v0.11.0

What's Changed

• Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #946
• Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 by @dependabot in #947
• Bump golang from 6e10f44 to 8a62670 by @dependabot in #948
• Bump golang from 1.18.4 to 1.18.5 by @dependabot in #950
• Add rekor harness tests by @priyawadhwa in #945
• Persist and check attestations across harness tests by @priyawadhwa in #952
• Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #955
• Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 by @dependabot in #958
• Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #959
• Add harness test for getting all entries by UUID and EntryID by @priyawadhwa in #957
• Bump go.uber.org/zap from 1.21.0 to 1.22.0 by @dependabot in #961
• Bump gopkg.in/ini.v1 from 1.66.6 to 1.67.0 by @dependabot in #960
• api: fix inclusion proof verification flake by @asraa in #956
• change default value for rekor_server.hostname to server's hostname by @bobcallaway in #963
• Bump github.com/go-openapi/errors from 0.20.2 to 0.20.3 by @dependabot in #964
• fix nil-pointer error when artifact-hash is passed without artifact by @dsa0x in #965
• Add prometheus summary to track metric latency by @priyawadhwa in #966
• compute payload and envelope hashes upon validating intoto proposed entries by @bobcallaway in #967
• update field documentation on publicKey for hashedrekord by @bobcallaway in #969
• Bump actions/github-script from 6.1.0 to 6.1.1 by @dependabot in #971
• Bump github.com/mediocregopher/radix/v4 from 4.1.0 to 4.1.1 by @dependabot in #972
• Allow sharding config to be written in yaml or json by @priyawadhwa in #974
• Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 by @dependabot in #975
• Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 by @dependabot in #978
• Bump github.com/go-openapi/loads from 0.21.1 to 0.21.2 by @dependabot in #977
• fix incorrect schema id for cose type by @bobcallaway in #979
• Bump github.com/go-openapi/spec from 0.20.6 to 0.20.7 by @dependabot in #976
• fix: make rekor verify work with sharded uuids by @asraa in #970
• update builder and cosign images by @cpanato in #981
• remove trailing slash on directories by @bobcallaway in #984
• add changelog for v0.11.0 release by @cpanato in #982
• add support for intersection & union in search operations by @dsa0x in #968
• Update scorecard-action to v2:alpha by @azeemshaikh38 in #987

New Contributors

• @dsa0x made their first contribution in #965

Full Changelog: v0.10.0...v0.11.0

v0.10.0

** Note: Rekor will not send application/yaml responses anymore only application/json responses

What's Changed

• reuse DSSE signature wrappers instead of a local copy by @bobcallaway in #912
• Updates on the release job/makefile cleanup by @cpanato in #914
• Return 404 if entry isn't found in log by @priyawadhwa in #915
• Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #916
• Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #920
• Bump golang from 1.18.3 to 1.18.4 by @dependabot in #919
• Bump github/codeql-action from 2.1.15 to 2.1.16 by @dependabot in #924
• Bump actions/dependency-review-action from 2.0.2 to 2.0.4 by @dependabot in #925
• Bump github.com/veraison/go-cose from 1.0.0-alpha.1 to 1.0.0-rc.1 by @dependabot in #928
• Bump sigs.k8s.io/release-utils from 0.7.1 to 0.7.2 by @dependabot in #927
• Update cosign image in validate-release job by @priyawadhwa in #931
• Bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3 by @dependabot in #930
• Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 by @dependabot in #936
• Bump github.com/google/trillian from 1.4.1 to 1.4.2 in /hack/tools by @dependabot in #939
• Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by @dependabot in #937
• update go builder and cosign image by @cpanato in #934
• Bump imjasonh/setup-ko from 0.4 to 0.5 by @dependabot in #940
• Drop application/yaml content type by @haydentherapper in #933
• Add rekor test harness to presubmit tests by @priyawadhwa in #921
• ✨ Enable Scorecard badge by @azeemshaikh38 in #941
• update go mod in hack/tools to go1.18 by @cpanato in #935
• update changelog in preparation of v0.10.0 release by @cpanato in #943
• Bump golang from 9349ed8 to 6e10f44 by @dependabot in #942
• add ldflags back by @cpanato in #944

New Contributors

• @azeemshaikh38 made their first contribution in #941

Full Changelog: v0.9.1...v0.10.0

Thanks to all contributors!

