From bca69a671dce4e6aad44a1a959ee8d4aaa3143f6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 11 Jan 2024 23:44:55 +0000 Subject: [PATCH] Version Packages --- .changeset/beige-keys-appear.md | 5 ----- .changeset/friendly-toes-end.md | 5 ----- .changeset/fuzzy-files-cross.md | 5 ----- .changeset/gold-walls-smoke.md | 2 -- .changeset/healthy-walls-raise.md | 5 ----- .changeset/khaki-chefs-smile.md | 5 ----- .changeset/lemon-eggs-admire.md | 5 ----- .changeset/little-toes-live.md | 2 -- .changeset/long-jobs-explain.md | 5 ----- .changeset/neat-gorillas-eat.md | 5 ----- .changeset/neat-poems-itch.md | 5 ----- .changeset/new-birds-hide.md | 5 ----- .changeset/nine-donuts-marry.md | 5 ----- .changeset/orange-snakes-give.md | 5 ----- .changeset/plenty-glasses-chew.md | 5 ----- .changeset/polite-numbers-wait.md | 5 ----- .changeset/poor-radios-sleep.md | 5 ----- .changeset/popular-eagles-explain.md | 2 -- .changeset/rude-meals-tap.md | 5 ----- .changeset/selfish-ants-exercise.md | 5 ----- .changeset/shaggy-hotels-cheat.md | 5 ----- .changeset/sharp-rabbits-fix.md | 5 ----- .changeset/shy-cameras-carry.md | 5 ----- .changeset/slimy-apricots-look.md | 5 ----- .changeset/smooth-rice-remember.md | 5 ----- .changeset/spicy-kiwis-scream.md | 5 ----- .changeset/swift-balloons-pay.md | 5 ----- .changeset/tasty-years-sneeze.md | 5 ----- .changeset/tough-adults-sing.md | 5 ----- .changeset/tricky-mails-shop.md | 6 ----- .changeset/tricky-mirrors-itch.md | 2 -- .changeset/tricky-owls-relax.md | 5 ----- .changeset/wicked-tools-shop.md | 5 ----- .changeset/yellow-phones-know.md | 5 ----- packages/bundle/CHANGELOG.md | 6 +++++ packages/bundle/package.json | 2 +- packages/cli/CHANGELOG.md | 17 ++++++++++++++ packages/cli/package.json | 4 ++-- packages/client/CHANGELOG.md | 33 ++++++++++++++++++++++++++++ packages/client/package.json | 14 ++++++------ packages/conformance/CHANGELOG.md | 23 +++++++++++++++++++ packages/conformance/package.json | 8 +++---- packages/core/CHANGELOG.md | 13 +++++++++++ packages/core/package.json | 2 +- packages/mock/CHANGELOG.md | 10 +++++++++ packages/mock/package.json | 2 +- packages/sign/CHANGELOG.md | 14 ++++++++++++ packages/sign/package.json | 8 +++---- packages/tuf/CHANGELOG.md | 11 ++++++++++ packages/tuf/package.json | 2 +- packages/verify/CHANGELOG.md | 24 ++++++++++++++++++++ packages/verify/package.json | 6 ++--- 52 files changed, 175 insertions(+), 183 deletions(-) delete mode 100644 .changeset/beige-keys-appear.md delete mode 100644 .changeset/friendly-toes-end.md delete mode 100644 .changeset/fuzzy-files-cross.md delete mode 100644 .changeset/gold-walls-smoke.md delete mode 100644 .changeset/healthy-walls-raise.md delete mode 100644 .changeset/khaki-chefs-smile.md delete mode 100644 .changeset/lemon-eggs-admire.md delete mode 100644 .changeset/little-toes-live.md delete mode 100644 .changeset/long-jobs-explain.md delete mode 100644 .changeset/neat-gorillas-eat.md delete mode 100644 .changeset/neat-poems-itch.md delete mode 100644 .changeset/new-birds-hide.md delete mode 100644 .changeset/nine-donuts-marry.md delete mode 100644 .changeset/orange-snakes-give.md delete mode 100644 .changeset/plenty-glasses-chew.md delete mode 100644 .changeset/polite-numbers-wait.md delete mode 100644 .changeset/poor-radios-sleep.md delete mode 100644 .changeset/popular-eagles-explain.md delete mode 100644 .changeset/rude-meals-tap.md delete mode 100644 .changeset/selfish-ants-exercise.md delete mode 100644 .changeset/shaggy-hotels-cheat.md delete mode 100644 .changeset/sharp-rabbits-fix.md delete mode 100644 .changeset/shy-cameras-carry.md delete mode 100644 .changeset/slimy-apricots-look.md delete mode 100644 .changeset/smooth-rice-remember.md delete mode 100644 .changeset/spicy-kiwis-scream.md delete mode 100644 .changeset/swift-balloons-pay.md delete mode 100644 .changeset/tasty-years-sneeze.md delete mode 100644 .changeset/tough-adults-sing.md delete mode 100644 .changeset/tricky-mails-shop.md delete mode 100644 .changeset/tricky-mirrors-itch.md delete mode 100644 .changeset/tricky-owls-relax.md delete mode 100644 .changeset/wicked-tools-shop.md delete mode 100644 .changeset/yellow-phones-know.md create mode 100644 packages/verify/CHANGELOG.md diff --git a/.changeset/beige-keys-appear.md b/.changeset/beige-keys-appear.md deleted file mode 100644 index 4108600da..000000000 --- a/.changeset/beige-keys-appear.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/verify': minor ---- - -Export `VerificationPolicy` type diff --git a/.changeset/friendly-toes-end.md b/.changeset/friendly-toes-end.md deleted file mode 100644 index 1ef4a0ff6..000000000 --- a/.changeset/friendly-toes-end.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/core": patch ---- - -Bug fix for parsing ASN.1 date/time values which include milliseconds diff --git a/.changeset/fuzzy-files-cross.md b/.changeset/fuzzy-files-cross.md deleted file mode 100644 index 1838ae1e4..000000000 --- a/.changeset/fuzzy-files-cross.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/cli': minor ---- - -Add most verify options to `sigstore verify` subcommand diff --git a/.changeset/gold-walls-smoke.md b/.changeset/gold-walls-smoke.md deleted file mode 100644 index a845151cc..000000000 --- a/.changeset/gold-walls-smoke.md +++ /dev/null @@ -1,2 +0,0 @@ ---- ---- diff --git a/.changeset/healthy-walls-raise.md b/.changeset/healthy-walls-raise.md deleted file mode 100644 index f780565b6..000000000 --- a/.changeset/healthy-walls-raise.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/core": minor ---- - -Add support for parsing RFC3161 signed timestamps diff --git a/.changeset/khaki-chefs-smile.md b/.changeset/khaki-chefs-smile.md deleted file mode 100644 index d77aa5f5f..000000000 --- a/.changeset/khaki-chefs-smile.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/core": patch ---- - -Add more checks to the `RFC3161Timestamp.verify` method diff --git a/.changeset/lemon-eggs-admire.md b/.changeset/lemon-eggs-admire.md deleted file mode 100644 index adfd5f00d..000000000 --- a/.changeset/lemon-eggs-admire.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/bundle': patch ---- - -Update `bundleFromJSON` to perform full bundle validation diff --git a/.changeset/little-toes-live.md b/.changeset/little-toes-live.md deleted file mode 100644 index a845151cc..000000000 --- a/.changeset/little-toes-live.md +++ /dev/null @@ -1,2 +0,0 @@ ---- ---- diff --git a/.changeset/long-jobs-explain.md b/.changeset/long-jobs-explain.md deleted file mode 100644 index 8de5501c9..000000000 --- a/.changeset/long-jobs-explain.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/cli": minor ---- - -Add `tuf-force-cache` flag to `verify` command diff --git a/.changeset/neat-gorillas-eat.md b/.changeset/neat-gorillas-eat.md deleted file mode 100644 index f372f514b..000000000 --- a/.changeset/neat-gorillas-eat.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/verify": minor ---- - -Enable verification of RFC3161 timestamps diff --git a/.changeset/neat-poems-itch.md b/.changeset/neat-poems-itch.md deleted file mode 100644 index 860d29a07..000000000 --- a/.changeset/neat-poems-itch.