- Bump @actions/http-client from 2.2.1 to 2.2.3 #1805
- Add new
headers
parameter to theattest
andattestProvenance
functions #1790 - Update
buildSLSAProvenancePredicate
/attestProvenance
to automatically derive default OIDC issuer URL from current execution context #1796
- Fix bug with proxy support when retrieving JWKS for OIDC issuer #1776
- Dynamic construction of Sigstore API URLs #1735
- Switch to new GH provenance build type #1745
- Fetch existing Rekor entry on 409 conflict error #1759
- Bump @sigstore/bundle from 2.3.0 to 2.3.2 #1738
- Bump @sigstore/sign from 2.3.0 to 2.3.2 #1738
- Retry request on attestation persistence failure #1725
- Generate attestations using the v0.3 Sigstore bundle format #1701
- Bump @sigstore/bundle from 2.2.0 to 2.3.0 #1701
- Bump @sigstore/sign from 2.2.3 to 2.3.0 #1701
- Remove dependency on make-fetch-happen #1714
- Updates the
attestProvenance
function to retrieve a token from the GitHub OIDC provider and use the token claims to populate the provenance statement #1693
- Initial release