v0.9.1

What's Changed

• feat: add subject URIs to index for x509 certificates by @asraa in #897
• Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 by @dependabot in #898
• fix: sql syntax in dbcreate script by @xens in #903
• Switch to go 1.18 and pin release-utils to v0.7.1 by @saschagrunert in #904
• Check inactive shards for UUID for /retrieve endpoint by @priyawadhwa in #905
• ensure log messages have requestID where possible by @bobcallaway in #907
• Bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.1 by @dependabot in #906
• Remove unnecessary lookup of non-existent attestations from storage layer by @bobcallaway in #909
• Fix bug where /retrieve endpoint returns wrong logIndex across shards by @priyawadhwa in #908
• cleanup makefile with generated code; cleanup unused files by @bobcallaway in #910
• add changelog for v0.9.1 by @cpanato in #911

New Contributors

• @xens made their first contribution in #903
• @saschagrunert made their first contribution in #904

Full Changelog: v0.9.0...v0.9.1

Thanks for all contributors!

v0.9.0

What's Changed

• Add COSE support to Rekor by @kommendorkapten in #867
• Bump github/codeql-action from 2.1.13 to 2.1.14 by @dependabot in #885
• Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #888
• Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #893
• Fix intoto index keys by @bobcallaway in #889
• Resolve virtual log index when calling /retrieve endpoint by @priyawadhwa in #894
• add changelog for v0.9.0 by @cpanato in #895

New Contributors

• @kommendorkapten made their first contribution in #867

Full Changelog: v0.8.2...v0.9.0

Thanks to all contributors!

v0.8.2

What's Changed

• collect docker-compose logs if sharding tests fail, also trim IDs by @bobcallaway in #869
• ensure fallback logic executes if attestation key is empty when fetching attestation by @bobcallaway in #878
• Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #881
• Bump github/codeql-action from 2.1.12 to 2.1.13 by @dependabot in #880
• add changelog for v0.8.2 by @cpanato in #882

Full Changelog: v0.8.1...v0.8.2

v0.8.1

What's Changed

• Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 by @dependabot in #868
• Bump actions/dependency-review-action from 1.0.2 to 2 by @dependabot in #871
• Fix indexing bug for intoto attestations by @priyawadhwa in #870
• Bump actions/dependency-review-action from 2.0.0 to 2.0.2 by @dependabot in #875
• Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873
• add changelog for v0.8.1 by @cpanato in #874

Full Changelog: v0.8.0...v0.8.1

Thanks for all contributors!

v0.8.0

What's Changed

• Bump gopkg.in/ini.v1 from 1.66.4 to 1.66.5 by @dependabot in #846
• Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847
• Bump gopkg.in/ini.v1 from 1.66.5 to 1.66.6 by @dependabot in #848
• Configure rekor server in e2e tests via env variable by @priyawadhwa in #850
• Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.1 to 0.4.0 by @dependabot in #853
• Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #852
• Bump ossf/scorecard-action from 1.1.0 to 1.1.1 by @dependabot in #857
• Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #858
• update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860
• update go.mod to go1.17 by @cpanato in #861
• Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862
• Bump github.com/go-openapi/validate from 0.21.0 to 0.22.0 by @dependabot in #863
• Bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #844
• Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint by @priyawadhwa in #859
• Print total tree size, including inactive shards in rekor-cli loginfo by @priyawadhwa in #864
• add changelog for v0.8.0 by @cpanato in #866

New Contributors

• @dhaus67 made their first contribution in #847

Full Changelog: v0.7.0...v0.8.0

v0.7.0

⚠️ Breaking Change

Removed timestamping authority API. This is a breaking API change.
If you are relying on the timestamping authority to issue signed timestamps, create signed timestamps using either OpenSSL or a service such as FreeTSA.

