Markéta Machová
3f7165a275
- Update to 4.2.0 (fixes CVE-2026-24408, bsc#1257303)
* Add state validation to OIDC flow to prevent Cross-site request forgery
during OIDC authorization (GHSA-hm8f-75xx-w2vr)
* verification now ensures that artifact digest documented in bundle and the
real digest match (this is a bundle consistency check: bundle signature was
always verified over real digest)
* Fix issue with Signed Certificate Timestamp parsing where extensions
were not allowed by sigstore-python
* Update supported public key algorithms
* trust: Update embedded TUF root
* Removed support for Python 3.9 as it is end-of-life
* Removed unused nonce in Oauth flow
- drop fix-ecparam-testing.patch and nofail-neg-test.patch, merged upstream
OBS-URL: https://build.opensuse.org/request/show/1329449
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-sigstore?expand=0&rev=15
4.1 KiB
4.1 KiB