From 2a9f965abee8d5783440e6c34f457bbd65d9c0ae Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Thu, 10 Apr 2025 14:04:59 +0300 Subject: [PATCH] prep 3.6.2 Minor bump, the only noteworthy changes are tuf dependency bump and rekor keyring fix Signed-off-by: Jussi Kukkonen --- CHANGELOG.md | 16 ++++++++++++++-- sigstore/__init__.py | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 268bd6e95..ab9362a33 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,10 +8,21 @@ All versions prior to 0.9.0 are untracked. ## [Unreleased] +## [3.6.2] + +### Fixed + * Fixed issue where a trust root with multiple rekor keys was not considered valid: Now any rekor key listed in the trust root is considered good to verify entries [#1350](https://github.com/sigstore/sigstore-python/pull/1350) +### Changed + +* Upgraded python-tuf dependency to 6.0: Connections to TUF repository + now use system certificates (instead of certifi) and have automatic + retries +* Updated the embedded TUF root to version 12 + ## [3.6.1] ### Fixed @@ -597,8 +608,9 @@ This is a corrective release for [2.1.1]. -[Unreleased]: https://github.com/sigstore/sigstore-python/compare/v3.6.1...HEAD -[3.6.0]: https://github.com/sigstore/sigstore-python/compare/v3.6.0...v3.6.1 +[Unreleased]: https://github.com/sigstore/sigstore-python/compare/v3.6.2...HEAD +[3.6.2]: https://github.com/sigstore/sigstore-python/compare/v3.6.1...v3.6.2 +[3.6.1]: https://github.com/sigstore/sigstore-python/compare/v3.6.0...v3.6.1 [3.6.0]: https://github.com/sigstore/sigstore-python/compare/v3.5.3...v3.6.0 [3.5.3]: https://github.com/sigstore/sigstore-python/compare/v3.5.2...v3.5.3 [3.5.2]: https://github.com/sigstore/sigstore-python/compare/v3.5.1...v3.5.2 diff --git a/sigstore/__init__.py b/sigstore/__init__.py index c5e18e0bf..c9743b988 100644 --- a/sigstore/__init__.py +++ b/sigstore/__init__.py @@ -25,4 +25,4 @@ * `sigstore.sign`: creation of Sigstore signatures """ -__version__ = "3.6.1" +__version__ = "3.6.2"