Release 0.8.2

What's Changed

• sigstore: 0.8.2 by @woodruffw in #316

Full Changelog: v0.8.1...v0.8.2

Release 0.8.1

What's Changed

• sigstore: 0.8.1 by @woodruffw in #315

Full Changelog: v0.8.0...v0.8.1

Release 0.8.0

What's Changed

• scorecards-analysis: bump scorecard-action to 2.0.6 by @woodruffw in #293
• .bump: delete by @woodruffw in #294
• build(deps): bump sigstore from 0.6.8 to 0.7.0 in /install by @dependabot in #295
• dependabot: Setup Dependabot for GitHub Actions by @tetsuo-cpp in #302
• workflows: Add conformance testing workflow by @tetsuo-cpp in #298
• build(deps): bump pypa/gh-action-pypi-publish from 1.5.0 to 1.5.1 by @dependabot in #303
• build(deps): bump actions/setup-python from 2.3.2 to 4.3.0 by @dependabot in #304
• Refactor the verification API by @woodruffw in #299
• sigstore, test: add actual SANs to policy failure reason by @woodruffw in #309
• workflows/staging-tests: add missing identity check by @woodruffw in #307
• oidc/oauth: avoid logging the OAuth auth headers by @woodruffw in #312
• sigstore: 0.8.0 by @woodruffw in #314

Full Changelog: v0.7.0...v0.8.0

Release 0.7.0

What's Changed

• build(deps): bump sigstore from 0.6.7 to 0.6.8 in /install by @dependabot in #285
• build(deps): bump pyjwt from 2.5.0 to 2.6.0 in /install by @dependabot in #266
• workflows/ci: add Python 3.11 to matrix by @woodruffw in #286
• Offline Rekor bundle generation and verification by @woodruffw in #247
• build(deps): bump cryptography from 38.0.2 to 38.0.3 in /install by @dependabot in #287
• Support --cert-identity by @woodruffw in #289
• _verify: Check for URI SANs when verifying certificate emails by @tetsuo-cpp in #288
• sigstore: 0.7.0 by @tetsuo-cpp in #290
• workflow: Workaround for SLSA generator failure by @tetsuo-cpp in #292

Full Changelog: v0.6.8...v0.7.0

Release 0.6.8

What's Changed

• _cli: add boolean envvar defaults by @woodruffw in #244
• build(deps): bump sigstore from 0.6.6 to 0.6.7 in /install by @dependabot in #246
• build(deps): bump cryptography from 38.0.1 to 38.0.2 in /install by @dependabot in #245
• build(deps): bump securesystemslib from 0.24.0 to 0.25.0 in /install by @dependabot in #254
• test: add an ambient_oidc marker by @woodruffw in #259
• Restore SLSA provenance generator by @di in #256
• add community-wide reusable workflow for license/vuln scan by @bobcallaway in #255
• ctfe: add staging targets by @asraa in #262
• fix deprecated set-output by @bobcallaway in #270
• sigstore: add a CT keyring, use it for SCT verification by @woodruffw in #267
• sigstore: 0.6.8 by @woodruffw in #284

New Contributors

• @bobcallaway made their first contribution in #255

Full Changelog: v0.6.7...v0.6.8

Release 0.6.7

What's Changed

• ci, Makefile: make check-readme a make target by @woodruffw in #233
• Makefile: run recursive make silently by @woodruffw in #234
• Tests: ensure consistency of transparency log response and entry by @woodruffw in #235
• Staging workflow improvements by @woodruffw in #202
• build(deps): bump sigstore from 0.6.5 to 0.6.6 in /install by @dependabot in #236
• rekor, verify: replace unstable API use by @woodruffw in #238
• rekor/client: fix result search by @woodruffw in #239
• build(deps): bump typing-extensions from 4.3.0 to 4.4.0 in /install by @dependabot in #240
• _verify: make the failure reason more detailed when rekor lookup fails by @woodruffw in #241
• _cli: add envvar defaults for most options by @woodruffw in #242
• sigstore: 0.6.7 by @woodruffw in #243

Full Changelog: v0.6.6...v0.6.7

Release 0.6.6

What's Changed

• build(deps): bump sigstore from 0.6.4 to 0.6.5 in /install by @dependabot in #220
• build(deps): bump pyjwt from 2.4.0 to 2.5.0 in /install by @dependabot in #221
• build(deps): bump certifi from 2022.9.14 to 2022.9.24 in /install by @dependabot in #225
• build(deps): bump pyopenssl from 22.0.0 to 22.1.0 in /install by @dependabot in #226
• Add SLSA provenance generator to release; closes #222 by @diogoteles08 in #223
• README: update GitHub Action slugs by @woodruffw in #227
• Update CONTRIBUTING.md to expose the requirements to open a PR. Closes #224 by @diogoteles08 in #228
• Add a get-identity-token subcommand by @di in #229
• Bump for 0.6.6 release by @di in #231
• Revert "Add SLSA provenance generator to release; closes #222 (#223)" by @di in #232

