v0.0.11

What's Changed

• workflows: hash-pin all workflows by @woodruffw in #40
• build(deps): bump actions/attest from c578ab5e377a70e30e1411d16a0eba675e5dc2e9 to 2da0b136720d14f01f4dbeeafd1d5a4d76cbe21d in the actions group by @dependabot in #41
• Update CHANGELOG for version 0.0.10 by @DarkaMaul in #42
• Run mypy on tests by @woodruffw in #43
• build(deps): update sigstore requirement from ~=3.1.0 to >=3.1,<3.3 in the python group by @dependabot in #45

Full Changelog: v0.0.10...v0.0.11

v0.0.10

Changed

• The minimum Python version required has been bumped to 3.11
  (#37)

Added

• The Provenance, Publisher, GitHubPublisher, GitLabPublisher, and
  AttestationBundle types have been added
  (#36).

v0.0.9

Added

• The Distribution type and APIs have been added, allowing a user to supply
  a pre-computed digest instead of performing I/O
  (#34)

Changed

• sign and verify no longer perform I/O
  (#34)

Fixed

• verify: catch another leaky error case
  (#32)

v0.0.8

Fixed

• AttestationType is now re-exported at the top-level as a public API
  (#31)

v0.0.7

Added

• AttestationType has been added, as an enumeration of all currently known
  attestation types (by URL)
  (#29)

Changed

• Attestation.verify now checks the attestation's type against
  AttestationType before returning it
  (#29)

Fixed

• Attestation.sign now only returns AttestationError when failing to sign a
  distribution file
  (#28)

v0.0.6

pypi_attestations: 0.0.6

Signed-off-by: William Woodruff <[email protected]>

v0.0.5

pypi_attestation_models: 0.0.5

Signed-off-by: William Woodruff <[email protected]>

v0.0.4

What's Changed

• Switch to in-toto statements by @woodruffw in #18

Full Changelog: v0.0.3...v0.0.4

v0.0.4a2

pypi_attestation_models: 0.0.4a2

Signed-off-by: William Woodruff <[email protected]>

v0.0.4a1

pypi_attestation_models: 0.0.4a1

Signed-off-by: William Woodruff <[email protected]>