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/core': minor ---- - -add `encoding` and `dsse` utility modules diff --git a/.changeset/new-birds-hide.md b/.changeset/new-birds-hide.md deleted file mode 100644 index f8eceb155..000000000 --- a/.changeset/new-birds-hide.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/tuf": minor ---- - -Expose `forceCache` option for TUF client diff --git a/.changeset/nine-donuts-marry.md b/.changeset/nine-donuts-marry.md deleted file mode 100644 index 95ab89cf8..000000000 --- a/.changeset/nine-donuts-marry.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Introduce intermediate certificate for issuing RFC3161 timestamps diff --git a/.changeset/orange-snakes-give.md b/.changeset/orange-snakes-give.md deleted file mode 100644 index c7d4bd149..000000000 --- a/.changeset/orange-snakes-give.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Bump @peculiar/x509 from 1.9.5 to 1.9.6 diff --git a/.changeset/plenty-glasses-chew.md b/.changeset/plenty-glasses-chew.md deleted file mode 100644 index 1fa206d38..000000000 --- a/.changeset/plenty-glasses-chew.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/verify": patch ---- - -Read RFC3161 timestamps during verification diff --git a/.changeset/polite-numbers-wait.md b/.changeset/polite-numbers-wait.md deleted file mode 100644 index bfdda04fa..000000000 --- a/.changeset/polite-numbers-wait.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/cli": minor ---- - -Add `cache-path` flag to `initialize` command diff --git a/.changeset/poor-radios-sleep.md b/.changeset/poor-radios-sleep.md deleted file mode 100644 index a1b8bb020..000000000 --- a/.changeset/poor-radios-sleep.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"sigstore": minor ---- - -Add `tufForceCache` flag to `VerifyOptions` type diff --git a/.changeset/popular-eagles-explain.md b/.changeset/popular-eagles-explain.md deleted file mode 100644 index a845151cc..000000000 --- a/.changeset/popular-eagles-explain.md +++ /dev/null @@ -1,2 +0,0 @@ ---- ---- diff --git a/.changeset/rude-meals-tap.md b/.changeset/rude-meals-tap.md deleted file mode 100644 index e18372627..000000000 --- a/.changeset/rude-meals-tap.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Remove extra level of OCTET STRING nesting in mocked RFC3161 timestamp response diff --git a/.changeset/selfish-ants-exercise.md b/.changeset/selfish-ants-exercise.md deleted file mode 100644 index f225b0501..000000000 --- a/.changeset/selfish-ants-exercise.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/verify': minor ---- - -Add support for verifying identity of certificate issuer diff --git a/.changeset/shaggy-hotels-cheat.md b/.changeset/shaggy-hotels-cheat.md deleted file mode 100644 index 78fcd6269..000000000 --- a/.changeset/shaggy-hotels-cheat.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/verify": patch ---- - -Expose public `signature` property on `SignatureContent` interface diff --git a/.changeset/sharp-rabbits-fix.md b/.changeset/sharp-rabbits-fix.md deleted file mode 100644 index 484aa2513..000000000 --- a/.changeset/sharp-rabbits-fix.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/tuf": minor ---- - -Add support for caching metadata from multiple TUF repositories diff --git a/.changeset/shy-cameras-carry.md b/.changeset/shy-cameras-carry.md deleted file mode 100644 index ca9d905a5..000000000 --- a/.changeset/shy-cameras-carry.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'sigstore': patch ---- - -Integrate `@sigstore/verify` package diff --git a/.changeset/slimy-apricots-look.md b/.changeset/slimy-apricots-look.md deleted file mode 100644 index 06d067fa9..000000000 --- a/.changeset/slimy-apricots-look.