diff --git a/.changeset/beige-keys-appear.md b/.changeset/beige-keys-appear.md deleted file mode 100644 index 4108600da..000000000 --- a/.changeset/beige-keys-appear.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/verify': minor ---- - -Export `VerificationPolicy` type diff --git a/.changeset/friendly-toes-end.md b/.changeset/friendly-toes-end.md deleted file mode 100644 index 1ef4a0ff6..000000000 --- a/.changeset/friendly-toes-end.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/core": patch ---- - -Bug fix for parsing ASN.1 date/time values which include milliseconds diff --git a/.changeset/fuzzy-files-cross.md b/.changeset/fuzzy-files-cross.md deleted file mode 100644 index 1838ae1e4..000000000 --- a/.changeset/fuzzy-files-cross.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/cli': minor ---- - -Add most verify options to `sigstore verify` subcommand diff --git a/.changeset/gold-walls-smoke.md b/.changeset/gold-walls-smoke.md deleted file mode 100644 index a845151cc..000000000 --- a/.changeset/gold-walls-smoke.md +++ /dev/null @@ -1,2 +0,0 @@ ---- ---- diff --git a/.changeset/healthy-walls-raise.md b/.changeset/healthy-walls-raise.md deleted file mode 100644 index f780565b6..000000000 --- a/.changeset/healthy-walls-raise.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/core": minor ---- - -Add support for parsing RFC3161 signed timestamps diff --git a/.changeset/khaki-chefs-smile.md b/.changeset/khaki-chefs-smile.md deleted file mode 100644 index d77aa5f5f..000000000 --- a/.changeset/khaki-chefs-smile.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/core": patch ---- - -Add more checks to the `RFC3161Timestamp.verify` method diff --git a/.changeset/lemon-eggs-admire.md b/.changeset/lemon-eggs-admire.md deleted file mode 100644 index adfd5f00d..000000000 --- a/.changeset/lemon-eggs-admire.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/bundle': patch ---- - -Update `bundleFromJSON` to perform full bundle validation diff --git a/.changeset/little-toes-live.md b/.changeset/little-toes-live.md deleted file mode 100644 index a845151cc..000000000 --- a/.changeset/little-toes-live.md +++ /dev/null @@ -1,2 +0,0 @@ ---- ---- diff --git a/.changeset/neat-poems-itch.md b/.changeset/neat-poems-itch.md deleted file mode 100644 index 860d29a07..000000000 --- a/.changeset/neat-poems-itch.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/core': minor ---- - -add `encoding` and `dsse` utility modules diff --git a/.changeset/nine-donuts-marry.md b/.changeset/nine-donuts-marry.md deleted file mode 100644 index 95ab89cf8..000000000 --- a/.changeset/nine-donuts-marry.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Introduce intermediate certificate for issuing RFC3161 timestamps diff --git a/.changeset/orange-snakes-give.md b/.changeset/orange-snakes-give.md deleted file mode 100644 index c7d4bd149..000000000 --- a/.changeset/orange-snakes-give.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Bump @peculiar/x509 from 1.9.5 to 1.9.6 diff --git a/.changeset/plenty-glasses-chew.md b/.changeset/plenty-glasses-chew.md deleted file mode 100644 index 1fa206d38..000000000 --- a/.changeset/plenty-glasses-chew.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/verify": patch ---- - -Read RFC3161 timestamps during verification diff --git a/.changeset/popular-eagles-explain.md b/.changeset/popular-eagles-explain.md deleted file mode 100644 index a845151cc..000000000 --- a/.changeset/popular-eagles-explain.md +++ /dev/null @@ -1,2 +0,0 @@ ---- ---- diff --git a/.changeset/rude-meals-tap.md b/.changeset/rude-meals-tap.md deleted file mode 100644 index e18372627..000000000 --- a/.changeset/rude-meals-tap.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Remove extra level of OCTET STRING nesting in mocked RFC3161 timestamp response diff --git a/.changeset/selfish-ants-exercise.md b/.changeset/selfish-ants-exercise.md deleted file mode 100644 index f225b0501..000000000 --- a/.changeset/selfish-ants-exercise.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/verify': minor ---- - -Add support for verifying identity of certificate issuer diff --git a/.changeset/shaggy-hotels-cheat.md b/.changeset/shaggy-hotels-cheat.md deleted file mode 100644 index 78fcd6269..000000000 --- a/.changeset/shaggy-hotels-cheat.