From a2adec69a5c45bc8bbd3b1a94bf834f31e2d50ae Mon Sep 17 00:00:00 2001
From: Appu Goundan <appu@google.com>
Date: Fri, 22 Nov 2024 13:37:59 -0500
Subject: [PATCH] Update versions and changelog

Signed-off-by: Appu Goundan <appu@google.com>
---
 CHANGELOG.md                                  | 19 +++++++++++++++++++
 build-logic/publishing/build.gradle.kts       |  2 +-
 examples/hello-world/build.gradle.kts         |  2 +-
 examples/hello-world/pom.xml                  |  2 +-
 gradle.properties                             |  2 +-
 sigstore-gradle/README.md                     |  2 +-
 .../sigstore/sign/SigstoreSignExtension.kt    |  2 +-
 sigstore-maven-plugin/README.md               |  2 +-
 8 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index de3bfa93..73284427 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,25 @@ All versions prior to 1.0.0 are untracked
 
 ## [Unreleased]
 
+# [1.1.0] - 2024-11-22
+
+## Added
+- Update sigstore tuf roots to v10 for staging and public-good https://github.com/sigstore/sigstore-java/pull/848
+- Tuf conformance tests for tuf client spec conformance https://github.com/sigstore/sigstore-java/pull/838
+
+## Changed
+- Allow tuf updater to fetch meta without downloading targets https://github.com/sigstore/sigstore-java/pull/839
+- Allow tuf targets and metadata to be stored and fetched separately https://github.com/sigstore/sigstore-java/pull/827
+
+## Fixed
+- Fix handling of tuf targets in subdirectories https://github.com/sigstore/sigstore-java/pull/853
+- Fix tuf spec conformance for valid but duplicate signatures on a role https://github.com/sigstore/sigstore-java/pull/852
+- Fix handling of rsa-pss and ed25519 signatures in tuf metadata https://github.com/sigstore/sigstore-java/pull/849/files
+
+## Security
+- Ensure log entries in sigstore bundles are entries that correspond to the 
+  verification material (signature, artifact, public-key) provided to the 
+  verifier. https://github.com/sigstore/sigstore-java/pull/856
 
 # [1.0.0] - 2024-08-28
 
diff --git a/build-logic/publishing/build.gradle.kts b/build-logic/publishing/build.gradle.kts
index c2687f00..156ae6fb 100644
--- a/build-logic/publishing/build.gradle.kts
+++ b/build-logic/publishing/build.gradle.kts
@@ -10,6 +10,6 @@ dependencies {
     implementation(project(":basics"))
     implementation(project(":jvm"))
     implementation("dev.sigstore.build-logic:gradle-plugin")
-    implementation("dev.sigstore:sigstore-gradle-sign-plugin:1.0.0")
+    implementation("dev.sigstore:sigstore-gradle-sign-plugin:1.1.0")
     implementation("com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin:1.3.0")
 }
diff --git a/examples/hello-world/build.gradle.kts b/examples/hello-world/build.gradle.kts
index 58925d05..c24290b6 100644
--- a/examples/hello-world/build.gradle.kts
+++ b/examples/hello-world/build.gradle.kts
@@ -1,7 +1,7 @@
 plugins {
   `java-library`
   `maven-publish`
-  val sigstoreVersion = System.getProperty("sigstore.version") ?: "1.0.0"
+  val sigstoreVersion = System.getProperty("sigstore.version") ?: "1.1.0"
   id("dev.sigstore.sign") version "$sigstoreVersion"
   signing
 }
diff --git a/examples/hello-world/pom.xml b/examples/hello-world/pom.xml
index 295baffe..53c6b7e9 100644
--- a/examples/hello-world/pom.xml
+++ b/examples/hello-world/pom.xml
@@ -16,7 +16,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <maven.compiler.release>11</maven.compiler.release>
-    <sigstore.version>1.0.0</sigstore.version>
+    <sigstore.version>1.1.0</sigstore.version>
   </properties>
 
   <build>
diff --git a/gradle.properties b/gradle.properties
index ddf7d15e..757ef6df 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -5,4 +5,4 @@ systemProp.org.gradle.kotlin.dsl.precompiled.accessors.strict=true
 group=dev.sigstore
 
 # use the ./scripts/update_version.sh script to update all versions
-version=1.1.0
+version=1.2.0
diff --git a/sigstore-gradle/README.md b/sigstore-gradle/README.md
index e02b7241..120ff134 100644
--- a/sigstore-gradle/README.md
+++ b/sigstore-gradle/README.md
@@ -15,7 +15,7 @@ Signature format uses [Sigstore bundle](https://github.com/sigstore/protobuf-spe
 
 ```kotlin
 plugins {
-    id("dev.sigstore.sign") version "1.0.0"
+    id("dev.sigstore.sign") version "1.1.0"
 }
 
 // Automatically sign all Maven publications, using GitHub Actions OIDC when available,
diff --git a/sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt b/sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt
index 22fd84b7..2f7b4088 100644
--- a/sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt
+++ b/sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt
@@ -44,7 +44,7 @@ abstract class SigstoreSignExtension(private val project: Project) {
     abstract val sigstoreJavaVersion : Property<String>
 
     init {
-        sigstoreJavaVersion.convention("1.1.0")
+        sigstoreJavaVersion.convention("1.2.0")
         (this as ExtensionAware).extensions.create<OidcClientExtension>(
             "oidcClient",
             project.objects,
diff --git a/sigstore-maven-plugin/README.md b/sigstore-maven-plugin/README.md
index cbf50d87..5e11d20b 100644
--- a/sigstore-maven-plugin/README.md
+++ b/sigstore-maven-plugin/README.md
@@ -17,7 +17,7 @@ Signature format uses [Sigstore bundle](https://github.com/sigstore/protobuf-spe
       <plugin>
         <groupId>dev.sigstore</groupId>
         <artifactId>sigstore-maven-plugin</artifactId>
-        <version>1.0.0</version>
+        <version>1.1.0</version>
         <executions>
           <execution>
             <id>sign</id>