@actions/attest Releases

1.5.0

Bump @actions/core from 1.10.1 to 1.11.1 #1847
Bump @sigstore/bundle from 2.3.2 to 3.0.0 #1846
Bump @sigstore/sign from 2.3.2 to 3.0.0 #1846
Support for generating multi-subject attestations #1864
Fix bug in buildSLSAProvenancePredicate related to workflow_ref OIDC token claims containing the "@" symbol in the tag name #1863

1.4.2

Fix bug in buildSLSAProvenancePredicate/attestProvenance when generating provenance statement for enterprise account using customized OIDC issuer value #1823

1.4.1

Bump @actions/http-client from 2.2.1 to 2.2.3 #1805

1.4.0

Add new headers parameter to the attest and attestProvenance functions #1790
Update buildSLSAProvenancePredicate/attestProvenance to automatically derive default OIDC issuer URL from current execution context #1796

1.3.1

Fix bug with proxy support when retrieving JWKS for OIDC issuer #1776

1.3.0

Dynamic construction of Sigstore API URLs #1735
Switch to new GH provenance build type #1745
Fetch existing Rekor entry on 409 conflict error #1759
Bump @sigstore/bundle from 2.3.0 to 2.3.2 #1738
Bump @sigstore/sign from 2.3.0 to 2.3.2 #1738

1.2.1

Retry request on attestation persistence failure #1725

1.2.0

Generate attestations using the v0.3 Sigstore bundle format #1701
Bump @sigstore/bundle from 2.2.0 to 2.3.0 #1701
Bump @sigstore/sign from 2.2.3 to 2.3.0 #1701
Remove dependency on make-fetch-happen #1714

1.1.0

Updates the attestProvenance function to retrieve a token from the GitHub OIDC provider and use the token claims to populate the provenance statement #1693

1.0.0

Initial release