New Contributors

• @diogoteles08 made their first contribution in #223

Full Changelog: v0.6.5...v0.6.6

Release 0.6.5

What's Changed

• build(deps): bump cryptography from 37.0.4 to 38.0.1 in /install by @dependabot in #203
• build(deps): bump sigstore from 0.6.3 to 0.6.4 in /install by @dependabot in #206
• _internal: Rekor and Fulcio clients clean up their HTTP sessions on release by @woodruffw in #213
• sigstore: use stricter pydantic fields, where applicable by @woodruffw in #210
• build(deps): bump certifi from 2022.6.15 to 2022.6.15.1 in /install by @dependabot in #214
• build(deps): bump certifi from 2022.6.15.1 to 2022.9.14 in /install by @dependabot in #217
• build(deps): bump idna from 3.3 to 3.4 in /install by @dependabot in #216
• build(deps): bump securesystemslib from 0.23.0 to 0.24.0 in /install by @dependabot in #215
• deps: constrain pyOpenSSL to >=22.0.0 by @woodruffw in #218
• sigstore: 0.6.5 by @woodruffw in #219

Full Changelog: v0.6.4...v0.6.5

Release 0.6.4

What's Changed

• build(deps): bump sigstore from 0.6.2 to 0.6.3 in /install by @dependabot in #181
• pyproject, ci: use recursive extras by @woodruffw in #179
• test: add an "online" marker for online tests by @woodruffw in #180
• ✨ Enable Scorecard badge by @azeemshaikh38 in #178
• build(deps): bump pydantic from 1.9.1 to 1.9.2 in /install by @dependabot in #183
• ci: add debug loglevel to ci and debug log of verified log index by @asraa in #185
• Update scorecard-action to v2:alpha by @azeemshaikh38 in #186
• build(deps): bump charset-normalizer from 2.1.0 to 2.1.1 in /install by @dependabot in #188
• build(deps): bump urllib3 from 1.26.11 to 1.26.12 in /install by @dependabot in #187
• build(deps): bump pydantic from 1.9.2 to 1.10.0 in /install by @dependabot in #189
• Skip curl to download requirements.txt by @uranusjr in #192
• build(deps): bump pydantic from 1.10.0 to 1.10.2 in /install by @dependabot in #193
• treewide: upgrade to cryptography 38 by @woodruffw in #199
• sigstore: 0.6.4 by @woodruffw in #205

New Contributors

• @azeemshaikh38 made their first contribution in #178
• @asraa made their first contribution in #185
• @uranusjr made their first contribution in #192

Full Changelog: v0.6.3...v0.6.4

Release 0.6.3

What's Changed

• oauth: use a context manager for the server's thread by @woodruffw in #140
• build(deps): bump sigstore from 0.6.1 to 0.6.2 in /install by @dependabot in #141
• build(deps): bump requests from 2.28.0 to 2.28.1 in /install by @dependabot in #143
• build(deps): bump cffi from 1.15.0 to 1.15.1 in /install by @dependabot in #144
• build(deps): bump charset-normalizer from 2.0.12 to 2.1.0 in /install by @dependabot in #145
• build(deps): bump typing-extensions from 4.2.0 to 4.3.0 in /install by @dependabot in #146
• pyproject.toml: Pin cryptography to >= 3.1 to avoid incompatibilities by @tetsuo-cpp in #147
• _cli: Remove references to removed --output flag by @tetsuo-cpp in #148
• build(deps): bump cryptography from 37.0.3 to 37.0.4 in /install by @dependabot in #152
• README: Add info about sigstore-python GitHub Action by @tetsuo-cpp in #154
• _cli: Create --signature and --certificate aliases for the --output-{signature,certificate} flags by @tetsuo-cpp in #153
• build(deps): bump urllib3 from 1.26.9 to 1.26.10 in /install by @dependabot in #156
• workflows/staging-tests: don't run on PRs by @woodruffw in #162
• Switch to Fulcio v2 API by @haydentherapper in #159
• pyproject: remove 'pem' dependency by @woodruffw in #163
• workflows/staging-tests: open an issue on failure by @woodruffw in #164
• fulcio: Fix lint by @tetsuo-cpp in #167
• Makefile: Make lint exit non-zero with unstaged changes by @tetsuo-cpp in #169
• oidc, _cli: Add more detailed error messages when ambient credential detection fails in GitHub Actions by @tetsuo-cpp in #170
• Tweak linting target by @woodruffw in #171
• build(deps): bump urllib3 from 1.26.10 to 1.26.11 in /install by @dependabot in #172
• _verify: Create a new X509Store for each verify call by @tetsuo-cpp in #174
• More verification API tests by @woodruffw in #175
• Bump to 0.6.3 by @woodruffw in #176

New Contributors

• @haydentherapper made their first contribution in #159

Full Changelog: v0.6.2...v0.6.3