Merge branch 'main' into dependabot/pip/cryptography-44.0.0

woodruffw · web-flow · commit 074d1847df17 · 2024-12-10T14:53:05.000-05:00
diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
@@ -24,7 +24,7 @@ jobs:
       - name: install sigstore-python
         run: python -m pip install .
 
-      - uses: sigstore/sigstore-conformance@e472219febb4fe9c6ce62033be8a811963ef4f27 # v0.0.12
+      - uses: sigstore/sigstore-conformance@6bd1c54e236c9517da56f7344ad16cc00439fe19 # v0.0.13
         with:
           entrypoint: ${{ github.workspace }}/test/integration/sigstore-python-conformance
           xfail: "test_verify_with_trust_root test_verify_dsse_bundle_with_trust_root" # see issue 821
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -97,7 +97,7 @@ jobs:
       - name: Download artifacts directories # goes to current working directory
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
       - name: Generate build provenance
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@v2
         with:
           subject-path: 'built-packages/*'
 
@@ -112,7 +112,7 @@ jobs:
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
 
       - name: publish
-        uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
+        uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
         with:
           packages-dir: built-packages/
           attestations: true
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
@@ -52,6 +52,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
+        uses: github/codeql-action/upload-sarif@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7
         with:
           sarif_file: results.sarif
diff --git a/install/requirements.txt b/install/requirements.txt
@@ -246,9 +246,9 @@ hyperframe==6.0.1 \
     --hash=sha256:0ec6bafd80d8ad2195c4f03aacba3a8265e57bc4cff261e802bf39970ed02a15 \
     --hash=sha256:ae510046231dc8e9ecb1a6586f63d2347bf4c8905914aa84ba585ae85f28a914
     # via h2
-id==1.4.0 \
-    --hash=sha256:23c06772e8bd3e3a44ee3f167868bf5a8e385b0c1e2cc707ad36eb7486b4765b \
-    --hash=sha256:a0391117c98fa9851ebd2b22df0dc6fd6aacbd89a4ec95c173f1311ca9bb7329
+id==1.5.0 \
+    --hash=sha256:292cb8a49eacbbdbce97244f47a97b4c62540169c976552e497fd57df0734c1d \
+    --hash=sha256:f1434e1cef91f2cbb8a4ec64663d5a23b9ed43ef44c4c957d02583d61714c658
     # via sigstore
 idna==3.10 \
     --hash=sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9 \
@@ -378,7 +378,6 @@ pydantic[email]==2.10.2 \
     --hash=sha256:2bc2d7f17232e0841cbba4641e65ba1eb6fafb3a08de3a091ff3ce14a197c4fa \
     --hash=sha256:cfb96e45951117c3024e6b67b25cdc33a3cb7b2fa62e239f7af1378358a1d99e
     # via
-    #   id
     #   sigstore
     #   sigstore-rekor-types
 pydantic-core==2.27.1 \
diff --git a/pyproject.toml b/pyproject.toml
@@ -63,7 +63,7 @@ lint = [
   "mypy ~= 1.1",
   # NOTE(ww): ruff is under active development, so we pin conservatively here
   # and let Dependabot periodically perform this update.
-  "ruff < 0.8.2",
+  "ruff < 0.8.3",
   "types-requests",
   "types-pyOpenSSL",
 ]

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ lint = [`
`63`	`63`	`"mypy ~= 1.1",`
`64`	`64`	`# NOTE(ww): ruff is under active development, so we pin conservatively here`
`65`	`65`	`# and let Dependabot periodically perform this update.`
`66`		`- "ruff < 0.8.2",`
	`66`	`+ "ruff < 0.8.3",`
`67`	`67`	`"types-requests",`
`68`	`68`	`"types-pyOpenSSL",`
`69`	`69`	`]`