Files
toolkit/packages/attest/RELEASES.md
T

91 lines
3.7 KiB
Markdown
Raw Normal View History

2024-02-17 19:14:10 -08:00
# @actions/attest Releases
## 3.2.0
- Add custom user-agent for more API calls [#2321](https://github.com/actions/toolkit/pull/2321)
## 3.1.0
- Add support for `ACTIONS_ORCHESTRATION_ID` in user-agent [#2320](https://github.com/actions/toolkit/pull/2320)
## 3.0.0
- **Breaking change**: Package is now ESM-only
- CommonJS consumers must use dynamic `import()` instead of `require()`
- Bump `@actions/core` to `^3.0.0`
- Bump `@actions/http-client` to `^4.0.0`
## 2.2.1
- Bump `@actions/http-client` to `3.0.2`
- Bump `undici` to `6.23.0`
## 2.2.0
- Bump @actions/core from 1.11.1 to 2.0.2
- Bump @actions/github from 6.0.0 to 7.0.0
- Bump @actions/http-client from 2.2.3 to 3.0.1
## 2.0.0
2025-10-20 12:07:20 +01:00
- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
- Bump @sigstore/bundle from 3.0.0 to 3.1.0
- Bump @sigstore/sign from 3.0.0 to 3.1.0
- Bump jose from 5.2.3 to 5.10.0
## 1.6.0
- Update `buildSLSAProvenancePredicate` to populate `workflow.ref` field from the `ref` claim in the OIDC token [#1969](https://github.com/actions/toolkit/pull/1969)
## 1.5.0
2024-10-14 12:33:10 -07:00
- Bump @actions/core from 1.10.1 to 1.11.1 [#1847](https://github.com/actions/toolkit/pull/1847)
- Bump @sigstore/bundle from 2.3.2 to 3.0.0 [#1846](https://github.com/actions/toolkit/pull/1846)
- Bump @sigstore/sign from 2.3.2 to 3.0.0 [#1846](https://github.com/actions/toolkit/pull/1846)
- Support for generating multi-subject attestations [#1864](https://github.com/actions/toolkit/pull/1865)
- Fix bug in `buildSLSAProvenancePredicate` related to `workflow_ref` OIDC token claims containing the "@" symbol in the tag name [#1863](https://github.com/actions/toolkit/pull/1863)
2024-10-14 12:33:10 -07:00
## 1.4.2
2024-09-04 09:52:08 -07:00
- Fix bug in `buildSLSAProvenancePredicate`/`attestProvenance` when generating provenance statement for enterprise account using customized OIDC issuer value [#1823](https://github.com/actions/toolkit/pull/1823)
2024-10-14 12:33:10 -07:00
## 1.4.1
- Bump @actions/http-client from 2.2.1 to 2.2.3 [#1805](https://github.com/actions/toolkit/pull/1805)
## 1.4.0
2024-08-16 12:38:04 -07:00
- Add new `headers` parameter to the `attest` and `attestProvenance` functions [#1790](https://github.com/actions/toolkit/pull/1790)
- Update `buildSLSAProvenancePredicate`/`attestProvenance` to automatically derive default OIDC issuer URL from current execution context [#1796](https://github.com/actions/toolkit/pull/1796)
## 1.3.1
2024-07-26 15:00:43 -07:00
2024-08-16 12:38:04 -07:00
- Fix bug with proxy support when retrieving JWKS for OIDC issuer [#1776](https://github.com/actions/toolkit/pull/1776)
2024-07-26 15:00:43 -07:00
## 1.3.0
2024-05-21 13:11:37 -07:00
2024-08-16 12:38:04 -07:00
- Dynamic construction of Sigstore API URLs [#1735](https://github.com/actions/toolkit/pull/1735)
- Switch to new GH provenance build type [#1745](https://github.com/actions/toolkit/pull/1745)
- Fetch existing Rekor entry on 409 conflict error [#1759](https://github.com/actions/toolkit/pull/1759)
- Bump @sigstore/bundle from 2.3.0 to 2.3.2 [#1738](https://github.com/actions/toolkit/pull/1738)
- Bump @sigstore/sign from 2.3.0 to 2.3.2 [#1738](https://github.com/actions/toolkit/pull/1738)
2024-05-21 13:11:37 -07:00
## 1.2.1
2024-08-16 12:38:04 -07:00
- Retry request on attestation persistence failure [#1725](https://github.com/actions/toolkit/pull/1725)
## 1.2.0
2024-04-03 12:12:26 -07:00
2024-08-16 12:38:04 -07:00
- Generate attestations using the v0.3 Sigstore bundle format [#1701](https://github.com/actions/toolkit/pull/1701)
- Bump @sigstore/bundle from 2.2.0 to 2.3.0 [#1701](https://github.com/actions/toolkit/pull/1701)
- Bump @sigstore/sign from 2.2.3 to 2.3.0 [#1701](https://github.com/actions/toolkit/pull/1701)
- Remove dependency on make-fetch-happen [#1714](https://github.com/actions/toolkit/pull/1714)
2024-04-03 12:12:26 -07:00
## 1.1.0
2024-03-21 19:25:36 -07:00
2024-08-16 12:38:04 -07:00
- Updates the `attestProvenance` function to retrieve a token from the GitHub OIDC provider and use the token claims to populate the provenance statement [#1693](https://github.com/actions/toolkit/pull/1693)
2024-03-21 19:25:36 -07:00
## 1.0.0
2024-02-17 19:14:10 -08:00
- Initial release