CHANGELOG.md

v0.10.0

What's Changed

• chore(deps): Update oci-distribution requirement from 0.10 to 0.11 by @dependabot in #343
• verify: init by @jleightcap in #311
• chore(deps): Update rstest requirement from 0.18.1 to 0.19.0 by @dependabot in #351
• chore(deps): Bump actions/checkout from 4.1.2 to 4.1.5 by @dependabot in #360
• fix linter warning by @flavio in #361
• chore(deps): Update cached requirement from 0.49.2 to 0.51.3 by @dependabot in #362
• chore(deps): Update webbrowser requirement from 0.8.12 to 1.0.1 by @dependabot in #359
• chore(deps): Bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #363
• chore(deps): Update testcontainers requirement from 0.15 to 0.16 by @dependabot in #355
• chore(deps): change provider of cargo-audit GH action by @flavio in #364
• fix docs by @flavio in #366
• fix: allow ManualTrustRoot to have multiple rekor keys by @flavio in #365
• build(deps): update testcontainers requirement from 0.16 to 0.17 by @dependabot in #368
• build(deps): update rstest requirement from 0.19.0 to 0.21.0 by @dependabot in #370
• build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #372
• build(deps): update testcontainers requirement from 0.17 to 0.18 by @dependabot in #371
• Signed Certificate Timestamp verification by @tnytown in #326
• transparency: pull OID constants from const-oid by @tnytown in #374
• build(deps): update testcontainers requirement from 0.18 to 0.19 by @dependabot in #375
• build(deps): update cached requirement from 0.51.3 to 0.52.0 by @dependabot in #377
• build(deps): update testcontainers requirement from 0.19 to 0.20 by @dependabot in #376
• build(deps): update cached requirement from 0.52.0 to 0.53.1 by @dependabot in #379
• build(deps): update rstest requirement from 0.21.0 to 0.22.0 by @dependabot in #383
• build(deps): update testcontainers requirement from 0.20 to 0.21 by @dependabot in #382
• build(deps): update testcontainers requirement from 0.21 to 0.22 by @dependabot in #386
• fix: Allow empty passwords for encrypted pem files by @gmpinder in #381
• build(deps): update tough requirement from 0.17.1 to 0.18.0 by @dependabot in #389
• dependency cleanup by @flavio in #390
• chore: update cargo audit ignore list by @flavio in #387

New Contributors

• @tnytown made their first contribution in #326
• @gmpinder made their first contribution in #381

Full Changelog: https://github.com/sigstore/sigstore-rs/compare/v0.9.0...v0.10.0

v0.9.0

What's Changed

• sign: init by @jleightcap in #310
• cargo audit: ignore RUSTSEC-2023-0071 by @jleightcap in #321
• chore(deps): Update json-syntax requirement from 0.9.6 to 0.10.0 by @dependabot in #319
• chore(deps): Update cached requirement from 0.46.0 to 0.47.0 by @dependabot in #323
• chore(deps): Update serial_test requirement from 2.0.0 to 3.0.0 by @dependabot in #322
• dep: update rustls-webpki, fold in pki_types by @jleightcap in #324
• chore(deps): Update cached requirement from 0.47.0 to 0.48.0 by @dependabot in #325
• chore(deps): Update json-syntax requirement from 0.10.0 to 0.11.1 by @dependabot in #327
• chore(deps): Update cached requirement from 0.48.0 to 0.49.2 by @dependabot in #329
• chore(deps): Update json-syntax requirement from 0.11.1 to 0.12.2 by @dependabot in #330
• lint: fix lint error of chrono and tokio by @Xynnn007 in #334
• chore(deps): Update base64 requirement from 0.21.0 to 0.22.0 by @dependabot in #332
• The Repository trait and ManualRepository struct no longer require a feature flag by @tannaurus in #331
• chore(deps): Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #336
• chore(deps): Update reqwest requirement from 0.11 to 0.12 by @dependabot in #341
• update tough dep by @astoycos in #340
• Tag the 0.9.0 release by @flavio in #342

New Contributors

• @tannaurus made their first contribution in #331
• @astoycos made their first contribution in #340

Full Changelog: https://github.com/sigstore/sigstore-rs/compare/v0.8.0...v0.9.0

v0.8.0

What's Changed

• chore(deps): Update rstest requirement from 0.17.0 to 0.18.1 by @dependabot in #282
• chore(deps): do not enable default features of chrono by @flavio in #286
• chore(deps): Update pem requirement from 2.0 to 3.0 by @dependabot in #289
• conformance: add conformance CLI and action by @jleightcap in #287
• chore: fix clippy warnings by @flavio in #292
• chore(deps): Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #291
• chore(deps): Update tough requirement from 0.13 to 0.14 by @dependabot in #290
• chore(deps): update to latest version of picky by @flavio in #293
• chore(deps): Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #294
• chore: add repository link to Cargo metadata by @flavio in #297
• chore(deps): Update cached requirement from 0.44.0 to 0.45.1 by @dependabot in #298
• chore(deps): Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #302
• chore(deps): Update cached requirement from 0.45.1 to 0.46.0 by @dependabot in #301
• chore(deps): Update testcontainers requirement from 0.14 to 0.15 by @dependabot in #303
• chore(deps): Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #304
• cosign/tuf: use trustroot by @jleightcap in #305
• Fix broken tests, update deps by @flavio in #313

