Workflow

Securesystemslib

Latest version: v1.1.0

Safety actively analyzes 681866 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 7

0.27.0

Added
* EXPERIMENTAL DSSE implementation (487)
* EXPERIMENTAL sigstore signer and verifier (522)
* Minimal TUF/in-toto spec-compliant GPG verifier (488)
* API-typical 'import' and 'from URI' GPG signer methods (488)

Changed
* Require public key in GPG signer and disallow subkey signatures (488)
* Increase GPG subprocess timeout (502)
* Rename default branch to 'main' (523)
* Make HSM signer URI configurable (526)
* Allow tox to skip virtual HSM tests (528)
* Strip PEM keys to compute keyids consistently (453)

Removed
* Internal GPG version utils (504)
* Custom subprocess interface (505)
* Vendored ssl module (506)

Fixed
* Windows compatibility issues and re-enable Windows CI (518)
* GPG subprocess timeout configurability (502)

0.26.0

Added
* Private key URI schemes for signer instantiation (456)
* Public key container class for signature verification (456)
* Post-quantum sphincs+ signing scheme (427)
* Hardware Security Module (HSM) signing (472)
* Google Cloud KMS signing (442, 480)

Changed
* Use pyproject.toml for build configuration (253)
* Use hatchling as build backend (484)
* Auto-format and lint all code (439, 490)
* Various CI and build improvements (459, 460, 476, 493, 464)

Removed
* Drop colorama optional dependency and colorized output support (443)

Fixed
* Don't shell out to gpg on import (437)
* Fix metaclass definition (473)
* Make GPGSigner signatures specification compliant (486)

0.25.0

Changed
* Do not use max salt lengths in RSA PSS signature creation (436)
* Restrict read and write access for new private keys (231)
* Replaced deprecated `distutils.version.StrictVersion` (433)
* Bumped dependencies: cryptography (435)

Fixed
* GPG availability check in tests (434)

0.24.0

Added
* GPGSigner to support gpg signing via Signer interface (341, 419)

Changed
* Use max salt lengths in RSA PSS signature creation & automatically verify previous/new
sigs (422)
* Speed up canonical json encoding (410)
* Bumped dependencies: cffi (415), colorama (413), cryptography (405, 406, 414,
417, 424, 425), ed25519 (412)
* Changed Debian packaging metadata (392)

Fixed
* Minor test fixes (403, 420)

0.23.0

Fixed
* Race condition in gpg test cleanup function (397)

Changed
* Consistently raise custom `FormatError` in `keys.verify_signature()` (391)
* Bumped dependencies: cryptography (396), ed25519 (394, 398)
* Updated Debian packaging metadata (392)

0.22.0

Fixed
* Removed broken Dependabot badge in README (377)

Added
* Python 3.10 support (380)
* `__eq__` method for Signature objects (383)
* `unrecognized_fields` attribute for Signature objects (387)

Changed
* Bumped dependencies: cffi (373), cryptography (376, 379), ed25519 (378,
390), pycparser (375), pynacl (382)
* Misc docstring improvements (380, 381, 384)

Removed
- Python 3.6 support (385)

Page 2 of 7

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.