What's Changed

• remove URL fetch of keys/artifacts server-side by @bobcallaway in #735
• Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 by @dependabot in #776
• Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #777
• Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #778
• Bump anchore/sbom-action from 0.10.0 to 0.11.0 by @dependabot in #779
• Bump github.com/mediocregopher/radix/v4 from 4.0.0 to 4.1.0 by @dependabot in #781
• Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 by @dependabot in #782
• Bump codecov/codecov-action from 3.0.0 to 3.1.0 by @dependabot in #785
• Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #786
• Bump google-github-actions/auth from 0.7.0 to 0.7.1 by @dependabot in #790
• Bump google.golang.org/grpc from 1.45.0 to 1.46.0 by @dependabot in #791
• Bump github/codeql-action from 2.1.8 to 2.1.9 by @dependabot in #796
• Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 by @dependabot in #795
• Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #794
• intoto: add index on materials digest of slsa provenance by @asraa in #793
• Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 by @dependabot in #799
• chore(deps): Included dependency review by @naveensrinivasan in #788
• Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800
• Bump github.com/go-playground/validator/v10 from 10.10.1 to 10.11.0 by @dependabot in #803
• Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807
• Bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 by @dependabot in #802
• Bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 by @dependabot in #811
• Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810
• Bump github/codeql-action from 2.1.9 to 2.1.10 by @dependabot in #816
• Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 by @dependabot in #815
• update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820
• Bump github/codeql-action from 03e2e3c45f9f937ffe65a1caa4c9960d420a31f9 to 2.1.10 by @dependabot in #821
• Bump actions/setup-go from 3.0.0 to 3.1.0 by @dependabot in #822
• Bump github.com/google/trillian from 1.4.0 to 1.4.1 by @dependabot in #817
• Bump github.com/google/trillian from 1.4.0 to 1.4.1 in /hack/tools by @dependabot in #818
• update go to 1.17.10 in the dockerfile by @cpanato in #819
• Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #827
• Limit the number of certificates parsed in a chain by @haydentherapper in #823
• Bump actions/github-script from 6.0.0 to 6.1.0 by @dependabot in #826
• Bump actions/dependency-review-action from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1 by @dependabot in #825
• Bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #828
• Bump google-github-actions/auth from 0.7.1 to 0.7.2 by @dependabot in #830
• Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #829
• Breaking change: Remove timestamping authority by @haydentherapper in #813
• Bump google-github-actions/auth from 0.7.2 to 0.7.3 by @dependabot in #832
• Add back owners for rfc3161 package type by @haydentherapper in #833
• all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834
• Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in #836
• Bump goreleaser/goreleaser-action from 2.9.1 to 3 by @dependabot in #837
• Bump actions/dependency-review-action from 1.0.1 to 1.0.2 by @dependabot in #840
• Bump google-github-actions/auth from 0.7.3 to 0.8.0 by @dependabot in #839
• name stored attestations by digest instead of UUID by @bobcallaway in #769
• Bump ossf/scorecard-action from 1.0.4 to 1.1.0 by @dependabot in #843
• Bump actions/setup-go from 3.1.0 to 3.2.0 by @dependabot in #842
• add changelog for 0.7.0 release by @cpanato in #835

New Contributors

• @zchee made their first contribution in #834

Full Changelog: v0.6.0...v0.7.0

Thanks for all contributors!

v0.6.0

Notice: The server side remote fetching of resources will be removed in the next release