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/conformance": minor ---- - -Updates the `verify-bundle` subcommand with support for a new `--trusted-root` flag diff --git a/.changeset/smooth-rice-remember.md b/.changeset/smooth-rice-remember.md deleted file mode 100644 index bd6292e4d..000000000 --- a/.changeset/smooth-rice-remember.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/cli": patch ---- - -Bump openid-client from 5.6.2 to 5.6.4 diff --git a/.changeset/spicy-kiwis-scream.md b/.changeset/spicy-kiwis-scream.md deleted file mode 100644 index a57dd7414..000000000 --- a/.changeset/spicy-kiwis-scream.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Bump jose from 5.1.3 to 5.2.0 diff --git a/.changeset/swift-balloons-pay.md b/.changeset/swift-balloons-pay.md deleted file mode 100644 index 4c5b9a71a..000000000 --- a/.changeset/swift-balloons-pay.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/verify': minor ---- - -Extract verification code into dedicated package diff --git a/.changeset/tasty-years-sneeze.md b/.changeset/tasty-years-sneeze.md deleted file mode 100644 index 2e94a1a26..000000000 --- a/.changeset/tasty-years-sneeze.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/cli": patch ---- - -Bump openid-client from 5.6.1 to 5.6.2 diff --git a/.changeset/tough-adults-sing.md b/.changeset/tough-adults-sing.md deleted file mode 100644 index 3f260f34d..000000000 --- a/.changeset/tough-adults-sing.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/core": patch ---- - -Ensure the `isCA` value for the `X509BasicConstraintsExtension` defaults to `false` if no other value is present diff --git a/.changeset/tricky-mails-shop.md b/.changeset/tricky-mails-shop.md deleted file mode 100644 index 8880e854a..000000000 --- a/.changeset/tricky-mails-shop.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -'sigstore': patch -'@sigstore/sign': patch ---- - -Integrate `@sigstore/core` package diff --git a/.changeset/tricky-mirrors-itch.md b/.changeset/tricky-mirrors-itch.md deleted file mode 100644 index a845151cc..000000000 --- a/.changeset/tricky-mirrors-itch.md +++ /dev/null @@ -1,2 +0,0 @@ ---- ---- diff --git a/.changeset/tricky-owls-relax.md b/.changeset/tricky-owls-relax.md deleted file mode 100644 index fddea28a9..000000000 --- a/.changeset/tricky-owls-relax.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/mock": patch ---- - -Fix encoding for TSA-issued timestamps diff --git a/.changeset/wicked-tools-shop.md b/.changeset/wicked-tools-shop.md deleted file mode 100644 index 2e8cb3f4a..000000000 --- a/.changeset/wicked-tools-shop.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'@sigstore/verify': patch ---- - -Fix logic to extract issuer from Fulcio certificate diff --git a/.changeset/yellow-phones-know.md b/.changeset/yellow-phones-know.md deleted file mode 100644 index 535b771db..000000000 --- a/.changeset/yellow-phones-know.