle/actions action to v5 by @renovate[bot] in sigstore/sigstore-java#1158

fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.4.0 by @renovate[bot] in sigstore/sigstore-java#1157

fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v8 by @renovate[bot] in sigstore/sigstore-java#1159

fix(deps): update dependency com.google.errorprone:error_prone_core to v2.46.0 by @renovate[bot] in sigstore/sigstore-java#1156

fix(deps): update dependency org.junit:junit-bom to v5.14.2 by @renovate[bot] in sigstore/sigstore-java#1151

add nonce parameter to OIDC flow by @bobcallaway in sigstore/sigstore-java#1148

fix(deps): update dependency com.squareup.okhttp3:mockwebserver to v5 by @renovate[bot] in sigstore/sigstore-java#1163

fix(deps): update dependency com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-extensions.gradle.plugin to v3 by @renovate[bot] in sigstore/sigstore-java#1160

fix(deps): update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v2 by @renovate[bot] in sigstore/sigstore-java#1162

fix(deps): update dependency com.google.http-client:google-http-client-bom to v2 by @renovate[bot] in sigstore/sigstore-java#1161

Add test for rekor v2 in prod by @loosebazooka in sigstore/sigstore-java#1165

Add prod attestation test by @aaronlew02 in sigstore/sigstore-java#1167

chore(deps): update plugin org.gradlex.build-parameters to v1.4.5 by @renovate[bot] in sigstore/sigstore-java#1172

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-java's changelog.

[2.1.0] - 2026-05-21

Added

Add HTTP Fulcio client: sigstore/sigstore-java#1176

Fixed

Re-add and enhance SET verification in KeylessVerifier: sigstore/sigstore-java#1185

Commits

97d295e Merge pull request #1190 from sigstore/fix-nmcp-dependency
27bb927 add repositories for nmcp plugin to use
b529335 Merge pull request #1185 from sigstore/set-verification
49c27f1 Add KeylessVerifier test for expired certificates
87e2876 Re-add and enhance SET verification in KeylessVerifier
f6934e5 Merge pull request #1186 from sigstore/update-conformance
164ec97 Prioritize email over subject for SAN from OIDC token string
224cbcb Update conformance to latest
6d736e2 Merge pull request #1183 from sigstore/uri-resolve-replace
c2d39da Replace URI.resolve with URIFormat.appendPath
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [dev.sigstore:sigstore-java](https://github.com/sigstore/sigstore-java) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/sigstore/sigstore-java/releases) - [Changelog](https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md) - [Commits](sigstore/sigstore-java@v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: dev.sigstore:sigstore-java dependency-version: 2.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 2, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump dev.sigstore:sigstore-java from 2.0.0 to 2.1.0#413

build(deps): bump dev.sigstore:sigstore-java from 2.0.0 to 2.1.0#413
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/gradle/dev/dev.sigstore-sigstore-java-2.1.0

dependabot Bot commented on behalf of github Jun 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 2, 2026

v2.1.0

What's Changed

[2.1.0] - 2026-05-21

Added

Fixed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants