Releases: sigstore/sigstore-python
Releases · sigstore/sigstore-python
Release 0.6.6
What's Changed
- build(deps): bump sigstore from 0.6.4 to 0.6.5 in /install by @dependabot in #220
- build(deps): bump pyjwt from 2.4.0 to 2.5.0 in /install by @dependabot in #221
- build(deps): bump certifi from 2022.9.14 to 2022.9.24 in /install by @dependabot in #225
- build(deps): bump pyopenssl from 22.0.0 to 22.1.0 in /install by @dependabot in #226
- Add SLSA provenance generator to release; closes #222 by @diogoteles08 in #223
- README: update GitHub Action slugs by @woodruffw in #227
- Update CONTRIBUTING.md to expose the requirements to open a PR. Closes #224 by @diogoteles08 in #228
- Add a get-identity-token subcommand by @di in #229
- Bump for 0.6.6 release by @di in #231
- Revert "Add SLSA provenance generator to release; closes #222 (#223)" by @di in #232
New Contributors
- @diogoteles08 made their first contribution in #223
Full Changelog: v0.6.5...v0.6.6
Contributors
di, woodruffw, and 2 other contributors
Assets 8
Release 0.6.5
What's Changed
- build(deps): bump cryptography from 37.0.4 to 38.0.1 in /install by @dependabot in #203
- build(deps): bump sigstore from 0.6.3 to 0.6.4 in /install by @dependabot in #206
- _internal: Rekor and Fulcio clients clean up their HTTP sessions on release by @woodruffw in #213
- sigstore: use stricter pydantic fields, where applicable by @woodruffw in #210
- build(deps): bump certifi from 2022.6.15 to 2022.6.15.1 in /install by @dependabot in #214
- build(deps): bump certifi from 2022.6.15.1 to 2022.9.14 in /install by @dependabot in #217
- build(deps): bump idna from 3.3 to 3.4 in /install by @dependabot in #216
- build(deps): bump securesystemslib from 0.23.0 to 0.24.0 in /install by @dependabot in #215
- deps: constrain pyOpenSSL to >=22.0.0 by @woodruffw in #218
- sigstore: 0.6.5 by @woodruffw in #219
Full Changelog: v0.6.4...v0.6.5
Contributors
woodruffw and dependabot
Assets 8
Release 0.6.4
What's Changed
- build(deps): bump sigstore from 0.6.2 to 0.6.3 in /install by @dependabot in #181
- pyproject, ci: use recursive extras by @woodruffw in #179
- test: add an "online" marker for online tests by @woodruffw in #180
- ✨ Enable Scorecard badge by @azeemshaikh38 in #178
- build(deps): bump pydantic from 1.9.1 to 1.9.2 in /install by @dependabot in #183
- ci: add debug loglevel to ci and debug log of verified log index by @asraa in #185
- Update scorecard-action to v2:alpha by @azeemshaikh38 in #186
- build(deps): bump charset-normalizer from 2.1.0 to 2.1.1 in /install by @dependabot in #188
- build(deps): bump urllib3 from 1.26.11 to 1.26.12 in /install by @dependabot in #187
- build(deps): bump pydantic from 1.9.2 to 1.10.0 in /install by @dependabot in #189
- Skip curl to download requirements.txt by @uranusjr in #192
- build(deps): bump pydantic from 1.10.0 to 1.10.2 in /install by @dependabot in #193
- treewide: upgrade to cryptography 38 by @woodruffw in #199
- sigstore: 0.6.4 by @woodruffw in #205
New Contributors
- @azeemshaikh38 made their first contribution in #178
- @asraa made their first contribution in #185
- @uranusjr made their first contribution in #192
Full Changelog: v0.6.3...v0.6.4
Contributors
uranusjr, woodruffw, and 3 other contributors
Assets 8
Release 0.6.3
What's Changed
- oauth: use a context manager for the server's thread by @woodruffw in #140
- build(deps): bump sigstore from 0.6.1 to 0.6.2 in /install by @dependabot in #141
- build(deps): bump requests from 2.28.0 to 2.28.1 in /install by @dependabot in #143
- build(deps): bump cffi from 1.15.0 to 1.15.1 in /install by @dependabot in #144
- build(deps): bump charset-normalizer from 2.0.12 to 2.1.0 in /install by @dependabot in #145
- build(deps): bump typing-extensions from 4.2.0 to 4.3.0 in /install by @dependabot in #146
