v0.7.0

Changelog

Breaking

Hello,

As a continuation of #485, we are starting the process of deprecating the existing https://github.com/theupdateframework/go-tuf code base in favour of https://github.com/rdimitrov/go-tuf-metadata.

Reasoning:

• The reasoning behind this is explained in #485, but essentially the new code base is much simpler, easier to work with and last but not least, easier to maintain and contribute to. The last two have been longstanding issues for go-tuf and we are looking forward to address them with this change.
• Deep thank you to all of the people that helped shaping this effort!

Details:

• This will not happen straight away!
• We'll continue to support this version in a separate branch(v0.7.0) until the migration process is considered as completed.
• We advise all users to pin their dependencies of go-tuf to a certain release version (in case they haven't already) so they don't experience any inconveniences.
• We'll continue to use the https://github.com/theupdateframework/go-tuf repository, but its content will be updated to accommodate the changes. We'll start introducing the go-tuf-metadata code base to the master branch of go-tuf, so technically there will be times where the master branch might be considered unstable (which is a general practice).
• Even though go-tuf is pre-v1.0.0 and technically there are no API commitments to be followed, we won't release a v1.0.0 either with the new code base until it is well tested and we are sure of its stability.

Apologies for the disruption and thank you in advance for the understanding!

Yours,
The go-tuf maintainers team.

---

Features

• 14ed751: feat: Add-Signature to support new formats of input (#538) (@ChevronTango)
• 70d3a54: feat: #528 Add-Key to a role (#535) (@ChevronTango)
• 6e07500: feat: 536 Add Gitpod config to project (#537) (@ChevronTango)

Bug fixes

• 9570146: fix: Set sig to Array when empty (#533) (@ChevronTango)
• 582126a: fix: add-signature to read from stdin (#534) (@ChevronTango)
• 58f321a: fix(localMeta): Ignore deleted delegated targets (#522) (@BaptisteFoy)

Others

• f205b79: chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (#542) (@dependabot[bot])
• cdae812: chore(deps): bump shogo82148/actions-goveralls from 1.7.0 to 1.8.0 (#544) (@dependabot[bot])
• 3ff5aa7: chore(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (#543) (@dependabot[bot])
• fe99435: chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#547) (@dependabot[bot])
• 9099aaa: chore(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 (#548) (@dependabot[bot])
• 3a50777: chore(deps): bump arnested/go-version-action from 1.1.12 to 1.1.13 (#549) (@dependabot[bot])
• 308e63e: chore(deps): bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#553) (@dependabot[bot])
• 0107a72: chore(deps): bump securesystemslib from 0.28.0 to 0.29.0 (#552) (@dependabot[bot])
• 057cf19: chore(deps): bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#550) (@dependabot[bot])
• 1f8a2d8: chore(deps): bump actions/checkout from 3 to 4 (#551) (@dependabot[bot])
• 35c71e4: chore(deps): bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 (#554) (@dependabot[bot])
• ca61fb0: chore(deps): bump securesystemslib from 0.29.0 to 0.30.0 (#557) (@dependabot[bot])
• 257ce1a: chore(deps): bump golang.org/x/term from 0.12.0 to 0.13.0 (#559) (@dependabot[bot])
• dde2ad4: chore(deps): bump golang.org/x/crypto from 0.13.0 to 0.14.0 (#560) (@dependabot[bot])
• c544d32: chore(deps): bump actions/setup-python from 4.7.0 to 4.7.1 (#561) (@dependabot[bot])
• c9be819: chore(deps): bump amannn/action-semantic-pull-request from 5.2.0 to 5.3.0 (#555) (@dependabot[bot])
• dfef2ca: chore(deps): bump tuf from 3.0.0 to 3.1.0 (#562) (@dependabot[bot])
• 2258ee1: chore(deps): bump iso8601 from 2.0.0 to 2.1.0 (#558) (@dependabot[bot])
• 9301e5a: chore(deps): bump amannn/action-semantic-pull-request from 5.3.0 to 5.4.0 (#563) (@dependabot[bot])
• 17b6205: chore(deps): bump arnested/go-version-action from 1.1.13 to 1.1.14 (#564) (@dependabot[bot])
• beddac2: chore(deps): bump golang.org/x/term from 0.13.0 to 0.14.0 (#565) (@dependabot[bot])
• 6ad7fe5: chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.16.0 (#568) (@dependabot[bot])