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@sigstore/tuf": patch ---- - -Move TUF seeds into JSON file diff --git a/packages/bundle/CHANGELOG.md b/packages/bundle/CHANGELOG.md index 8080160e4..98515bc13 100644 --- a/packages/bundle/CHANGELOG.md +++ b/packages/bundle/CHANGELOG.md @@ -1,5 +1,11 @@ # @sigstore/bundle +## 2.1.1 + +### Patch Changes + +- 57bec90: Update `bundleFromJSON` to perform full bundle validation + ## 2.1.0 ### Minor Changes diff --git a/packages/bundle/package.json b/packages/bundle/package.json index 7e26efa11..152271bdf 100644 --- a/packages/bundle/package.json +++ b/packages/bundle/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/bundle", - "version": "2.1.0", + "version": "2.1.1", "description": "Sigstore bundle type", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/packages/cli/CHANGELOG.md b/packages/cli/CHANGELOG.md index fbd7ccd44..0d79c7f67 100644 --- a/packages/cli/CHANGELOG.md +++ b/packages/cli/CHANGELOG.md @@ -1,5 +1,22 @@ # @sigstore/cli +## 0.6.0 + +### Minor Changes + +- c949aa7: Add most verify options to `sigstore verify` subcommand +- 4089730: Add `tuf-force-cache` flag to `verify` command +- 4089730: Add `cache-path` flag to `initialize` command + +### Patch Changes + +- bfa5eeb: Bump openid-client from 5.6.2 to 5.6.4 +- 9318c9c: Bump openid-client from 5.6.1 to 5.6.2 +- Updated dependencies [4089730] +- Updated dependencies [af76b1d] +- Updated dependencies [34c3856] + - sigstore@2.2.0 + ## 0.5.0 ### Minor Changes diff --git a/packages/cli/package.json b/packages/cli/package.json index 5c28d4554..3db5f9892 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/cli", - "version": "0.5.0", + "version": "0.6.0", "description": "Sigstore CLI", "author": "Brian DeHamer @bdehamer", "license": "Apache-2.0", @@ -37,7 +37,7 @@ "@oclif/plugin-help": "^6", "open": "^8.4.2", "openid-client": "^5.6.4", - "sigstore": "^2.1.0" + "sigstore": "^2.2.0" }, "devDependencies": { "make-fetch-happen": "^13.0.0", diff --git a/packages/client/CHANGELOG.md b/packages/client/CHANGELOG.md index 5ad2836e9..052387434 100644 --- a/packages/client/CHANGELOG.md +++ b/packages/client/CHANGELOG.md @@ -1,5 +1,38 @@ # sigstore +## 2.2.0 + +### Minor Changes + +- 4089730: Add `tufForceCache` flag to `VerifyOptions` type + +### Patch Changes + +- af76b1d: Integrate `@sigstore/verify` package +- 34c3856: Integrate `@sigstore/core` package +- Updated dependencies [bf1d432] +- Updated dependencies [6cdf7ef] +- Updated dependencies [6869511] +- Updated dependencies [6a6bfbc] +- Updated dependencies [57bec90] +- Updated dependencies [08b7957] +- Updated dependencies [34c3856] +- Updated dependencies [f603e11] +- Updated dependencies [29a25e5] +- Updated dependencies [afb08f6] +- Updated dependencies [45903bc] +- Updated dependencies [4471a4d] +- Updated dependencies [6f9c662] +- Updated dependencies [922a1be] +- Updated dependencies [34c3856] +- Updated dependencies [e5f1875] +- Updated dependencies [da83e69] + - @sigstore/verify@0.1.0 + - @sigstore/core@0.2.0 + - @sigstore/bundle@2.1.1 + - @sigstore/tuf@2.3.0 + - @sigstore/sign@2.2.1 + ## 2.1.0 ### Minor Changes diff --git a/packages/client/package.json b/packages/client/package.json index 661269301..bbc619e3b 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -1,6 +1,6 @@ { "name": "sigstore", - "version": "2.1.0", + "version": "2.2.0", "description": "code-signing for npm packages", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -29,17 +29,17 @@ "devDependencies": { "@sigstore/rekor-types": "^2.0.0", "@sigstore/jest": "^0.0.0", - "@sigstore/mock": "^0.6.0", + "@sigstore/mock": "^0.6.3", "@tufjs/repo-mock": "^2.0.0", "@types/make-fetch-happen": "^10.0.4" }, "dependencies": { - "@sigstore/bundle": "^2.1.0", - "@sigstore/core": "^0.1.0", + "@sigstore/bundle": "^2.1.1", + "@sigstore/core": "^0.2.0", "@sigstore/protobuf-specs": "^0.2.1", - "@sigstore/sign": "^2.1.0", - "@sigstore/tuf": "^2.2.0", - "@sigstore/verify": "^0.0.0" + "@sigstore/sign": "^2.2.1", + "@sigstore/tuf": "^2.3.0", + "@sigstore/verify": "^0.1.0" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/packages/conformance/CHANGELOG.md