sigstore/sigstore-python issues and pull requests

#1233 - build(deps): bump cryptography from 43.0.3 to 44.0.0

Pull Request - State: open - Opened by dependabot[bot] about 9 hours ago
Labels: dependencies, python

#1232 - build(deps): bump pyjwt from 2.10.0 to 2.10.1

Pull Request - State: closed - Opened by dependabot[bot] about 9 hours ago - 1 comment
Labels: dependencies, python

#1231 - Post-mortem: breakage with cryptography>=44

Issue - State: open - Opened by woodruffw 1 day ago
Labels: bug

#1230 - Update pinned requirements for v3.5.3

Pull Request - State: closed - Opened by github-actions[bot] 1 day ago - 1 comment

#1229 - pyproject: constrain cryptography < 44

Pull Request - State: closed - Opened by woodruffw 1 day ago - 1 comment
Labels: dependencies

#1228 - build(deps): bump sigstore/sigstore-conformance from 0.0.11 to 0.0.12 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] 1 day ago - 1 comment
Labels: dependencies, github_actions

#1227 - Document a workflow for signing with with an identity token

Issue - State: open - Opened by stefanberger 1 day ago - 8 comments
Labels: question

#1226 - Document our TSA/signed timestamp policy

Issue - State: open - Opened by woodruffw 1 day ago
Labels: documentation

#1225 - Update Sigstore Timestamp using dependabot

Pull Request - State: open - Opened by DarkaMaul 3 days ago

#1224 - CHANGELOG: record #1216

Pull Request - State: closed - Opened by woodruffw 3 days ago
Labels: chore

#1223 - build(deps): update ruff requirement from <0.7.5 to <0.8.1

Pull Request - State: closed - Opened by dependabot[bot] 6 days ago - 1 comment
Labels: dependencies, python

#1222 - pyproject: bump sigstore-rekor-types

Pull Request - State: closed - Opened by woodruffw 7 days ago
Labels: dependencies

#1221 - build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] 8 days ago - 1 comment
Labels: dependencies, github_actions

#1220 - build(deps): bump rfc3161-client from 0.0.3 to 0.0.4

Pull Request - State: closed - Opened by dependabot[bot] 9 days ago - 1 comment
Labels: dependencies, python

#1219 - Use official GH action to generate build provenances

Pull Request - State: closed - Opened by facutuesca 10 days ago - 2 comments
Labels: component:cicd, chore

#1218 - build(deps): bump pyjwt from 2.9.0 to 2.10.0

Pull Request - State: closed - Opened by dependabot[bot] 10 days ago - 1 comment
Labels: dependencies, python

#1217 - build(deps): update ruff requirement from <0.7.4 to <0.7.5

Pull Request - State: closed - Opened by dependabot[bot] 13 days ago - 1 comment
Labels: dependencies, python

#1216 - Sign Bundle with a Timestamp Authority

Pull Request - State: closed - Opened by DarkaMaul 13 days ago - 8 comments
Labels: component:signing, component:api

#1215 - build(deps): bump sigstore-rekor-types from 0.0.13 to 0.0.17

Pull Request - State: closed - Opened by dependabot[bot] 14 days ago - 1 comment
Labels: dependencies, python

#1214 - build(deps): bump github/codeql-action from 3.27.3 to 3.27.4 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] 14 days ago - 1 comment
Labels: dependencies, github_actions

#1213 - pyproject: bump rekor-types

Pull Request - State: closed - Opened by woodruffw 15 days ago
Labels: dependencies

#1212 - build(deps): bump sigstore-rekor-types from 0.0.13 to 0.0.16

Pull Request - State: closed - Opened by dependabot[bot] 15 days ago - 1 comment
Labels: dependencies, python

#1211 - Add `signature` on `Envelope`

Pull Request - State: closed - Opened by DarkaMaul 16 days ago - 3 comments

#1210 - build(deps): bump the actions group with 2 updates

Pull Request - State: closed - Opened by dependabot[bot] 16 days ago - 1 comment
Labels: dependencies, github_actions

#1209 - build(deps): update ruff requirement from <0.7.3 to <0.7.4

Pull Request - State: closed - Opened by dependabot[bot] 20 days ago - 1 comment
Labels: dependencies, python

#1208 - build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] 20 days ago - 1 comment
Labels: dependencies, github_actions

#1207 - build(deps): bump pypa/gh-action-pypi-publish from 1.12.1 to 1.12.2 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] 21 days ago - 1 comment
Labels: dependencies, github_actions

#1206 - Timestamp Authority Verification

Pull Request - State: closed - Opened by DarkaMaul 22 days ago - 4 comments
Labels: enhancement

#1205 - build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.1 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] 22 days ago - 1 comment
Labels: dependencies, github_actions

#1204 - Python 3.14.0a1 invalid signature, OIDC Issuer does not match

Issue - State: closed - Opened by mendhak 27 days ago - 5 comments
Labels: enhancement

#1203 - build(deps): update ruff requirement from <0.7.2 to <0.7.3

Pull Request - State: closed - Opened by dependabot[bot] 27 days ago - 1 comment
Labels: dependencies, python

#1202 - build(deps): bump rich from 13.9.3 to 13.9.4

Pull Request - State: closed - Opened by dependabot[bot] 27 days ago - 1 comment
Labels: dependencies, python

#1201 - build(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] 28 days ago - 1 comment
Labels: dependencies, github_actions

#1200 - Add CertificateAuthority

Pull Request - State: closed - Opened by DarkaMaul 29 days ago - 2 comments
Labels: component:verification, component:tuf

#1199 - build(deps): bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] 29 days ago - 1 comment
Labels: dependencies, github_actions

#1198 - Fix warning for CLI verification of legacy bundles

Pull Request - State: closed - Opened by facutuesca about 1 month ago - 2 comments

#1197 - CLI: Allow signing with just a hash?

