Releases · chains-project/ghasum · GitHub

07 Jan 15:13

ericcornelissen

Immutable

Release v0.6.3 Latest

Latest

Bug

Revert handling of mixed case action identifiers.

Assets 14

checksums-sha512.txt

sha256:ea8d55ff6d1a0a733a499f52594e25841038e65de1f45986cb0eea3ecd011c34

1.51 KB 2026-01-07T15:13:10Z
ghasum_darwin_amd64.tar.gz

sha256:c24dad566a53358f57712890079efbb0c7e7506d2a73386dede46391f1320fd8

7.09 MB 2026-01-07T15:13:11Z
ghasum_darwin_arm64.tar.gz

sha256:4990cc33e69b31534886a5600cffb97a010eb90e776a0d7f6ae03a77f9fe5027

6.64 MB 2026-01-07T15:13:13Z
ghasum_linux_386.tar.gz

sha256:7f4442b108c60d39c1334ffd4ed3f5a58ebc85d4e7187bfeebe7b9ce41ebc9f1

6.88 MB 2026-01-07T15:13:15Z
ghasum_linux_amd64.tar.gz

sha256:4f071696ee6558acc36a1edaee5acc5b523d7e8fdb495d6744aca74054a983d7

6.95 MB 2026-01-07T15:13:18Z
ghasum_linux_arm.tar.gz

sha256:4d724abd405c16d5fb8cd17f446f228ac23a77a32b8d212783f344a7ebfd9454

6.63 MB 2026-01-07T15:13:19Z
ghasum_linux_arm64.tar.gz

sha256:15fe6ec44e970ca97d3741983921a8f4c6a9f8f608014bea5794ea9eaa24f370

6.37 MB 2026-01-07T15:13:20Z
ghasum_windows_386.zip

sha256:78f8cd459bc853162be27df8bcf061e24c2de5e012630929257fe89178bbc913

7.11 MB 2026-01-07T15:13:22Z
ghasum_windows_amd64.zip

sha256:7d6cf9a3c552a7aa426f74714a357b913bc19e0e35cc0c11aa666dcbccd0f762

7.14 MB 2026-01-07T15:13:23Z
ghasum_windows_arm.zip

sha256:b52934fa4623db6255e17ee7b67d557f435b2ce4c3dbad771a98e26a4c9ec52d

6.79 MB 2026-01-07T15:13:25Z
Source code (zip)

2026-01-05T22:47:15Z
Source code (tar.gz)

2026-01-05T22:47:15Z
Release attestation (json)

2026-01-05T22:47:15Z

04 Jan 15:34

ericcornelissen

Immutable

Release v0.6.2

Enhancements

Handle mixed case action identifiers.
Reject checksum entries containing carriage return characters.

Security

Upgrade Go to v1.25.5.

Assets 14

20 Sep 13:38

ericcornelissen

Immutable

Release v0.6.1

Bugs

Cover the actions and workflows used in local actions and reusable workflows.

Security

Upgrade Go to v1.25.0.

Assets 14

17 Aug 18:26

ericcornelissen

Release v0.6.0

Enhancements

Expand the program output on success.
Add the ghasum list subcommand to get a nested list of GitHub Actions
dependencies for the target.
Include archived status in the ghasum list output.
Request a bug report when a panic occurs.

Security

Upgrade Go to v1.24.4.

Assets 13

29 May 14:15

ericcornelissen

Release v0.5.2

Bugs

Fix verifying a non-job target identified by the absolute path on Windows.
Fix various cases where files or directories could not found on Windows.

Assets 13

25 May 20:38

ericcornelissen

Release v0.5.1

Enhancements

Report redundant checksums on verification of an entire repository.

Bugs

Fix errors for actions with a Dockerfile manifest.
Fix unexpected error due to Windows-style newlines in the sumfile.

Assets 13

03 May 10:00

ericcornelissen

Release v0.5.0

Enhancements

Correct typo in the ghasum help verify output.
Correct typo in the ghasum verify output.
Enable cache eviction on ghasum init.
Ensure ghasum verify outcome is linked to gha.sum content.
Include reusable workflows in gha.sum, including transitive actions used in
reusable workflows.

Assets 13

27 Apr 14:36

ericcornelissen

Release v0.4.0

Enhancements

Include transitive actions in gha.sum (opt-out available).
Improve performance of cloning repositories at a commit.

Bugs

Fix errors for uses: values with local actions.
Fix errors for uses: values with Docker Hub actions.

Security

Upgrade Go to v1.24.2.

Miscellaneous

Improve reproducibility by using -trimpath.

Assets 13

25 Jan 11:22

ericcornelissen

Release v0.3.0

Enhancements

Improve behavior for sumfiles with duplicate entries.
Add -offline verification support
Add cache eviction support.
Make ghasum update preserve existing checksums by default.

Bugs

Fix behavior for sumfiles with duplicate entries.

Security

Bump Go to v1.23.5

Miscellaneous

Improve reproducibility by using -trimpath.

Assets 13

21 Mar 18:48

Release v0.2.0

Enhancements

Support validating a single workflow.
Support validating a single job in a workflow.
Make ghasum update error if the gha.sum file is corrupted.

Bugs

Unlock gha.sum if an error occurs during updating.
Correct parsing uses values with multiple @ characters.

Security

Upgrade from Go 1.22.0 to Go 1.22.1

Assets 13