default to generating v0.3 bundles

sigstore / sigstore-js

Code-signing for npm packages

Apache License 2.0

156 stars 23 forks source link

default to generating v0.3 bundles #1267

Closed bdehamer closed 1 month ago

bdehamer commented 1 month ago

Summary

Update the toDSSEBundle and toMessageSignatureBundle functions in the bundle package to generate Sigstore v0.3 bundles by default.

Previously, these functions would generate v0.2 bundles by default and you could force v0.3 by setting singleCertificate: true. Now we will default to v0.3 and you can force v0.2 by setting certificateChain to true.

This is a breaking change to the public interface and will result in a major version bump.

changeset-bot[bot] commented 1 month ago

🦋 Changeset detected

Latest commit: 0a1f574b56a25baa4760bf35fa6b26b304fa6786

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages

| Name | Type | | --------------------- | ----- | | @sigstore/bundle | Major | | @sigstore/cli | Patch | | sigstore | Patch | | @sigstore/conformance | Patch | | @sigstore/sign | Patch | | @sigstore/verify | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR