From 533f3cd795b6826b1adf040b6dee17af8c0cac6b Mon Sep 17 00:00:00 2001
From: devitway <devitway@gmail.com>
Date: Fri, 20 Mar 2026 22:54:30 +0000
Subject: [PATCH] release: bump version to v0.2.35

---
 CHANGELOG.md | 11 +++++++++++
 Cargo.lock   |  2 +-
 Cargo.toml   |  2 +-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bcae41e..8c2e3fe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,16 @@
 # Changelog
 
+## [0.2.35] - 2026-03-20
+
+### Added
+- **Anonymous read mode** (`NORA_AUTH_ANONYMOUS_READ=true`): allow pull/download without credentials while requiring auth for push. Use case: public demo registries, read-only mirrors.
+
+### Fixed
+- Pin slsa-github-generator and codeql-action by SHA instead of tag
+- Replace anonymous tuple with named struct in activity grouping (readability)
+- Replace unwrap() with if-let pattern in activity grouping (safety)
+- Add warning message on SLSA attestation failure instead of silent suppression
+
 ## [0.2.34] - 2026-03-20
 
 ### Fixed
diff --git a/Cargo.lock b/Cargo.lock
index 084e38e..ccc5c63 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1277,7 +1277,7 @@ dependencies = [
 
 [[package]]
 name = "nora-registry"
-version = "0.2.34"
+version = "0.2.35"
 dependencies = [
  "async-trait",
  "axum",
diff --git a/Cargo.toml b/Cargo.toml
index 9a81c6a..91e4751 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,7 +6,7 @@ members = [
 ]
 
 [workspace.package]
-version = "0.2.34"
+version = "0.2.35"
 edition = "2021"
 license = "MIT"
 authors = ["DevITWay <devitway@gmail.com>"]