Skip to content

chore: release v0.3.0 #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wolfv merged 1 commit into from
Nov 28, 2025
Merged

chore: release v0.3.0 #4

wolfv merged 1 commit into from
Nov 28, 2025

Conversation

@wolfv
Copy link
Member

@wolfv wolfv commented Nov 27, 2025
edited
Loading

πŸ€– New release

  • sigstore-types: 0.2.0 -> 0.3.0 (βœ“ API compatible changes)
  • sigstore-crypto: 0.2.0 -> 0.3.0 (⚠ API breaking changes)
  • sigstore-merkle: 0.2.0 -> 0.3.0 (βœ“ API compatible changes)
  • sigstore-tsa: 0.2.0 -> 0.3.0 (⚠ API breaking changes)
  • sigstore-trust-root: 0.2.0 -> 0.3.0 (βœ“ API compatible changes)
  • sigstore-cache: 0.2.0 -> 0.3.0
  • sigstore-rekor: 0.2.0 -> 0.3.0 (βœ“ API compatible changes)
  • sigstore-bundle: 0.2.0 -> 0.3.0 (⚠ API breaking changes)
  • sigstore-oidc: 0.2.0 -> 0.3.0
  • sigstore-fulcio: 0.2.0 -> 0.3.0 (⚠ API breaking changes)
  • sigstore-verify: 0.2.0 -> 0.3.0 (βœ“ API compatible changes)
  • sigstore-sign: 0.2.0 -> 0.3.0 (βœ“ API compatible changes)

⚠ sigstore-crypto breaking changes

--- failure constructible_struct_adds_field: externally-constructible struct adds field ---

Description:
A pub struct constructible with a struct literal has a new pub field. Existing struct literals must be updated to include the new field.
        ref: https://doc.rust-lang.org/reference/expressions/struct-expr.html
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/constructible_struct_adds_field.ron

Failed in:
  field CertificateInfo.public_key in /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-crypto/src/x509.rs:33
  field CertificateInfo.public_key in /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-crypto/src/x509.rs:33

--- failure enum_variant_missing: pub enum variant removed or renamed ---

Description:
A publicly-visible enum has at least one variant that is no longer available under its prior name. It may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/enum_variant_missing.ron

Failed in:
  variant KeyPair::EcdsaP384, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:183
  variant KeyPair::Ed25519, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:185
  variant KeyPair::Rsa, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:187
  variant KeyPair::EcdsaP384, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:183
  variant KeyPair::Ed25519, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:185
  variant KeyPair::Rsa, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:187

--- failure function_missing: pub fn removed or renamed ---

Description:
A publicly-visible function cannot be imported by its prior path. A `pub use` may have been removed, or the function itself may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/function_missing.ron

Failed in:
  function sigstore_crypto::x509::der_from_pem_any, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/x509.rs:210
  function sigstore_crypto::der_from_pem_any, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/x509.rs:210
  function sigstore_crypto::hash::sha512, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/hash.rs:22
  function sigstore_crypto::sha512, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/hash.rs:22
  function sigstore_crypto::x509::der_from_pem, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/x509.rs:195
  function sigstore_crypto::der_from_pem, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/x509.rs:195
  function sigstore_crypto::hash::sha384, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/hash.rs:14
  function sigstore_crypto::sha384, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/hash.rs:14

--- failure inherent_method_missing: pub method removed or renamed ---

Description:
A publicly-visible method or associated fn is no longer available under its prior name. It may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/inherent_method_missing.ron

Failed in:
  VerificationKey::new, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/verification.rs:21
  VerificationKey::new, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/verification.rs:21
  KeyPair::generate_ecdsa_p384, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:201
  KeyPair::generate_ed25519, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:210
  KeyPair::sign_with_scheme, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:251
  KeyPair::public_key_to_der, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:320
  KeyPair::public_key_to_pem, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:356
  KeyPair::generate_ecdsa_p384, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:201
  KeyPair::generate_ed25519, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:210
  KeyPair::sign_with_scheme, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:251
  KeyPair::public_key_to_der, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:320
  KeyPair::public_key_to_pem, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:356

--- failure module_missing: pub module removed or renamed ---

Description:
A publicly-visible module cannot be imported by its prior path. A `pub use` may have been removed, or the module may have been renamed, removed, or made non-public.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/module_missing.ron

Failed in:
  mod sigstore_crypto::encoding, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:1

--- failure struct_missing: pub struct removed or renamed ---

Description:
A publicly-visible struct cannot be imported by its prior path. A `pub use` may have been removed, or the struct itself may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/struct_missing.ron