- pyproject.toml: Pin
cryptographyto >= 3.1 to avoid incompatibilities by @tetsuo-cpp in #147 - _cli: Remove references to removed
--outputflag by @tetsuo-cpp in #148 - build(deps): bump cryptography from 37.0.3 to 37.0.4 in /install by @dependabot in #152
- README: Add info about
sigstore-pythonGitHub Action by @tetsuo-cpp in #154 - _cli: Create
--signatureand--certificatealiases for the--output-{signature,certificate}flags by @tetsuo-cpp in #153 - build(deps): bump urllib3 from 1.26.9 to 1.26.10 in /install by @dependabot in #156
- workflows/staging-tests: don't run on PRs by @woodruffw in #162
- Switch to Fulcio v2 API by @haydentherapper in #159
- pyproject: remove 'pem' dependency by @woodruffw in #163
- workflows/staging-tests: open an issue on failure by @woodruffw in #164
- fulcio: Fix lint by @tetsuo-cpp in #167
- Makefile: Make
lintexit non-zero with unstaged changes by @tetsuo-cpp in #169 - oidc, _cli: Add more detailed error messages when ambient credential detection fails in GitHub Actions by @tetsuo-cpp in #170
- Tweak linting target by @woodruffw in #171
- build(deps): bump urllib3 from 1.26.10 to 1.26.11 in /install by @dependabot in #172
- _verify: Create a new
X509Storefor eachverifycall by @tetsuo-cpp in #174 - More verification API tests by @woodruffw in #175
- Bump to 0.6.3 by @woodruffw in #176
New Contributors
- @haydentherapper made their first contribution in #159
Full Changelog: v0.6.2...v0.6.3
Contributors
woodruffw, haydentherapper, and 2 other contributors
Assets 8
Release 0.6.2
What's Changed
- build(deps): bump sigstore from 0.5.1 to 0.6.1 in /install by @dependabot in #134
- build(deps): bump certifi from 2022.5.18.1 to 2022.6.15 in /install by @dependabot in #135
- OAuth: more debug logs, configurable browser by @woodruffw in #136
- build(deps): bump cryptography from 37.0.2 to 37.0.3 in /install by @dependabot in #137
- sigstore: 0.6.2 by @woodruffw in #138
Full Changelog: v0.6.1...v0.6.2
Contributors
woodruffw and dependabot
Assets 8
Release 0.6.1
What's Changed
- cli: fix
--output-signatureand--output-certificateby @woodruffw in #133
Full Changelog: v0.6.0...v0.6.1
Contributors
woodruffw
Assets 8
Release 0.6.0
What's Changed
- build(deps): bump sigstore from 0.5.0 to 0.5.1 in /install by @dependabot in #119
- workflows: add staging-tests by @woodruffw in #121
- CLI: Add
--outputand--forceby @woodruffw in #125 - cli: replace
--outputwith--no-default-filesby @woodruffw in #128 - README: add signing examples by @woodruffw in #129
- build(deps): bump requests from 2.27.1 to 2.28.0 in /install by @dependabot in #131
sigstore verify: support multiple inputs by @woodruffw in #130- sigstore: 0.6.0 by @woodruffw in #132
New Contributors
- @dependabot made their first contribution in #119
Full Changelog: v0.5.1...v0.6.0
Contributors
woodruffw and dependabot
Assets 2
v0.5.1
What's Changed
- Add a requirements file w/ hashes, and additional instructions for installing by @di in #114
- _cli, _verify: Add
--cert-oidc-issuerflag by @tetsuo-cpp in #112 - sigstore/verify: add more sigstore extension OIDs by @woodruffw in #117
- workflows/release: upload assets, dogfood verification by @woodruffw in #116
- sigstore: 0.5.1 by @woodruffw in #118
Full Changelog: v0.5.0...v0.5.1
Contributors
di, woodruffw, and tetsuo-cpp
Assets 8
Release 0.5.1rc2
10ab4f9
This commit was signed with the committer’s verified signature.
The key has expired.
woodruffw
William Woodruff
sigstore: 0.5.1rc2 Signed-off-by: William Woodruff <[email protected]>
Release 0.5.1rc1
4d0c9f1
This commit was signed with the committer’s verified signature.
The key has expired.
woodruffw
William Woodruff
workflows/release: put sigs and certs in their own directory To avoid confusing twine. Signed-off-by: William Woodruff <[email protected]>