chore: release v0.2.2

[jdx]

🤖 New release

• sigstore-verification: 0.2.1 -> 0.2.2 (✓ API compatible changes)

Changelog

0.2.2 - 2026-04-04

Added

• add builder pattern for customizable GitHub API URL (#36)

Fixed

• generate Cargo.lock before security audit (#24)

Other

• (deps) pin dtolnay/rust-toolchain action to 29eef33 (#33)
• (deps) update jdx/mise-action digest to 1648a78 (#34)
• (deps) update jdx/mise-action action to v4 (#31)
• (deps) update swatinem/rust-cache digest to e18b497 (#30)
• (deps) update release-plz/action digest to 1528104 (#29)
• (deps) update jdx/mise-action digest to 5228313 (#28)
• (deps) update jdx/mise-action digest to e79ddf6 (#27)
• (deps) pin dependencies (#26)

---

This PR was generated with release-plz.

---

Note

Low Risk
Low risk: this PR only updates release metadata (crate version and changelog) without changing library code or behavior.

Overview
Prepares the v0.2.2 release by bumping Cargo.toml from 0.2.1 to 0.2.2 and adding the corresponding CHANGELOG.md section.

The changelog notes the builder pattern for a customizable GitHub API URL, a fix to generate Cargo.lock before security audit, and several CI/dependency pin updates.

^{Reviewed by Cursor Bugbot for commit 9b5a822. Bugbot is set up for automated code reviews on this repo. Configure here.}

[gemini-code-assist]

Code Review

This pull request bumps the version of the sigstore-verification package to 0.2.2 and updates the CHANGELOG.md with details on recent fixes and dependency updates. A review comment points out that the release date in the changelog is set to a future date, which should be corrected to ensure accuracy.

[gemini-code-assist]

The release date is set to a future date (2026-04-03). This appears to be an error, as release dates in a changelog should reflect the actual date of the release. The previous release entry also has a date set in the future. This might indicate an issue with the release automation process that should be investigated.