mtg_python_deckbuilder/docs/releases/v4.5.3.md

# MTG Python Deckbuilder v4.5.3

## Added
- **SBOM & supply chain provenance**: Every tagged release now attaches source SBOMs (SPDX + CycloneDX JSON) for Python dependencies and a CycloneDX container image SBOM to the GitHub Release assets. Build provenance attestations (SLSA-style) are published for the multi-arch Docker image via the GitHub Attestations API. `provenance: mode=max` is enabled on all arch builds.

### Verifying attestations

```bash
gh attestation verify oci://docker.io/mwisnowski/mtg-python-deckbuilder:latest \
  --repo mwisnowski/mtg_python_deckbuilder
```

### Inspecting an SBOM

```bash
syft convert sbom-source.cyclonedx.json -o table
```
chore: prepare release 4.5.3 2026-04-02 10:47:33 -07:00			`# MTG Python Deckbuilder v4.5.3`

			`## Added`
			- SBOM & supply chain provenance: Every tagged release now attaches source SBOMs (SPDX + CycloneDX JSON) for Python dependencies and a CycloneDX container image SBOM to the GitHub Release assets. Build provenance attestations (SLSA-style) are published for the multi-arch Docker image via the GitHub Attestations API. `provenance: mode=max` is enabled on all arch builds.

			`### Verifying attestations`

			```bash
			`gh attestation verify oci://docker.io/mwisnowski/mtg-python-deckbuilder:latest \`
			`--repo mwisnowski/mtg_python_deckbuilder`
			```

			`### Inspecting an SBOM`

			```bash
			`syft convert sbom-source.cyclonedx.json -o table`
			```