Issue - State: open - Opened by woodruffw about 1 month ago
Labels: enhancement, component:cli, component:signing

#1196 - Update pinned requirements for v3.5.1

Pull Request - State: closed - Opened by github-actions[bot] about 1 month ago - 4 comments

#1195 - build(deps): bump sigstore from 3.3.0 to 3.5.1

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, python

#1194 - Post-mortem for regression in 3.5.0

Issue - State: closed - Opened by woodruffw about 1 month ago - 1 comment
Labels: bug, component:cli

#1193 - sigstore: prep 3.5.1

Pull Request - State: closed - Opened by woodruffw about 1 month ago
Labels: chore

#1192 - _cli: fix warning check

Pull Request - State: closed - Opened by woodruffw about 1 month ago
Labels: bug, component:cli

#1191 - README: bump tag for gh-action-sigstore-python

Pull Request - State: closed - Opened by woodruffw about 1 month ago
Labels: documentation

#1190 - build(deps): bump sigstore from 3.3.0 to 3.5.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, python

#1189 - build(deps): update ruff requirement from <0.7.1 to <0.7.2

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, python

#1188 - build(deps): bump actions/setup-python from 5.2.0 to 5.3.0 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, github_actions

#1187 - Update pinned requirements for v3.5.0

Pull Request - State: closed - Opened by github-actions[bot] about 1 month ago - 1 comment

#1186 - Add models for TimestampVerificationData

Pull Request - State: closed - Opened by DarkaMaul about 1 month ago - 2 comments
Labels: component:verification, component:api

#1185 - build(deps): bump actions/checkout from 4.2.1 to 4.2.2 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, github_actions

#1184 - Prep 3.5.0

Pull Request - State: closed - Opened by woodruffw about 1 month ago
Labels: chore

#1183 - Remove support for detached materials

Issue - State: open - Opened by woodruffw about 1 month ago - 1 comment
Labels: enhancement, component:cli

#1182 - [Meta] Support for Timestamp Protocol verification

Issue - State: open - Opened by DarkaMaul about 1 month ago - 3 comments
Labels: enhancement

#1181 - build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, github_actions

#1180 - build(deps): bump rich from 13.9.2 to 13.9.3

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, python

#1179 - _cli: don't warn on bare .sigstore if cert/sig is used

Pull Request - State: closed - Opened by woodruffw about 1 month ago
Labels: component:cli

#1178 - Verification using disjoint materials warns about "bare" Sigstore bundle

Issue - State: closed - Opened by sethmlarson about 1 month ago - 1 comment
Labels: bug, component:cli

#1177 - build(deps): bump cryptography from 43.0.1 to 43.0.3

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, python

#1176 - build(deps): update ruff requirement from <0.6.10 to <0.7.1

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, python

#1175 - `--offline` should warn when the trust root is unreasonably old

Issue - State: open - Opened by woodruffw about 1 month ago - 1 comment
Labels: enhancement, component:verification, component:tuf

#1174 - _cli: add `plumbing update-trust-root`

Pull Request - State: closed - Opened by woodruffw about 1 month ago - 2 comments
Labels: component:cli

#1173 - build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#1172 - Add a command to update `trusted_root.json` without verifying anything

Issue - State: closed - Opened by mgorny about 2 months ago - 1 comment
Labels: enhancement, component:cli

#1171 - missing `.sigstore` files for 3.4.0 release

Issue - State: closed - Opened by chenrui333 about 2 months ago - 3 comments
Labels: bug

#1170 - workflows/requirements: remove a lingering 3.8 reference

Pull Request - State: closed - Opened by woodruffw about 2 months ago
Labels: component:cicd, chore

#1169 - build(deps): bump sigstore from 3.3.0 to 3.4.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, python

#1168 - prep 3.4.0

Pull Request - State: closed - Opened by woodruffw about 2 months ago - 1 comment
Labels: chore

#1167 - build(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#1166 - build(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 in /.github/actions/upload-coverage in the actions group

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#1165 - build(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 in /.github/actions/upload-coverage in the actions group

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#1164 - build(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 in the actions group

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 2 comments
Labels: dependencies, github_actions

#1163 - bump minimum Python to 3.9

Pull Request - State: closed - Opened by woodruffw about 2 months ago
Labels: chore

#1162 - Remove duplicated constants in oidc.py

Pull Request - State: closed - Opened by segiddins about 2 months ago

#1161 - build(deps): bump the actions group with 3 updates

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#1160 - build(deps): bump tuf from 5.0.0 to 5.1.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, python

#1159 - build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 in /.github/actions/upload-coverage in the actions group

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 7 comments
Labels: dependencies, github_actions

GitHub / sigstore/sigstore-python issues and pull requests