Failed in:
  struct sigstore_crypto::encoding::SignatureBytes, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:184
  struct sigstore_crypto::SignatureBytes, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:184
  struct sigstore_crypto::signing::Signature, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:63
  struct sigstore_crypto::Signature, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:63
  struct sigstore_crypto::encoding::KeyHint, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:217
  struct sigstore_crypto::KeyHint, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:217
  struct sigstore_crypto::encoding::PublicKeySpki, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:111
  struct sigstore_crypto::PublicKeySpki, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:111
  struct sigstore_crypto::encoding::CertificateDer, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:61
  struct sigstore_crypto::CertificateDer, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:61
  struct sigstore_crypto::signing::PublicKeyPem, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:18
  struct sigstore_crypto::PublicKeyPem, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/signing.rs:18
  struct sigstore_crypto::encoding::DerBytes, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:12
  struct sigstore_crypto::DerBytes, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/encoding.rs:12

--- failure struct_pub_field_missing: pub struct's pub field removed or renamed ---

Description:
A publicly-visible struct has at least one public field that is no longer available under its prior name. It may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/struct_pub_field_missing.ron

Failed in:
  field public_key_bytes of struct CertificateInfo, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/x509.rs:32
  field public_key_bytes of struct CertificateInfo, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/x509.rs:32
  field bytes of struct VerificationKey, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/verification.rs:14
  field scheme of struct VerificationKey, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/verification.rs:16
  field bytes of struct VerificationKey, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/verification.rs:14
  field scheme of struct VerificationKey, previously in file /tmp/.tmpMExcAq/sigstore-crypto/src/verification.rs:16

--- failure struct_pub_field_now_doc_hidden: pub struct field is now #[doc(hidden)] ---

Description:
A pub field of a pub struct is now marked #[doc(hidden)] and is no longer part of the public API.
        ref: https://doc.rust-lang.org/rustdoc/write-documentation/the-doc-attribute.html#hidden
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/struct_pub_field_now_doc_hidden.ron

Failed in:
  field VerificationKey.bytes in file /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-crypto/src/verification.rs:14
  field VerificationKey.scheme in file /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-crypto/src/verification.rs:14
  field VerificationKey.bytes in file /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-crypto/src/verification.rs:14
  field VerificationKey.scheme in file /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-crypto/src/verification.rs:14

⚠ sigstore-tsa breaking changes

--- failure constructible_struct_adds_field: externally-constructible struct adds field ---

Description:
A pub struct constructible with a struct literal has a new pub field. Existing struct literals must be updated to include the new field.
        ref: https://doc.rust-lang.org/reference/expressions/struct-expr.html
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/constructible_struct_adds_field.ron

Failed in:
  field VerifyOpts.tsa_certificates in /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-tsa/src/verify.rs:43
  field VerifyOpts.tsa_certificates in /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-tsa/src/verify.rs:43

--- failure enum_variant_missing: pub enum variant removed or renamed ---

Description:
A publicly-visible enum has at least one variant that is no longer available under its prior name. It may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/enum_variant_missing.ron

Failed in:
  variant Error::OutsideValidityPeriod, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/error.rs:54
  variant Error::OutsideValidityPeriod, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/error.rs:54

--- failure function_missing: pub fn removed or renamed ---

Description:
A publicly-visible function cannot be imported by its prior path. A `pub use` may have been removed, or the function itself may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/function_missing.ron

Failed in:
  function sigstore_tsa::client::timestamp_sigstore, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:110
  function sigstore_tsa::timestamp_sigstore, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:110

--- failure inherent_method_missing: pub method removed or renamed ---

Description:
A publicly-visible method or associated fn is no longer available under its prior name. It may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/inherent_method_missing.ron

Failed in:
  VerifyOpts::with_tsa_certificate, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/verify.rs:85
  VerifyOpts::with_tsa_validity, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/verify.rs:91
  VerifyOpts::with_tsa_certificate, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/verify.rs:85
  VerifyOpts::with_tsa_validity, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/verify.rs:91
  TimestampClient::timestamp, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:41
  TimestampClient::timestamp_sha256, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:94
  TimestampClient::timestamp_sha384, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:99
  TimestampClient::timestamp_sha512, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:104
  TimestampClient::timestamp, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:41
  TimestampClient::timestamp_sha256, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:94
  TimestampClient::timestamp_sha384, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:99
  TimestampClient::timestamp_sha512, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/client.rs:104

--- failure struct_pub_field_missing: pub struct's pub field removed or renamed ---

Description:
A publicly-visible struct has at least one public field that is no longer available under its prior name. It may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/struct_pub_field_missing.ron

