sigstore
build(deps-dev): bump sigstore-rekor-types from 0.0.12 to 0.0.13
Bumps sigstore-rekor-types from 0.0.12 to 0.0.13.
Release notes
Sourced from sigstore-rekor-types's releases.
v0.0.13
What's Changed
- bump rekor to 1.3.6 by
@woodruffwin trailofbits/sigstore-rekor-types#26Full Changelog: https://github.com/trailofbits/sigstore-rekor-types/compare/v0.0.12...v0.0.13
Commits
cb51dc2rekor_types: 0.0.130bbbec8bump rekor to 1.3.6 (#26)7637117build(deps): bump actions/deploy-pages from 4.0.4 to 4.0.5 (#37)86ca37ebuild(deps-dev): update ruff requirement from <0.3.4 to <0.3.5 (#38)a1fa8f3build(deps-dev): update ruff requirement from <0.3.3 to <0.3.4 (#36)734dd39build(deps-dev): update ruff requirement from <0.3.1 to <0.3.3 (#34)dcd6305build(deps): bump pypa/gh-action-pypi-publish from 1.8.12 to 1.8.14 (#35)b5391b1build(deps-dev): update ruff requirement from <0.2.3 to <0.3.1 (#32)8d5a1c2build(deps): bump pypa/gh-action-pypi-publish from 1.8.11 to 1.8.12 (#33)2ef01ccbuild(deps-dev): update ruff requirement from <0.2.2 to <0.2.3 (#31)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
sigstore/sign.py:208: error: Module has no attribute "DsseV001Schema"; maybe "DsseV001Schema1", "DsseV001Schema2", or "DsseSchema"?
I suppose we want to use DsseV001Schema1 and strictly pin sigstore-rekor-types==0.0.13?
Or is DsseSchema an option?
Or is
DsseSchemaan option?
Yeah, I believe this is what we should switch to. I'll poke at it today 🙂
NB: mypy is currently unhappy with this because of https://github.com/koxudaxi/datamodel-code-generator/issues/1903:
sigstore/sign.py:208: error: Unexpected keyword argument "proposed_content" for "DsseSchema" [call-arg]
Found 1 error in 1 file (checked 27 source files)
make: *** [Makefile:65: lint] Error 1
Edit: this may (?) also be a manifestation of a partially fixed Pydantic bug: https://github.com/pydantic/pydantic/discussions/7418#discussioncomment-9024927
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.