v3.59.0
v3.59.0 (2023-11-09)
Security
- This release is built with Go 1.20.11, which includes fixes for two vulnerabilities in file path handling on Windows (CVE-2023-45283, CVE-2023-45284). #2486 (@dependabot[bot])
Changed
- Experimental: Signed Pipelines
- Use zzglob.MultiGlob to process multiple globs simultaneously, and stop sending GlobPath with artifact upload #2472 (@DrJosh9000)
Internal
- Migrate usage of internal/{pipeline,ordered,jwkutil} to go-pipeline #2489 (@moskyb)
- Update bintest to v3.2.0 to resolve ETXTBSY race condition in tests #2480 (@DrJosh9000)
- Fix race in header times streamer #2485, #2487 (@DrJosh9000)
- Various dependency updates #2484, #2482 (@dependabot[bot])