New Contributors

• @jleightcap made their first contribution in #287

Full Changelog: https://github.com/sigstore/sigstore-rs/compare/v0.7.2...v0.8.0

v0.7.2

What's Changed

• chore(deps): Update cached requirement from 0.42.0 to 0.44.0 by @dependabot in #277
• chore(deps): Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #278
• chore(deps): update picky dependency by @flavio in #279

Full Changelog: https://github.com/sigstore/sigstore-rs/compare/v0.7.1...v0.7.2

v0.7.1

What's Changed

• fix: ensure cosign client can be sent between threads by @flavio in #275

Full Changelog: https://github.com/sigstore/sigstore-rs/compare/v0.7.0...v0.7.1

v0.7.0

What's Changed

• Fix typo in SignatureLayer::new doc comment by @danbev in #170
• feat: replace example dependency docker_credential by @Xynnn007 in #172
• Clean up readme by @lukehinds in #173
• chore(deps): Update rstest requirement from 0.15.0 to 0.16.0 by @dependabot in #174
• Fix typo in simple_signing.rs by @danbev in #175
• Introduce SignedArtifactBundle by @danbev in #171
• chore(deps): Update base64 requirement from 0.13.0 to 0.20.0 by @dependabot in #177
• chore(deps): Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #180
• chore(deps): Update serial_test requirement from 0.9.0 to 0.10.0 by @dependabot in #182
• chore(deps): Update cached requirement from 0.40.0 to 0.41.0 by @dependabot in #181
• Fix typo in SecretBoxCipher doc comment by @danbev in #179
• chore(deps): Update cached requirement from 0.41.0 to 0.42.0 by @dependabot in #185
• chore(deps): Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #183
• chore(deps): Update base64 requirement from 0.20.0 to 0.21.0 by @dependabot in #184
• Add cosign verify-bundle example by @danbev in #186
• Fix incorrect base64_signature doc comment by @danbev in #188
• Fix typos in tuf/mod.rs by @danbev in #195
• chore(deps): Update serial_test requirement from 0.10.0 to 1.0.0 by @dependabot in #200
• fix: show actual response status field by @ctron in #197
• Update target -> target_name for consistency by @danbev in #196
• fix: make the fields accessible by @ctron in #202
• Add verify-bundle example to README.md by @danbev in #203
• fix: make fields of hash accessible by @ctron in #205
• Improve public key output and add file output by @Gronner in #194
• Add TokenProvider::Static doc comment by @danbev in #208
• Changed the type of LogEntry.body from String to Body by @Neccolini in #207
• Fix errors/warnings reported by clippy by @danbev in #210
• Add fine-grained features to control the compilation by @Xynnn007 in #189
• fix: bring tuf feature out of rekor and add related docs by @Xynnn007 in #211
• chore: update crypto deps by @flavio in #204
• Replace x509-parser with x509-cert by @Xynnn007 in #212
• Fix: Wrong parameter order inside documentation example. by @vembacher in #215
• Remove lines about timestamp in lib.rs by @naveensrinivasan in #213
• Fix ed25519 version conflict by @vembacher in #223
• Support compiling to wasm32 architectures by @lulf in #221
• Fix link to contributor doc in readme by @oliviacrain in #225
• refactor: derive Clone trait by @flavio in https://gitub.com/sigstore/sigstore-rs/pull/227
• fix: correct typo in verify/main.rs by @danbev in #228
• chore(deps): Update tough requirement from 0.12 to 0.13 by @dependabot in #237
• chore(deps): Bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #240
• dep: update picky version to git rid of ring by @Xynnn007 in #226
• chore(deps): Bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #245
• fix: make LogEntry Body an enum by @danbev in #244
• Add verify-blob example by @danbev in #239
• Introduce Newtype OciReference into API for OCI image references. by @vembacher in #216
• Swap over to using CDN to fetch TUF metadata by @haydentherapper in #251
• chore(deps): Bump actions/checkout from 3.5.0 to 3.5.2 by @dependabot in #252
• upgrade 'der' to 0.7.5 by @dmitris in #257
• remove unused 'clock' feature for chrono by @dmitris in #258
• update pkcs1 from 0.4.0 to 0.7.5 by @dmitris in #260
• use 2021 Rust edition by @dmitris in #261
• chore(deps): Update serial_test requirement from 1.0.0 to 2.0.0 by @dependabot in #264
• update scrypt to 0.11.0, adapt for API change (fix #231) by @dmitris in #268
• upgrade ed25519-dalek to 2.0.0-rc.2 by @dmitris in #263
• chore(deps): Update openidconnect requirement from 2.3 to 3.0 by @dependabot in #265
• chore(deps): Update rstest requirement from 0.16.0 to 0.17.0 by @dependabot in #271
• Update crypto deps by @flavio in #269
• Update create_log_entry example to create key pair. by @jvanz in #206

