Skip to content

v1.9.0
Compare
Choose a tag to compare
@slawekjaranowski slawekjaranowski released this 07 Jul 16:57
· 607 commits to master since this release
v1.9.0
02fedc0
This commit was signed with the committer’s verified signature.
slawekjaranowski Slawomir Jaranowski
GPG key ID: F8484389379ACEAC
Learn about vigilant mode.

New features

  • Report duration of artifact resolution, download and signature validation phases. #111
  • Dependabot on GitHub #115
  • Extract signature form pgp message #120
  • Checksumming #119
  • Add hkps://keyserver.ubuntu.com to default key servers #122
  • Use Issuer Fingerprint signature subpacket to obtain key fingerprint #86

Deprecated feature

  • deprecates strictNoSignature #129

Improvements / bug fixes

  • Key not found - shouldn't break verification #113
  • Show, fix and start failing on compiler warnings. #109
  • Broken signature - shouldn't break verification #114
  • Separate weak-algorithm logic into utility and private method. #112
  • Misc small improvements and simplifications #121
  • Multiple key servers brake noKey feature #126
  • verifyPluginDependencies should enable verifyPlugins #128

Dependency updates

  • Bump vavr from 0.10.2 to 0.10.3 #108
  • Bump plexus-classworlds from 2.5.2 to 2.6.0 #107
  • Bump s4u/maven-settings-action from v2 to v2.1.0 #117
  • Bump actions/cache from v1 to v2 #116
  • Bump resilience4j-retry from 1.4.0 to 1.5.0 #118
  • Bump actions/checkout from v2 to v2.3.1 #123, #124
  • Bump parent from 2.5.0 to 2.6.0 #125
  • Bump slf4j-mock from 1.0.1 to 1.0.2 #127

Thanks

Many thanks for collaboration on this release for: @cobratbq

Assets 2
Loading