Sigstore-protobuf-specs

Changed

* Updated SigningConfig to specify API versions and validity periods
([539](https://github.com/sigstore/protobuf-specs/pull/539))
* Added deprecated, but still in use, algorithms for ECDSA P384 and P512
using SHA256 ([572](https://github.com/sigstore/protobuf-specs/pull/572))

* Announced deprecation of JSONSchema outputs from this project
([493](https://github.com/sigstore/protobuf-specs/pull/493))

Fixed

* Fix toolchain to write generated code as the user running the build instead of root
([473](https://github.com/sigstore/protobuf-specs/pull/473))

Changed

* Recreated toolchain for code generation instead of depending on third-party container image
([469](https://github.com/sigstore/protobuf-specs/pull/469))
([475](https://github.com/sigstore/protobuf-specs/pull/475))
* Updated code generation tools for Go library to latest stable releases
([476](https://github.com/sigstore/protobuf-specs/pull/476))
* Updated code generation tools for JSONSchema files to latest stable releases
([478](https://github.com/sigstore/protobuf-specs/pull/478))
* Updated code generation tools for Python library to latest stable releases
([479](https://github.com/sigstore/protobuf-specs/pull/479))
* Updated code generation tools for Ruby library to latest stable releases
([481](https://github.com/sigstore/protobuf-specs/pull/481))
* Updated code generation tools for Rust library to latest stable releases
([486](https://github.com/sigstore/protobuf-specs/pull/486))
* Updated code generation tools for Typescript library to latest stable releases
([488](https://github.com/sigstore/protobuf-specs/pull/488))

* Allowed specifying artifact digest for verification
([406](https://github.com/sigstore/protobuf-specs/pull/406))
* Added version to `SigningConfig` message
([383](https://github.com/sigstore/protobuf-specs/pull/383))

Changed

* Docs: Clarify that integration time is only trustworthy with a Signed Entry
Timestamp ([442](https://github.com/sigstore/protobuf-specs/pull/442))
* Docs: Clarify inclusion promise requirement ([380](https://github.com/sigstore/protobuf-specs/pull/380))
* Docs: Clarify that artifact digest verification should not be used with
in-toto attestations
([461](https://github.com/sigstore/protobuf-specs/pull/461))

* Added `TransparencyLogInstance.checkpoint_key_id` as an optional key identifier
for logs that generate checkpoints ([284](https://github.com/sigstore/protobuf-specs/pull/284))

Changed

* Docs: Clarified DSSE envelope signature cardinality ([318](https://github.com/sigstore/protobuf-specs/pull/318))
* Docs: Clarifier behavior of key identifiers ([284](https://github.com/sigstore/protobuf-specs/pull/284))

* Added client configuration message for signing ([277](https://github.com/sigstore/protobuf-specs/pull/277))
* Added a new format for the media type that is compatible with OCI registries ([279](https://github.com/sigstore/protobuf-specs/pull/279))
* Added events.proto for Ruby package ([264](https://github.com/sigstore/protobuf-specs/pull/264))
* Targeted Node16 for Typescript package ([230](https://github.com/sigstore/protobuf-specs/pull/230))

Changed

* Docs: Removed timestamp from checkpoint ([247](https://github.com/sigstore/protobuf-specs/pull/247))
* Remove EXPERIMENTAL prefix from LMS schemes ([214](https://github.com/sigstore/protobuf-specs/pull/214))

Fixed

* Docs: Clarified trust anchor in chain ([245]([https://github.com/sigstore/protobuf-specs/pull/210](https://github.com/sigstore/protobuf-specs/pull/245))

* Options for more generic observer time ([179](https://github.com/sigstore/protobuf-specs/pull/179))
* **BREAKING**: `VerificationMaterials.contents` now has an additional `certificate` variant,
which is preferred in `0.3` bundles with the Sigstore PGI ([191](https://github.com/sigstore/protobuf-specs/pull/191))
* Added algorithm registry documentation and updated `PublicKeyDetails` message
([194](https://github.com/sigstore/protobuf-specs/pull/194), [#212](https://github.com/sigstore/protobuf-specs/pull/212))
* Deterministic ECDSA is **deprecated**
* NIST-P384 and NIST-P521 curves **added**
* Existing (and underspecified) RSA key types are
**deprecated**. New RSA keytypes are defined that specifies size
of public modulus and hash algorithm. RSA now only supports
[PKCS1](https://datatracker.ietf.org/doc/html/rfc8017#section-8.2)
signature scheme, and PKIX
([SubjectPublicKeyInfo](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1))
encoding.
* Experimental support for
[LMS](https://datatracker.ietf.org/doc/html/rfc8554) key types.

Changed

* Deprecated support for detached SCTs ([188](https://github.com/sigstore/protobuf-specs/pull/188))

Fixed

* Docs: Clarified rotation of verification materials in the trust root
([210](https://github.com/sigstore/protobuf-specs/pull/210)