Skip to content

RELEASES.md

Latest commit

 

History

History
90 lines (56 loc) · 3.67 KB

RELEASES.md

File metadata and controls

90 lines (56 loc) · 3.67 KB

@actions/attest Releases

3.2.0

  • Add custom user-agent for more API calls #2321

3.1.0

  • Add support for ACTIONS_ORCHESTRATION_ID in user-agent #2320

3.0.0

  • Breaking change: Package is now ESM-only
    • CommonJS consumers must use dynamic import() instead of require()
  • Bump @actions/core to ^3.0.0
  • Bump @actions/http-client to ^4.0.0

2.2.1

  • Bump @actions/http-client to 3.0.2
  • Bump undici to 6.23.0

2.2.0

  • Bump @actions/core from 1.11.1 to 2.0.2
  • Bump @actions/github from 6.0.0 to 7.0.0
  • Bump @actions/http-client from 2.2.3 to 3.0.1

2.0.0

  • Add support for Node 24 #2110
  • Bump @sigstore/bundle from 3.0.0 to 3.1.0
  • Bump @sigstore/sign from 3.0.0 to 3.1.0
  • Bump jose from 5.2.3 to 5.10.0

1.6.0

  • Update buildSLSAProvenancePredicate to populate workflow.ref field from the ref claim in the OIDC token #1969

1.5.0

  • Bump @actions/core from 1.10.1 to 1.11.1 #1847
  • Bump @sigstore/bundle from 2.3.2 to 3.0.0 #1846
  • Bump @sigstore/sign from 2.3.2 to 3.0.0 #1846
  • Support for generating multi-subject attestations #1864
  • Fix bug in buildSLSAProvenancePredicate related to workflow_ref OIDC token claims containing the "@" symbol in the tag name #1863

1.4.2

  • Fix bug in buildSLSAProvenancePredicate/attestProvenance when generating provenance statement for enterprise account using customized OIDC issuer value #1823

1.4.1

  • Bump @actions/http-client from 2.2.1 to 2.2.3 #1805

1.4.0

  • Add new headers parameter to the attest and attestProvenance functions #1790
  • Update buildSLSAProvenancePredicate/attestProvenance to automatically derive default OIDC issuer URL from current execution context #1796

1.3.1

  • Fix bug with proxy support when retrieving JWKS for OIDC issuer #1776

1.3.0

  • Dynamic construction of Sigstore API URLs #1735
  • Switch to new GH provenance build type #1745
  • Fetch existing Rekor entry on 409 conflict error #1759
  • Bump @sigstore/bundle from 2.3.0 to 2.3.2 #1738
  • Bump @sigstore/sign from 2.3.0 to 2.3.2 #1738

1.2.1

  • Retry request on attestation persistence failure #1725

1.2.0

  • Generate attestations using the v0.3 Sigstore bundle format #1701
  • Bump @sigstore/bundle from 2.2.0 to 2.3.0 #1701
  • Bump @sigstore/sign from 2.2.3 to 2.3.0 #1701
  • Remove dependency on make-fetch-happen #1714

1.1.0

  • Updates the attestProvenance function to retrieve a token from the GitHub OIDC provider and use the token claims to populate the provenance statement #1693

1.0.0

  • Initial release