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/verify": patch ---- - -Expose public `signature` property on `SignatureContent` interface diff --git a/.changeset/shy-cameras-carry.md b/.changeset/shy-cameras-carry.md deleted file mode 100644 index ca9d905a5..000000000 --- a/.changeset/shy-cameras-carry.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'sigstore': patch ---- - -Integrate `@sigstore/verify` package diff --git a/.changeset/slimy-apricots-look.md b/.changeset/slimy-apricots-look.md deleted file mode 100644 index 06d067fa9..000000000 --- a/.changeset/slimy-apricots-look.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/conformance": minor ---- - -Updates the `verify-bundle` subcommand with support for a new `--trusted-root` flag diff --git a/.changeset/spicy-kiwis-scream.md b/.changeset/spicy-kiwis-scream.md deleted file mode 100644 index a57dd7414..000000000 --- a/.changeset/spicy-kiwis-scream.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Bump jose from 5.1.3 to 5.2.0 diff --git a/.changeset/swift-balloons-pay.md b/.changeset/swift-balloons-pay.md deleted file mode 100644 index 4c5b9a71a..000000000 --- a/.changeset/swift-balloons-pay.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/verify': minor ---- - -Extract verification code into dedicated package diff --git a/.changeset/tasty-years-sneeze.md b/.changeset/tasty-years-sneeze.md deleted file mode 100644 index 2e94a1a26..000000000 --- a/.changeset/tasty-years-sneeze.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/cli": patch ---- - -Bump openid-client from 5.6.1 to 5.6.2 diff --git a/.changeset/tough-adults-sing.md b/.changeset/tough-adults-sing.md deleted file mode 100644 index 3f260f34d..000000000 --- a/.changeset/tough-adults-sing.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/core": patch ---- - -Ensure the `isCA` value for the `X509BasicConstraintsExtension` defaults to `false` if no other value is present diff --git a/.changeset/tricky-mails-shop.md b/.changeset/tricky-mails-shop.md deleted file mode 100644 index 8880e854a..000000000 --- a/.changeset/tricky-mails-shop.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -'sigstore': patch -'@sigstore/sign': patch ---- - -Integrate `@sigstore/core` package diff --git a/.changeset/tricky-mirrors-itch.md b/.changeset/tricky-mirrors-itch.md deleted file mode 100644 index a845151cc..000000000 --- a/.changeset/tricky-mirrors-itch.md +++ /dev/null @@ -1,2 +0,0 @@ ---- ---- diff --git a/.changeset/tricky-owls-relax.md b/.changeset/tricky-owls-relax.md deleted file mode 100644 index fddea28a9..000000000 --- a/.changeset/tricky-owls-relax.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Fix encoding for TSA-issued timestamps diff --git a/.changeset/wicked-tools-shop.md b/.changeset/wicked-tools-shop.md deleted file mode 100644 index 2e8cb3f4a..000000000 --- a/.changeset/wicked-tools-shop.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/verify': patch ---- - -Fix logic to extract issuer from Fulcio certificate diff --git a/packages/bundle/CHANGELOG.md b/packages/bundle/CHANGELOG.md index 8080160e4..98515bc13 100644 --- a/packages/bundle/CHANGELOG.md +++ b/packages/bundle/CHANGELOG.md @@ -1,5 +1,11 @@ # @sigstore/bundle +## 2.1.1 + +### Patch Changes + +- 57bec90: Update `bundleFromJSON` to perform full bundle validation + ## 2.1.0 ### Minor Changes diff --git a/packages/bundle/package.json b/packages/bundle/package.json index 7e26efa11..152271bdf 100644 --- a/packages/bundle/package.json +++ b/packages/bundle/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/bundle", - "version": "2.1.0", + "version": "2.1.1", "description": "Sigstore bundle type", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/packages/cli/CHANGELOG.md b/packages/cli/CHANGELOG.md index fbd7ccd44..6d20da95c 100644 --- a/packages/cli/CHANGELOG.md +++ b/packages/cli/CHANGELOG.md @@ -1,5 +1,18 @@ # @sigstore/cli +## 0.6.0 + +### Minor Changes + +- c949aa7: Add most verify options to `sigstore verify` subcommand + +### Patch Changes + +- 9318c9c: Bump openid-client from 5.6.1 to 5.6.2 +- Updated dependencies [af76b1d] +- Updated dependencies [34c3856] + - sigstore@2.1.1 + ## 0.5.0 ### Minor Changes diff --git a/packages/cli/package.json