b/packages/conformance/CHANGELOG.md index b40dc9367..d031c1b1d 100644 --- a/packages/conformance/CHANGELOG.md +++ b/packages/conformance/CHANGELOG.md @@ -1,5 +1,28 @@ # @sigstore/conformance +## 0.2.0 + +### Minor Changes + +- 8af9f04: Updates the `verify-bundle` subcommand with support for a new `--trusted-root` flag + +### Patch Changes + +- Updated dependencies [bf1d432] +- Updated dependencies [57bec90] +- Updated dependencies [08b7957] +- Updated dependencies [29a25e5] +- Updated dependencies [4089730] +- Updated dependencies [afb08f6] +- Updated dependencies [45903bc] +- Updated dependencies [af76b1d] +- Updated dependencies [6f9c662] +- Updated dependencies [34c3856] +- Updated dependencies [e5f1875] + - @sigstore/verify@0.1.0 + - @sigstore/bundle@2.1.1 + - sigstore@2.2.0 + ## 0.1.0 ### Minor Changes diff --git a/packages/conformance/package.json b/packages/conformance/package.json index c4aa440aa..f6b7a27ff 100644 --- a/packages/conformance/package.json +++ b/packages/conformance/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/conformance", - "version": "0.1.0", + "version": "0.2.0", "private": "true", "description": "Sigstore Conformance Test CLI", "bin": { @@ -18,10 +18,10 @@ }, "dependencies": { "@oclif/core": "^3", - "@sigstore/bundle": "^2.1.0", + "@sigstore/bundle": "^2.1.1", "@sigstore/protobuf-specs": "^0.2.1", - "@sigstore/verify": "^0.0.0", - "sigstore": "^2.0.0" + "@sigstore/verify": "^0.1.0", + "sigstore": "^2.2.0" }, "devDependencies": { "oclif": "^4", diff --git a/packages/core/CHANGELOG.md b/packages/core/CHANGELOG.md index 7846c6182..c3d9b3a55 100644 --- a/packages/core/CHANGELOG.md +++ b/packages/core/CHANGELOG.md @@ -1,5 +1,18 @@ # @sigstore/core +## 0.2.0 + +### Minor Changes + +- 6869511: Add support for parsing RFC3161 signed timestamps +- 34c3856: add `encoding` and `dsse` utility modules + +### Patch Changes + +- 6cdf7ef: Bug fix for parsing ASN.1 date/time values which include milliseconds +- 6a6bfbc: Add more checks to the `RFC3161Timestamp.verify` method +- 922a1be: Ensure the `isCA` value for the `X509BasicConstraintsExtension` defaults to `false` if no other value is present + ## 0.1.0 ### Minor Changes diff --git a/packages/core/package.json b/packages/core/package.json index b1c646218..08a320347 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/core", - "version": "0.1.0", + "version": "0.2.0", "description": "Base library for Sigstore", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/packages/mock/CHANGELOG.md b/packages/mock/CHANGELOG.md index f4543f0d1..4bb1143e0 100644 --- a/packages/mock/CHANGELOG.md +++ b/packages/mock/CHANGELOG.md @@ -1,5 +1,15 @@ # @sigstore/mock +## 0.6.3 + +### Patch Changes + +- 123389f: Introduce intermediate certificate for issuing RFC3161 timestamps +- 8cbcd04: Bump @peculiar/x509 from 1.9.5 to 1.9.6 +- 2dd55a0: Remove extra level of OCTET STRING nesting in mocked RFC3161 timestamp response +- 9318c9c: Bump jose from 5.1.3 to 5.2.0 +- 123389f: Fix encoding for TSA-issued timestamps + ## 0.6.2 ### Patch Changes diff --git a/packages/mock/package.json b/packages/mock/package.json index 2527c9903..bcd6f509d 100644 --- a/packages/mock/package.json +++ b/packages/mock/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/mock", - "version": "0.6.2", + "version": "0.6.3", "description": "Mocked version of the Sigstore services", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/packages/sign/CHANGELOG.md b/packages/sign/CHANGELOG.md index ba1d28dc4..b2f13f2ef 100644 --- a/packages/sign/CHANGELOG.md +++ b/packages/sign/CHANGELOG.md @@ -1,5 +1,19 @@ # @sigstore/sign +## 2.2.1 + +### Patch Changes + +- 34c3856: Integrate `@sigstore/core` package +- Updated dependencies [6cdf7ef] +- Updated dependencies [6869511] +- Updated dependencies [6a6bfbc] +- Updated dependencies [57bec90] +- Updated dependencies [34c3856] +- Updated dependencies [922a1be] + - @sigstore/core@0.2.0 + - @sigstore/bundle@2.1.1 + ## 2.2.0 ### Minor Changes diff --git a/packages/sign/package.json b/packages/sign/package.json index 2c2099968..5f330b58c 100644 --- a/packages/sign/package.json +++ b/packages/sign/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/sign", - "version": "2.2.0", + "version": "2.2.1", "description": "Sigstore signing library", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -27,13 +27,13 @@ }, "devDependencies": { "@sigstore/jest": "^0.0.0", - "@sigstore/mock": "^0.6.0", + "@sigstore/mock": "^0.6.3", "@sigstore/rekor-types": "^2.0.0", "@types/make-fetch-happen": "^10.0.4" }, "dependencies": { - "@sigstore/bundle": "^2.1.0", - "@sigstore/core": "^0.1.0", + "@sigstore/bundle": "^2.1.1", + "@sigstore/core": "^0.2.0", "@sigstore/protobuf-specs": "^0.2.1", "make-fetch-happen": "^13.0.0" }, diff --git a/packages/tuf/CHANGELOG.md b/packages/tuf/CHANGELOG.md index 79072d439..f2ee9d538 100644 --- a/packages/tuf/CHANGELOG.md +++ b/packages/tuf/CHANGELOG.md @@ -1,5 +1,16 @@ # @sigstore/tuf +## 2.3.0 + +### Minor Changes + +- f603e11: Expose `forceCache` option for TUF client +- 4471a4d: Add support for caching metadata from multiple TUF repositories + +### Patch Changes + +- da83e69: Move TUF seeds into JSON file + ## 2.2.0 ### Minor Changes diff --git a/packages/tuf/package.json b/packages/tuf/package.json index 1da71e1db..62ab3f4d4 100644 --- a/packages/tuf/package.json +++ b/packages/tuf/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/tuf", - "version": "2.2.0", + "version": "2.3.0", "description": "Client for the Sigstore TUF repository", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/packages/verify/CHANGELOG.md b/packages/verify/CHANGELOG.md new file mode 100644 index 000000000..7e34f9aa9 --- /dev/null +++ b/packages/verify/CHANGELOG.md @@ -0,0 +1,24 @@ +# @sigstore/verify + +## 0.1.0 + +### Minor Changes + +- bf1d432: Export `VerificationPolicy` type +- 08b7957: Enable verification of RFC3161 timestamps +- afb08f6: Add support for verifying identity of certificate issuer +- 6f9c662: Extract verification code into dedicated package + +### Patch Changes + +- 29a25e5: Read RFC3161 timestamps during verification +- 45903bc: Expose public `signature` property on `SignatureContent` interface +- e5f1875: Fix logic to extract issuer from Fulcio certificate +- Updated dependencies [6cdf7ef] +- Updated dependencies [6869511] +- Updated dependencies [6a6bfbc] +- Updated dependencies [57bec90] +- Updated dependencies [34c3856] +- Updated dependencies [922a1be] + - @sigstore/core@0.2.0 + - @sigstore/bundle@2.1.1 diff --git a/packages/verify/package.json b/packages/verify/package.json index 0bd610220..74cd532ec 100644 --- a/packages/verify/package.json +++ b/packages/verify/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/verify", - "version": "0.0.0", + "version": "0.1.0", "description": "Verification of Sigstore signatures", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -27,8 +27,8 @@ }, "dependencies": { "@sigstore/protobuf-specs": "^0.2.1", - "@sigstore/bundle": "^2.1.0", - "@sigstore/core": "^0.1.0" + "@sigstore/bundle": "^2.1.1", + "@sigstore/core": "^0.2.0" }, "engines": { "node": "^16.14.0 || >=18.0.0"