Skip to content

v2.0.0rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@woodruffw woodruffw released this 23 Jun 14:03
· 391 commits to main since this release
v2.0.0rc1
2c132f4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

  • CHANGELOG: fix link by @woodruffw in #622
  • build(deps): bump actions/setup-python from 4.5.0 to 4.6.0 by @dependabot in #617
  • build(deps): bump actions/deploy-pages from 2.0.0 to 2.0.1 by @dependabot in #615
  • build(deps): bump github/codeql-action from 2.2.11 to 2.3.0 by @dependabot in #619
  • build(deps): bump actions/checkout from 3.5.1 to 3.5.2 by @dependabot in #613
  • build(deps-dev): update ruff requirement from <0.0.262 to <0.0.263 by @dependabot in #618
  • tuf: embed trusted root target by @tnytown in #611
  • Update pinned requirements for v1.1.2 by @github-actions in #624
  • _cli: emit only sigstore bundle by default by @tnytown in #614
  • tuf: remove non-trusted-root handling paths by @woodruffw in #626
  • build(deps-dev): update ruff requirement from <0.0.263 to <0.0.264 by @dependabot in #631
  • _cli: implement --output-directory by @tnytown in #627
  • workflows: bump sigstore-conformance by @woodruffw in #637
  • conformance: remove old id-token permission by @woodruffw in #639
  • build(deps): bump github/codeql-action from 2.3.0 to 2.3.2 by @dependabot in #640
  • workflows: Remove id-token: write permission by @tetsuo-cpp in #638
  • sigstore: fix detect_credential signature by @woodruffw in #641
  • cli: Remove default subcommand hack by @woodruffw in #642
  • verify: fix timerange inclusion check by @woodruffw in #633
  • build(deps): bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 by @dependabot in #643
  • build(deps-dev): update ruff requirement from <0.0.264 to <0.0.265 by @dependabot in #644
  • build(deps): bump pypa/gh-action-pypi-publish from 1.8.5 to 1.8.6 by @dependabot in #646
  • build(deps): bump github/codeql-action from 2.3.2 to 2.3.3 by @dependabot in #647
  • build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.2 by @dependabot in #648
  • Root hash signature verification v2 by @tnytown in #634
  • build(deps-dev): update ruff requirement from <0.0.265 to <0.0.266 by @dependabot in #649
  • build(deps-dev): bump tuf from 2.1.0 to 3.0.0 by @dependabot in #650
  • build(deps-dev): bump pyjwt from 2.6.0 to 2.7.0 by @dependabot in #651
  • build(deps-dev): update ruff requirement from <0.0.266 to <0.0.270 by @dependabot in #655
  • sigstore: ratchet down the bundle certs by @woodruffw in #632
  • sigstore: refactor, use IdentityToken everywhere by @woodruffw in #635
  • build(deps): bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0 by @dependabot in #652
  • build(deps): bump actions/setup-python from 4.6.0 to 4.6.1 by @dependabot in #657
  • build(deps): bump github/codeql-action from 2.3.3 to 2.3.5 by @dependabot in #659
  • build(deps-dev): update ruff requirement from <0.0.270 to <0.0.271 by @dependabot in #660
  • build(deps): bump github/codeql-action from 2.3.5 to 2.3.6 by @dependabot in #664
  • Add option to sign multiple artifacts with the same key and certificate by @mayaCostantini in #645
  • workflows: debug staging-tests by @woodruffw in #669
  • build(deps-dev): update ruff requirement from <0.0.271 to <0.0.272 by @dependabot in #671
  • build(deps): bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 by @dependabot in #670
  • sign: switch to P-256 by @woodruffw in #662
  • sign: switch another keysite to P-256 by @woodruffw in #673
  • feat: Add --oauth-force-oob CLI option by @laurentsimon in #667
  • build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #677
  • build(deps): bump github/codeql-action from 2.3.6 to 2.13.4 by @dependabot in #676
  • build(deps-dev): update ruff requirement from <0.0.272 to <0.0.273 by @dependabot in #675
  • build(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 by @dependabot in #679
  • build(deps): bump actions/upload-pages-artifact from 1.0.8 to 1.0.9 by @dependabot in #681
  • build(deps): bump actions/deploy-pages from 2.0.1 to 2.0.2 by @dependabot in #678
  • build(deps-dev): update ruff requirement from <0.0.273 to <0.0.275 by @dependabot in #683
  • sigstore: 2.0.0rc1 by @tetsuo-cpp in #685

New Contributors

  • @github-actions made their first contribution in #624
  • @laurentsimon made their first contribution in #667

Full Changelog: v1.1.2...v2.0.0rc1

Contributors

woodruffw, tnytown, and 4 other contributors
Assets 11
Loading