default to generating dsse rekor entries

sigstore / sigstore-js

Code-signing for npm packages

Apache License 2.0

156 stars 23 forks source link

default to generating dsse rekor entries #1270

Closed bdehamer closed 1 month ago

bdehamer commented 1 month ago

Summary

Updates RekorWitness so that it generates "dsse" entries instead of "intoto" entries by default. The user can still request an "intoto" entry by explicitly setting the entryType field.

This is a breaking API change and will result in a major version bump.

changeset-bot[bot] commented 1 month ago

🦋 Changeset detected

Latest commit: 1f1f31d2c1415418290e218c7e0d35dda1be6332

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

| Name | Type | | -------------- | ----- | | @sigstore/sign | Major | | @sigstore/cli | Patch | | sigstore | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR