7987771a2b
Signed-off-by: Brian DeHamer <bdehamer@github.com>
3.7 KiB
3.7 KiB
@actions/attest Releases
3.2.0
- Add custom user-agent for more API calls #2321
3.1.0
- Add support for
ACTIONS_ORCHESTRATION_IDin user-agent #2320
3.0.0
- Breaking change: Package is now ESM-only
- CommonJS consumers must use dynamic
import()instead ofrequire()
- CommonJS consumers must use dynamic
- Bump
@actions/coreto^3.0.0 - Bump
@actions/http-clientto^4.0.0
2.2.1
- Bump
@actions/http-clientto3.0.2 - Bump
undicito6.23.0
2.2.0
- Bump @actions/core from 1.11.1 to 2.0.2
- Bump @actions/github from 6.0.0 to 7.0.0
- Bump @actions/http-client from 2.2.3 to 3.0.1
2.0.0
- Add support for Node 24 #2110
- Bump @sigstore/bundle from 3.0.0 to 3.1.0
- Bump @sigstore/sign from 3.0.0 to 3.1.0
- Bump jose from 5.2.3 to 5.10.0
1.6.0
- Update
buildSLSAProvenancePredicateto populateworkflow.reffield from therefclaim in the OIDC token #1969
1.5.0
- Bump @actions/core from 1.10.1 to 1.11.1 #1847
- Bump @sigstore/bundle from 2.3.2 to 3.0.0 #1846
- Bump @sigstore/sign from 2.3.2 to 3.0.0 #1846
- Support for generating multi-subject attestations #1864
- Fix bug in
buildSLSAProvenancePredicaterelated toworkflow_refOIDC token claims containing the "@" symbol in the tag name #1863
1.4.2
- Fix bug in
buildSLSAProvenancePredicate/attestProvenancewhen generating provenance statement for enterprise account using customized OIDC issuer value #1823
1.4.1
- Bump @actions/http-client from 2.2.1 to 2.2.3 #1805
1.4.0
- Add new
headersparameter to theattestandattestProvenancefunctions #1790 - Update
buildSLSAProvenancePredicate/attestProvenanceto automatically derive default OIDC issuer URL from current execution context #1796
1.3.1
- Fix bug with proxy support when retrieving JWKS for OIDC issuer #1776
1.3.0
- Dynamic construction of Sigstore API URLs #1735
- Switch to new GH provenance build type #1745
- Fetch existing Rekor entry on 409 conflict error #1759
- Bump @sigstore/bundle from 2.3.0 to 2.3.2 #1738
- Bump @sigstore/sign from 2.3.0 to 2.3.2 #1738
1.2.1
- Retry request on attestation persistence failure #1725
1.2.0
- Generate attestations using the v0.3 Sigstore bundle format #1701
- Bump @sigstore/bundle from 2.2.0 to 2.3.0 #1701
- Bump @sigstore/sign from 2.2.3 to 2.3.0 #1701
- Remove dependency on make-fetch-happen #1714
1.1.0
- Updates the
attestProvenancefunction to retrieve a token from the GitHub OIDC provider and use the token claims to populate the provenance statement #1693
1.0.0
- Initial release