b/packages/cli/package.json index 3b8c099d6..47e959ea4 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/cli", - "version": "0.5.0", + "version": "0.6.0", "description": "Sigstore CLI", "author": "Brian DeHamer @bdehamer", "license": "Apache-2.0", @@ -37,7 +37,7 @@ "@oclif/plugin-help": "^6", "open": "^8.4.2", "openid-client": "^5.6.2", - "sigstore": "^2.1.0" + "sigstore": "^2.1.1" }, "devDependencies": { "make-fetch-happen": "^13.0.0", diff --git a/packages/client/CHANGELOG.md b/packages/client/CHANGELOG.md index 5ad2836e9..6ebea6e42 100644 --- a/packages/client/CHANGELOG.md +++ b/packages/client/CHANGELOG.md @@ -1,5 +1,29 @@ # sigstore +## 2.1.1 + +### Patch Changes + +- af76b1d: Integrate `@sigstore/verify` package +- 34c3856: Integrate `@sigstore/core` package +- Updated dependencies [bf1d432] +- Updated dependencies [6cdf7ef] +- Updated dependencies [6869511] +- Updated dependencies [6a6bfbc] +- Updated dependencies [57bec90] +- Updated dependencies [34c3856] +- Updated dependencies [29a25e5] +- Updated dependencies [afb08f6] +- Updated dependencies [45903bc] +- Updated dependencies [6f9c662] +- Updated dependencies [922a1be] +- Updated dependencies [34c3856] +- Updated dependencies [e5f1875] + - @sigstore/verify@0.1.0 + - @sigstore/core@0.2.0 + - @sigstore/bundle@2.1.1 + - @sigstore/sign@2.2.1 + ## 2.1.0 ### Minor Changes diff --git a/packages/client/package.json b/packages/client/package.json index 661269301..410863481 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -1,6 +1,6 @@ { "name": "sigstore", - "version": "2.1.0", + "version": "2.1.1", "description": "code-signing for npm packages", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -29,17 +29,17 @@ "devDependencies": { "@sigstore/rekor-types": "^2.0.0", "@sigstore/jest": "^0.0.0", - "@sigstore/mock": "^0.6.0", + "@sigstore/mock": "^0.6.3", "@tufjs/repo-mock": "^2.0.0", "@types/make-fetch-happen": "^10.0.4" }, "dependencies": { - "@sigstore/bundle": "^2.1.0", - "@sigstore/core": "^0.1.0", + "@sigstore/bundle": "^2.1.1", + "@sigstore/core": "^0.2.0", "@sigstore/protobuf-specs": "^0.2.1", - "@sigstore/sign": "^2.1.0", + "@sigstore/sign": "^2.2.1", "@sigstore/tuf": "^2.2.0", - "@sigstore/verify": "^0.0.0" + "@sigstore/verify": "^0.1.0" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/packages/conformance/CHANGELOG.md b/packages/conformance/CHANGELOG.md index b40dc9367..78b0a1b29 100644 --- a/packages/conformance/CHANGELOG.md +++ b/packages/conformance/CHANGELOG.md @@ -1,5 +1,26 @@ # @sigstore/conformance +## 0.2.0 + +### Minor Changes + +- 8af9f04: Updates the `verify-bundle` subcommand with support for a new `--trusted-root` flag + +### Patch Changes + +- Updated dependencies [bf1d432] +- Updated dependencies [57bec90] +- Updated dependencies [29a25e5] +- Updated dependencies [afb08f6] +- Updated dependencies [45903bc] +- Updated dependencies [af76b1d] +- Updated dependencies [6f9c662] +- Updated dependencies [34c3856] +- Updated dependencies [e5f1875] + - @sigstore/verify@0.1.0 + - @sigstore/bundle@2.1.1 + - sigstore@2.1.1 + ## 0.1.0 ### Minor Changes diff --git a/packages/conformance/package.json b/packages/conformance/package.json index c4aa440aa..78b42ff25 100644 --- a/packages/conformance/package.json +++ b/packages/conformance/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/conformance", - "version": "0.1.0", + "version": "0.2.0", "private": "true", "description": "Sigstore Conformance Test CLI", "bin": { @@ -18,10 +18,10 @@ }, "dependencies": { "@oclif/core": "^3", - "@sigstore/bundle": "^2.1.0", + "@sigstore/bundle": "^2.1.1", "@sigstore/protobuf-specs": "^0.2.1", - "@sigstore/verify": "^0.0.0", - "sigstore": "^2.0.0" + "@sigstore/verify": "^0.1.0", + "sigstore": "^2.1.1" }, "devDependencies": { "oclif": "^4", diff --git a/packages/core/CHANGELOG.md b/packages/core/CHANGELOG.md index 7846c6182..c3d9b3a55 100644 --- a/packages/core/CHANGELOG.md +++ b/packages/core/CHANGELOG.md @@ -1,5 +1,18 @@ # @sigstore/core +## 0.2.0 + +### Minor Changes + +- 6869511: Add support for parsing RFC3161 signed timestamps +- 34c3856: add `encoding` and `dsse` utility modules + +### Patch Changes + +- 6cdf7ef: Bug fix for parsing ASN.1 date/time values which include milliseconds +- 6a6bfbc: Add more checks to the `RFC3161Timestamp.verify` method +- 922a1be: Ensure the `isCA` value for the `X509BasicConstraintsExtension` defaults to `false` if no other value is present + ## 0.1.0 ### Minor Changes diff --git a/packages/core/package.json b/packages/core/package.json index b1c646218..08a320347 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/core", - "version": "0.1.0", + "version": "0.2.0", "description": "Base library for Sigstore", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/packages/mock/CHANGELOG.md b/packages/mock/CHANGELOG.md index f4543f0d1..4bb1143e0 100644 --- a/packages/mock/CHANGELOG.md +++ b/packages/mock/CHANGELOG.md @@ -1,5 +1,15 @@ # @sigstore/mock +## 0.6.3 + +### Patch Changes + +- 123389f: Introduce intermediate certificate for issuing RFC3161 timestamps +- 8cbcd04: Bump @peculiar/x509 from 1.9.5 to 1.9.6 +- 2dd55a0: Remove extra level of OCTET STRING nesting in mocked RFC3161 timestamp response +- 9318c9c: Bump jose from 5.1.3 to 5.2.0 +- 123389f: Fix encoding for TSA-issued timestamps + ## 0.6.2 ### Patch Changes diff --git a/packages/mock/package.json b/packages/mock/package.json index 2527c9903..bcd6f509d 100644 --- a/packages/mock/package.json +++ b/packages/mock/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/mock", - "version": "0.6.2", + "version": "0.6.3", "description": "Mocked version of the Sigstore services", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/packages/sign/CHANGELOG.md b/packages/sign/CHANGELOG.md index ba1d28dc4..b2f13f2ef 100644 --- a/packages/sign/CHANGELOG.md +++ b/packages/sign/CHANGELOG.md @@ -1,5 +1,19 @@ # @sigstore/sign +## 2.2.1 + +### Patch Changes + +- 34c3856: Integrate `@sigstore/core` package +- Updated dependencies [6cdf7ef] +- Updated dependencies [6869511] +- Updated dependencies [6a6bfbc] +- Updated dependencies [57bec90] +- Updated dependencies [34c3856] +- Updated dependencies [922a1be] + - @sigstore/core@0.2.0 + - @sigstore/bundle@2.1.1 + ## 2.2.0 ### Minor Changes diff --git a/packages/sign/package.json b/packages/sign/package.json index 2c2099968..5f330b58c 100644 --- a/packages/sign/package.json +++ b/packages/sign/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/sign", - "version": "2.2.0", + "version": "2.2.1", "description": "Sigstore signing library", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -27,13 +27,13 @@ }, "devDependencies": { "@sigstore/jest": "^0.0.0", - "@sigstore/mock": "^0.6.0", + "@sigstore/mock": "^0.6.3", "@sigstore/rekor-types": "^2.0.0", "@types/make-fetch-happen": "^10.0.4" }, "dependencies": { - "@sigstore/bundle": "^2.1.0", - "@sigstore/core": "^0.1.0", + "@sigstore/bundle": "^2.1.1", + "@sigstore/core": "^0.2.0", "@sigstore/protobuf-specs": "^0.2.1", "make-fetch-happen": "^13.0.0" }, diff --git a/packages/verify/CHANGELOG.md b/packages/verify/CHANGELOG.md new file mode 100644 index 000000000..478ac5444 --- /dev/null +++ b/packages/verify/CHANGELOG.md @@ -0,0 +1,23 @@ +# @sigstore/verify + +## 0.1.0 + +### Minor Changes + +- bf1d432: Export `VerificationPolicy` type +- afb08f6: Add support for verifying identity of certificate issuer +- 6f9c662: Extract verification code into dedicated package + +### Patch Changes + +- 29a25e5: Read RFC3161 timestamps during verification +- 45903bc: Expose public `signature` property on `SignatureContent` interface +- e5f1875: Fix logic to extract issuer from Fulcio certificate +- Updated dependencies [6cdf7ef] +- Updated dependencies [6869511] +- Updated dependencies [6a6bfbc] +- Updated dependencies [57bec90] +- Updated dependencies [34c3856] +- Updated dependencies [922a1be] + - @sigstore/core@0.2.0 + - @sigstore/bundle@2.1.1 diff --git a/packages/verify/package.json b/packages/verify/package.json index 0bd610220..74cd532ec 100644 --- a/packages/verify/package.json +++ b/packages/verify/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/verify", - "version": "0.0.0", + "version": "0.1.0", "description": "Verification of Sigstore signatures", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -27,8 +27,8 @@ }, "dependencies": { "@sigstore/protobuf-specs": "^0.2.1", - "@sigstore/bundle": "^2.1.0", - "@sigstore/core": "^0.1.0" + "@sigstore/bundle": "^2.1.1", + "@sigstore/core": "^0.2.0" }, "engines": { "node": "^16.14.0 || >=18.0.0"