Failed in:
  field tsa_certificate of struct VerifyOpts, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/verify.rs:42
  field tsa_valid_for of struct VerifyOpts, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/verify.rs:46
  field tsa_certificate of struct VerifyOpts, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/verify.rs:42
  field tsa_valid_for of struct VerifyOpts, previously in file /tmp/.tmpMExcAq/sigstore-tsa/src/verify.rs:46

⚠ sigstore-bundle breaking changes

--- failure struct_missing: pub struct removed or renamed ---

Description:
A publicly-visible struct cannot be imported by its prior path. A `pub use` may have been removed, or the struct itself may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/struct_missing.ron

Failed in:
  struct sigstore_bundle::builder::BundleBuilder, previously in file /tmp/.tmpMExcAq/sigstore-bundle/src/builder.rs:15
  struct sigstore_bundle::BundleBuilder, previously in file /tmp/.tmpMExcAq/sigstore-bundle/src/builder.rs:15

⚠ sigstore-fulcio breaking changes

--- failure method_parameter_count_changed: pub method parameter count changed ---

Description:
A publicly-visible method now takes a different number of parameters.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#fn-change-arity
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.45.0/src/lints/method_parameter_count_changed.ron

Failed in:
  sigstore_fulcio::client::FulcioClient::create_signing_certificate now takes 3 parameters instead of 4, in /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-fulcio/src/client.rs:116
  sigstore_fulcio::FulcioClient::create_signing_certificate now takes 3 parameters instead of 4, in /tmp/.tmpxx0x6a/sigstore-rust/crates/sigstore-fulcio/src/client.rs:116
Changelog

sigstore-types

0.3.0 - 2025-11-28

Other

  • make all interfaces more type safe
  • unify certificate encoding
  • improve sign / verify flow, add conda specific test
  • more cleanup of functions

sigstore-crypto

0.3.0 - 2025-11-28

Other

  • make all interfaces more type safe
  • remove more types
  • encode more certificates properly
  • unify certificate encoding
  • improve sign / verify flow, add conda specific test
  • more cleanup of functions

sigstore-merkle

0.3.0 - 2025-11-28

Other

  • more cleanup of functions

sigstore-tsa

0.3.0 - 2025-11-28

Other

  • remove more types
  • remove certifactePem
  • improve sign / verify flow, add conda specific test
  • more cleanup of functions

sigstore-trust-root

0.3.0 - 2025-11-28

Other

  • add staging trust root
  • make all interfaces more type safe
  • improve sign / verify flow, add conda specific test
  • more cleanup of functions

sigstore-cache

0.3.0 - 2025-11-28

Fixed

  • fix clippy warnings

Other

  • add simple separation for cache domains
  • add sigstore-cache

sigstore-rekor

0.3.0 - 2025-11-28

Other

  • add sigstore-cache
  • make all interfaces more type safe
  • remove more types
  • remove certifactePem
  • improve sign / verify flow, add conda specific test

sigstore-bundle

0.3.0 - 2025-11-28

Other

  • remove more types
  • remove certifactePem
  • unify certificate encoding
  • simplifications by only supporting v03 bundle creation
  • improve sign / verify flow, add conda specific test

sigstore-oidc

0.2.0 - 2025-11-27

Other

  • remove duplicated types, add license and readme files

sigstore-fulcio

0.3.0 - 2025-11-28

Fixed

  • fix clippy warnings

Other

  • add sigstore-cache
  • remove more types
  • encode more certificates properly

sigstore-verify

0.3.0 - 2025-11-28

Other

  • make all interfaces more type safe
  • remove more types
  • improve sign / verify flow, add conda specific test
  • more cleanup of functions
  • remove manual verification code and use webpki

sigstore-sign

0.3.0 - 2025-11-28

Other

  • remove more types
  • encode more certificates properly
  • remove certifactePem
  • unify certificate encoding
  • simplifications by only supporting v03 bundle creation
  • improve sign / verify flow, add conda specific test
  • more cleanup of functions

This PR was generated with release-plz.

@wolfv wolfv changed the title chore: release v0.2.1 chore: release v0.3.0 Nov 27, 2025
@wolfv wolfv force-pushed the release-plz-2025-11-27T15-37-30Z branch 5 times, most recently from fb714dc to bfbb4d9 Compare November 28, 2025 12:49
@wolfv wolfv force-pushed the release-plz-2025-11-27T15-37-30Z branch from bfbb4d9 to 5591280 Compare November 28, 2025 15:43
@wolfv wolfv merged commit 1d37aa6 into main Nov 28, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wolfv