Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: pypi/pypi-attestations
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.0.28
Choose a base ref
...
head repository: pypi/pypi-attestations
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.0.29
Choose a head ref
  • 11 commits
  • 18 files changed
  • 4 contributors

Commits on Oct 27, 2025

  1. build(deps): bump the actions group with 2 updates (#148) 

    Bumps the actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/upload-artifact` from 4.6.2 to 5.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...330a01c)

Updates `actions/download-artifact` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@634f93c...018cc2c)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 27, 2025
    Configuration menu
    Copy the full SHA
    53a1ab5 View commit details
    Browse the repository at this point in the history

Commits on Nov 21, 2025

  1. Fix lint and remove support for Python 3.9 (#151)

    @facutuesca
    facutuesca authored Nov 21, 2025
    Configuration menu
    Copy the full SHA
    2c8d48e View commit details
    Browse the repository at this point in the history

  2. Add cooldown to dependabot updates (#150) 

    Co-authored-by: William Woodruff <william@trailofbits.com>
    @facutuesca @woodruffw
    facutuesca and woodruffw authored Nov 21, 2025
    Configuration menu
    Copy the full SHA
    b8c452d View commit details
    Browse the repository at this point in the history

  3. build(deps): bump actions/checkout in the actions group (#149) 

    Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 5.0.0 to 5.0.1
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08c6903...93cb6ef)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: William Woodruff <william@trailofbits.com>
    @dependabot @woodruffw
    dependabot[bot] and woodruffw authored Nov 21, 2025
    Configuration menu
    Copy the full SHA
    446816b View commit details
    Browse the repository at this point in the history

  4. Update CHANGELOG 

    Signed-off-by: Facundo Tuesca <facundo.tuesca@trailofbits.com>
    @facutuesca
    facutuesca committed Nov 21, 2025
    Configuration menu
    Copy the full SHA
    26e8913 View commit details
    Browse the repository at this point in the history

  5. Add zizmor to CI workflows 

    Signed-off-by: Facundo Tuesca <facundo.tuesca@trailofbits.com>
    @facutuesca
    facutuesca committed Nov 21, 2025
    Configuration menu
    Copy the full SHA
    d8d4ab1 View commit details
    Browse the repository at this point in the history

  6. Remove unneeded permissions from zizmor workflow (#153)

    @facutuesca
    facutuesca authored Nov 21, 2025
    Configuration menu
    Copy the full SHA
    2a74c1e View commit details
    Browse the repository at this point in the history

Commits on Dec 1, 2025

  1. build(deps): bump zizmorcore/zizmor-action in the actions group (#154)

    @dependabot
    dependabot[bot] authored Dec 1, 2025
    Configuration menu
    Copy the full SHA
    34db665 View commit details
    Browse the repository at this point in the history

Commits on Dec 2, 2025

  1. build(deps): bump actions/setup-python in the actions group (#155) 

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Dec 2, 2025
    Configuration menu
    Copy the full SHA
    0716b10 View commit details
    Browse the repository at this point in the history

Commits on Dec 11, 2025

  1. Add GCP support to CLI (#157) 

    * Add test assets

* Support GCP on the CLI

* Update README.md

* Update CHANGELOG.md

* Add more coverage
    @di
    di authored Dec 11, 2025
    Configuration menu
    Copy the full SHA
    5afe2a1 View commit details
    Browse the repository at this point in the history

  2. chore: prep for release v0.0.29 (#158)

    @di
    di authored Dec 11, 2025
    Configuration menu
    Copy the full SHA
    fb35ffd View commit details
    Browse the repository at this point in the history
Loading