What's Changed

• attempting to fix codeowners file by @bobcallaway in #653
• Update the warning text for the GA release. by @dlorenc in #654
• Bump github.com/go-openapi/runtime from 0.22.0 to 0.23.0 by @dependabot in #655
• Bump github.com/go-openapi/strfmt from 0.21.1 to 0.21.2 by @dependabot in #656
• Bump go.uber.org/zap from 1.20.0 to 1.21.0 by @dependabot in #660
• Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in #659
• use upstream k8s version lib by @n3wscott in #657
• Bump golang from 301609e to fff998d by @dependabot in #662
• Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in #663
• Bump gopkg.in/ini.v1 from 1.66.3 to 1.66.4 by @dependabot in #664
• Add docs about API stability and deprecation policy by @priyawadhwa in #661
• update cross-build and dockerfile to use go 1.17.7 by @cpanato in #666
• Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in #668
• Bump actions/github-script from 5.1.0 to 6 by @dependabot in #669
• Move k8s objects out of the default namespace by @k4leung4 in #674
• add securityContext to deployment. by @k4leung4 in #678
• Add intoto type documentation by @jspeed-meyers in #679
• create namespace for rekor config in yaml. by @k4leung4 in #680
• Bump github/codeql-action from 1.1.0 to 1.1.2 by @dependabot in #682
• Bump ossf/scorecard-action from 1.0.3 to 1.0.4 by @dependabot in #683
• Set rekor-cli User-Agent header on requests by @bobcallaway in #684
• update security process link by @bobcallaway in #685
• Bump sigstore/cosign-installer from 2.0.0 to 2.0.1 by @dependabot in #686
• explicitly set permissions for github actions by @k4leung4 in #687
• Bump github.com/go-openapi/runtime from 0.23.0 to 0.23.1 by @dependabot in #689
• Bump github/codeql-action from 1.1.2 to 1.1.3 by @dependabot in #690
• Bump golangci/golangci-lint-action from 2.5.2 to 3 by @dependabot in #691
• Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0 by @dependabot in #692
• Bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 by @dependabot in #693
• Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.0 to 0.3.1 by @dependabot in #695
• Bump actions/setup-go from 2.2.0 to 3.0.0 by @dependabot in #694
• Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1 by @dependabot in #696
• Bump actions/checkout from 2.4.0 to 3 by @dependabot in #698
• Add documentation about Alpine type by @jspeed-meyers in #697
• Add code coverage to pull requests. by @k4leung4 in #676
• Consistent parenthesis use in Makefile by @k4leung4 in #700
• Go update to 1.17.8 and cosign to 1.6.0 by @cpanato in #705
• Bump actions/upload-artifact from 2.3.1 to 3 by @dependabot in #704
• Use logRangesFlag in API, route reads based on TreeID by @lkatalin in #671
• Generate release yaml for non-CI builds. by @k4leung4 in #702
• Bump sigstore/cosign-installer from 2.0.1 to 2.1.0 by @dependabot in #708
• Bump github.com/go-openapi/runtime from 0.23.1 to 0.23.2 by @dependabot in #710
• Bump anchore/sbom-action from 0.6.0 to 0.7.0 by @dependabot in #709
• Mirror signed release images from GCR to GHCR as part of release by @k4leung4 in #701
• Bump golang from 0168c35 to ca70980 by @dependabot in #707
• build trillian container to existing release. by @k4leung4 in #715
• Bump github/codeql-action from 1.1.3 to 1.1.4 by @dependabot in #716
• Bump github.com/go-playground/validator/v10 from 10.10.0 to 10.10.1 by @dependabot in #717
• Make the loginfo command a bit more future/backwards proof. by @dlorenc in #718
• Switch to using the swag library for pointer manipulation. by @dlorenc in #719
• Change TreeID to be of type string instead of int64 by @priyawadhwa in #712
• Add sharding e2e test to Github Actions by @priyawadhwa in #714
• fix merge conflict by @priyawadhwa in #720
• Bump google.golang.org/grpc from 1.44.0 to 1.45.0 by @dependabot in #723
• Bump golang from ca70980 to c7c9458 by @dependabot in #722
• Clearer logging for createAndInitTree by @priyawadhwa in #724
• Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #728
• Return virtual index when creating and getting a log entry by @priyawadhwa in #725
• Fix copy/paste mistake in repo name. by @k4leung4 in #730
• Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #729
• Bump github/codeql-action from 1.1.4 to 1.1.5 by @dependabot in #736
• Get log proofs by Tree ID by @priyawadhwa in #733
• Refactor rekor-cli loginfo by @priyawadhwa in #734
• Bump github.com/go-openapi/runtime from 0.23.2 to 0.23.3 by @dependabot in #740
• Update loginfo API endpoint to return information about inactive shards by @priyawadhwa in #738
• Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #744
• Replace trillian_log_server.log_id_ranges flag with a config file by @priyawadhwa in #742
• Bump anchore/sbom-action from 0.7.0 to 0.8.0 by @dependabot in #743
• fix build date format for version command by @cpanato in #745
• Require tlog_id when log_id_ranges is passed in by @lkatalin in #739
• Use active tree on server startup by @lkatalin in #727
• Bump github/codeql-action from 1.1.5 to 2.1.6 by @dependabot in #748
• Specify public key for inactive shards in shard config by @priyawadhwa in #746
• Add support for providing certificate chain for X509 signature types by @haydentherapper in #747
• Bump google-github-actions/auth from 0.6.0 to 0.7.0 by @dependabot in #751
• Bump github/codeql-action from 2.1.6 to 2.1.7 by @dependabot in #752
• Bump codecov/codecov-action from 2.1.0 to 3 by @dependabot in #753
• Bump anchore/sbom-action from 0.8.0 to 0.9.0 by @dependabot in #754
• Bump sigstore/cosign-installer from 2.1.0 to 2.2.0 by @dependabot in #757
• fix typo in filename by @bobcallaway in #758
• Update release jobs and trillian images by @cpanato in #756
• Bump github/codeql-action from 2.1.7 to 2.1.8 by @dependabot in #762
• Bump anchore/sbom-action from 0.9.0 to 0.10.0 by @dependabot in #763
• Add the SHA256 digest of the intoto payload into the rekor entry by @bobcallaway in #764
• Add index to hashed intoto envelope by @asraa in #761
• Fix link in types README by @eddiezane in #765
• set p.Block after parsing in helm provenance type by @bobcallaway in #759
• Bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 by @dependabot in #768
• Fix search without sha prefix by @eddiezane in #767
• Add in configmap to release for sharding config by @priyawadhwa in https://github.com/s...

v0.5.0

Highlights

• Add Rekor logo to README (#650)
• update API calls to v5 (#591)
• Refactor helm type to remove intermediate state. (#575)
• Refactor the shard map parsing so we can pass it down into the API object. (#564)
• Refactor the alpine type to reduce intermediate state. (#573)

Enhancements

• Add logic to GET artifacts via old or new UUID (#587)
• helpful error message for hashedrekord types (#605)
• Set Accept header in dynamic counter requests (#594)
• Add sharding package and update validators (#583)
• rekor-cli: show the url in case of error (#581)
• Enable parsing of incomplete minisign keys, to enable re-indexing. (#567)
• Cleanups on the TUF pluggable type. (#563)
• Refactor the RPM type to remove more intermediate state. (#566)
• Do some cleanups of the jar type to remove intermediate state. (#561)

Others

• Update Makefile (#621)
• update version comments since dependabot doesn't do it (#617)
• Use workload identity provider instead of GitHub Secret for GCR access (#600)
• add OSSF scorecard action (#599)
• enable the sbom for rekor releases (#586)
• Point to the official website (instead of a 404) (#580)
• add milestone to closed prs (#574)
• Add a Makefile target for the "ko apply" step. (#572)
• types/README.md: Corrected documentation link (#568)

Dependencies Updates

• Bump github.com/prometheus/client_golang from 1.12.0 to 1.12.1 (#636)
• Bump github.com/go-openapi/runtime from 0.21.1 to 0.22.0 (#635)
• Bump github.com/go-openapi/swag from 0.19.15 to 0.20.0 (#634)
• Bump golang from f71d4ca to 301609e (#627)
• Bump golang from 0fa6504 to f71d4ca (#624)
• Bump google.golang.org/grpc from 1.43.0 to 1.44.0 (#622)
• Bump github/codeql-action from 1.0.29 to 1.0.30 (#619)
• Bump ossf/scorecard-action from 1.0.1 to 1.0.2 (#618)
• bump swagger and go mod tidy (#616)
• Bump github.com/go-openapi/runtime from 0.21.0 to 0.21.1 (#614)
• Bump github.com/go-openapi/errors from 0.20.1 to 0.20.2 (#613)
• Bump google-github-actions/auth from 0.4.4 to 0.5.0 (#612)
• Bump github/codeql-action from 1.0.28 to 1.0.29 (#611)
• Bump gopkg.in/ini.v1 from 1.66.2 to 1.66.3 (#608)
• Bump github.com/google/go-cmp from 0.5.6 to 0.5.7 (#609)
• Update github/codeql-action requirement to 8a4b243fbf9a03a93e93a71c1ec257347041f9c4 (#606)
• Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0 (#607)
• Bump ossf/scorecard-action from 0fe1afdc40f536c78e3dc69147b91b3ecec2cc8a to 1.0.1 (#603)
• Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1 (#602)
• Bump golang from 8c0269d to 0fa6504 (#597)
• Pin dependencies in github action workflows and Dockerfile (#595)
• update release image to use go 1.17.6 (#589)
• Bump golang from 1.17.5 to 1.17.6 (#588)
• Bump go.uber.org/goleak from 1.1.11 to 1.1.12 (#585)
• Bump go.uber.org/zap from 1.19.1 to 1.20.0 (#584)
• Bump github.com/go-playground/validator/v10 from 10.9.0 to 10.10.0 (#579)
• Bump actions/github-script from 4 to 5 (#577)

Contributors

• Asra Ali (@asraa)
• Bob Callaway (@bobcallaway)
• Carlos Tadeu Panato Junior (@cpanato)
• Dan Lorenc (@dlorenc)
• Jason Hall (@imjasonh)
• Lily Sturmann (@lkatalin)
• Morten Linderud (@Foxboron)
• Nathan Smith (@nsmith5)
• Sylvestre Ledru (@sylvestre)
• Trishank Karthik Kuppusamy (@trishankatdatadog)

New Contributors

• @Foxboron made their first contribution in #569
• @sylvestre made their first contribution in #580
• @trishankatdatadog made their first contribution in #621
• @obarbier made their first contribution in #644
• @nsmith5 made their first contribution in #650

Thanks to all contributors!

Full Changelog: v0.4.0...v0.5.0