New Contributors

• @ctron made their first contribution in #197
• @Gronner made their first contribution in #194
• @Neccolini made their first contribution in #207
• @vembacher made their first contribution in #215
• @naveensrinivasan made their first contribution in #213
• @lulf made their first contribution in #221
• @oliviacrain made their first contribution in #225
• @haydentherapper made their first contribution in #251
• @dmitris made their first contribution in #257
• @jvanz made their first contribution in #206

Full Changelog: https://github.com/sigstore/sigstore-rs/compare/v0.6.0...v0.7.0h

v0.6.0

Fixes

• Fix typo in cosign/mod.rs doc comment by @danbev in #148
• Fix typo in KeyPair trait doc comment by @danbev in #149
• Update cached requirement from 0.39.0 to 0.40.0 by @dependabot in #154
• Fix typos in PublicKeyVerifier doc comments by @danbev in #155
• Fix: CI error for auto deref by @Xynnn007 in #160
• Fix typo and grammar in signature_layers.rs by @danbev in #161
• Remove unused imports in examples/rekor by @danbev in #162
• Update link to verification example by @danbev in #156
• Fix typos in from_encrypted_pem doc comments by @danbev in #164
• Fix typos in doc comments by @danbev in #163
• Update path to fulcio-cert in verify example by @danbev in #168

Enhancements

• Add getter functions for LogEntry fields by @lkatalin in #147
• Add TreeSize alias to Rekor by @avery-blanchard in #151
• Updates for parsing hashedrekord LogEntry by @lkatalin in #152
• Add certificate based verification by @flavio in #159
• Add support for OCI Image signing (spec v1.0) by @Xynnn007 in #158

Contributors

• Avery Blanchard (@avery-blanchardmade)
• Daniel Bevenius (@danbev)
• Flavio Castelli (@flavio)
• Lily Sturmann (@lkatalin)
• Xynnn (@Xynnn007)

v0.5.3

Fixes

• rustls should not require openssl by (#146)

Others

• Rework Rekor module structure and enable doc tests (#145)

Contributors

• Flavio Castelli (@flavio)
• Lily Sturmann (@lkatalin)

v0.5.2

Fixes

• Address compilation error (#143)

Contributors

• Flavio Castelli (@flavio)

v0.5.1

Fixes

• fix verification of signatures produced with PKI11 (#142)

Others

• Update rsa dependency to stable version 0.7.0 (#141)
• Bump actions/checkout from 3.0.2 to 3.1.0 (#140)

Contributors

• Flavio Castelli (@flavio)
• Xynnn (@Xynnn007)

v0.5.0

Enhancements

• update user-agent value to be specific to sigstore-rs (#122)
• remove /api/v1/version from client by (#121)
• crate async fulcio client (#132)
• Removed ring dependency (#127)

Others

• Update dependencies
• Refactoring and examples for key interface (#123)
• Fix doc test failures (#136)

Contributors

• Bob Callaway (@bobcallaway)
• Bob McWhirter (@bobmcwhirter)
• Flavio Castelli (@flavio)
• Luke Hinds (@lukehinds)
• Xynnn (@Xynnn007)

v0.4.0

Enhancements

• feat: from and to interface for signing and verification keys (https://github.com/sigstore/sigstore-rs/pulls/115)
• Refactor examples to support subfolder execution (https://github.com/sigstore/sigstore-rs/pulls/111)
• Integrate Rekor with Sigstore-rs (https://github.com/sigstore/sigstore-rs/pulls/88)
• feat: add example case and docs for key interface (https://github.com/sigstore/sigstore-rs/pulls/99)
• feat: add signing key module (https://github.com/sigstore/sigstore-rs/pulls/87)

Documention

• Update readme to include new features (https://github.com/sigstore/sigstore-rs/pulls/113)

Others

• bump crate version (https://github.com/sigstore/sigstore-rs/pulls/118)
• Add RUSTSEC-2021-0139 to audit.toml (https://github.com/sigstore/sigstore-rs/pulls/112)
• Update xsalsa20poly1305 requirement from 0.7.1 to 0.9.0 (https://github.com/sigstore/sigstore-rs/pulls/101)
• ignore derive_partial_eq_without_eq (https://github.com/sigstore/sigstore-rs/pulls/102)
• fix clippy lints (https://github.com/sigstore/sigstore-rs/pulls/98)

Contributors

• Carlos Tadeu Panato Junior (@cpanato)
• Flavio Castelli (@flavio)
• Jyotsna (@jyotsna-penumaka)
• Lily Sturmann (@lkatalin)
• Luke Hinds (@lukehinds)
• Tony Arcieri (@tarcieri)
• Xynnn_ (@Xynnn007)