v0.0.20

Changed

• Explicitly support sigstore-python 3.6
  (#79)

v0.0.19

Fixed

• Corrective release for 0.0.18

v0.0.18

What's Changed

• Bump pydantic to 2.10.0 and remove Base64 workaround by @facutuesca in #73
• Add claims to Attestation by @DarkaMaul in #70
• Prepare version 0.0.18 by @DarkaMaul in #74

Full Changelog: v0.0.17...v0.0.18

v0.0.17

Fixed

• The GitLabPublisher policy now takes the workflow file path in order to
  verify attestations, rathen than assuming it will always be gitlab-ci.yml
  (#71).
• The GitLabPublisher now longer expects claims being passed during construction,
  rather the ref and sha claims are extracted from the certificate's extensions,
  similar to GitHubPublisher's behavior
  (#71).

Changed

• Publisher classes (GitLabPublisher and GitHubPublisher) no longer take a claims
  dictionary during construction
  (#72).

v0.0.16

Added

• Attestation.statement has been added as a convenience API for accessing
  the attestation's enveloped statement as a dictionary

v0.0.15

Full Changelog: v0.0.14...v0.0.15

v0.0.14

What's Changed

• build(deps): bump actions/checkout from 4.2.1 to 4.2.2 in the actions group by @dependabot in #66
• build(deps): bump actions/setup-python from 5.2.0 to 5.3.0 in the actions group by @dependabot in #67
• fix handling of zip sdists by @woodruffw in #68

Full Changelog: v0.0.13...v0.0.14

v0.0.13

Changed

• The minimum Python version required has been brought back to 3.9
  (#64).

• The Attestation.verify(...) API has been changed to remove the Verifier
  argument in favor of an optional staging: bool kwarg to select the
  Sigstore instance
  (#62)

• The Attestation.verify(...) API has been changed to accept both Publisher
  and VerificationPolicy objects as a policy. The publisher object is internally
  converted to an appropriate verification policy.

Fixed

• python -m pypi_attestations verify now handles inputs like dist/*
  gracefully, by pre-filtering any attestation paths from the inputs.

• python -m pypi_attestations verify now exits with a non-zero exit code
  if the verification step fails
  (#57)

v0.0.12

Fixed

• Base64-encoded bytes inside Attestation objects contained newline characters
  every 76 characters due to a bug in Pydantic's Base64Bytes type. Those
  newlines were also (incorrectly) ignored by Pydantic during decoding
  (#48).

v0.0.11

What's Changed

• workflows: hash-pin all workflows by @woodruffw in #40
• build(deps): bump actions/attest from c578ab5e377a70e30e1411d16a0eba675e5dc2e9 to 2da0b136720d14f01f4dbeeafd1d5a4d76cbe21d in the actions group by @dependabot in #41
• Update CHANGELOG for version 0.0.10 by @DarkaMaul in #42
• Run mypy on tests by @woodruffw in #43
• build(deps): update sigstore requirement from ~=3.1.0 to >=3.1,<3.3 in the python group by @dependabot in #45

Full Changelog: v0.0.10...v0.0.11