@sigstore/bundle@2.2.0

Minor Changes

• 555dd8e: Support for validating v0.3 bundles

Patch Changes

• 555dd8e: Bump @sigstore/protobuf-specs from 0.2.1 to 0.3.0

@sigstore/oci@0.1.0

Minor Changes

• 002a7a0: Initial release

sigstore@2.2.1

Patch Changes

• Updated dependencies [7d90262]
• Updated dependencies [7d90262]
• Updated dependencies [f05be96]
  • @sigstore/verify@1.0.0
  • @sigstore/core@1.0.0
  • @sigstore/sign@2.2.2

@sigstore/verify@1.0.0

Major Changes

• 7d90262: Promote to 1.0.0

Patch Changes

• f05be96: Update Rekor verification to handle checkpoint values which do no include timestamps (sigstore/rekor#1888)
• Updated dependencies [7d90262]
  • @sigstore/core@1.0.0

@sigstore/sign@2.2.2

Patch Changes

• Updated dependencies [7d90262]
  • @sigstore/core@1.0.0

@sigstore/mock@0.6.4

Patch Changes

• 43cf328: Bump dependencies:

  • @peculiar/x509 from 1.9.6 to 1.9.7
  • jose from 5.2.0 to 5.2.1

• 8237a21: Bump dependencies:

  • nock from 13.5.0 to 13.5.1
  • @peculiar/webcrypto from 1.4.3 to 1.4.5

• b2e6bed: Bump nock from 13.4.0 to 13.5.0

@sigstore/core@1.0.0

Major Changes

• 7d90262: Promote to 1.0.0

sigstore@2.2.0

Minor Changes

• 4089730: Add tufForceCache flag to VerifyOptions type

Patch Changes

• af76b1d: Integrate @sigstore/verify package
• 34c3856: Integrate @sigstore/core package
• Updated dependencies [ca658dc]
• Updated dependencies [bf1d432]
• Updated dependencies [6cdf7ef]
• Updated dependencies [6869511]
• Updated dependencies [6a6bfbc]
• Updated dependencies [57bec90]
• Updated dependencies [08b7957]
• Updated dependencies [34c3856]
• Updated dependencies [f603e11]
• Updated dependencies [29a25e5]
• Updated dependencies [afb08f6]
• Updated dependencies [45903bc]
• Updated dependencies [4471a4d]
• Updated dependencies [6f9c662]
• Updated dependencies [922a1be]
• Updated dependencies [34c3856]
• Updated dependencies [e5f1875]
• Updated dependencies [da83e69]
  • @sigstore/tuf@2.3.0
  • @sigstore/verify@0.1.0
  • @sigstore/core@0.2.0
  • @sigstore/bundle@2.1.1
  • @sigstore/sign@2.2.1

@sigstore/verify@0.1.0

Minor Changes

• bf1d432: Export VerificationPolicy type
• 08b7957: Enable verification of RFC3161 timestamps
• afb08f6: Add support for verifying identity of certificate issuer
• 6f9c662: Extract verification code into dedicated package

Patch Changes

• 29a25e5: Read RFC3161 timestamps during verification
• 45903bc: Expose public signature property on SignatureContent interface
• e5f1875: Fix logic to extract issuer from Fulcio certificate
• Updated dependencies [6cdf7ef]
• Updated dependencies [6869511]
• Updated dependencies [6a6bfbc]
• Updated dependencies [57bec90]
• Updated dependencies [34c3856]
• Updated dependencies [922a1be]
  • @sigstore/core@0.2.0
  • @sigstore/bundle@2.1.1

@sigstore/tuf@2.3.0

Minor Changes

• f603e11: Expose forceCache option for TUF client
• 4471a4d: Add support for caching metadata from multiple TUF repositories

Patch Changes

• ca658dc: Update TUF seed files
• da83e69: Move TUF seeds into JSON file