EFForg / apkeep

MIT License
838 stars 53 forks source link

cargo-update: bump x509-certificate from 0.13.0 to 0.14.0 #117

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps x509-certificate from 0.13.0 to 0.14.0.

Release notes

Sourced from x509-certificate's releases.

Apple Codesign 0.14.0

This is the first GitHub release for apple-codesign / rcodesign with pre-built executables!

The macOS binary is self-signed using the new remote signing feature. The signing was initiated on GitHub Actions (https://github.com/indygreg/PyOxidizer/runs/6152561538?check_suite_focus=true) and signing was performed from the maintainer's Windows machine using a YubiKey.

The permalink for documentation for this release is https://pyoxidizer.readthedocs.io/en/apple-codesign-0.14.0/apple_codesign.html

  • Fixed a bug where symlinks weren't been written in notarization zip file files properly. This prevented bundles containing symlinks from notarizing correctly.
  • The filename used in notarization uploads is now normalized to avoid rejection due to spaces and colons.
  • Support for remote signing. The feature is documented extensively in the Sphinx documentation. Essentially, 2 independent machines communicate with each other with end-to-end encrypted messages via a websocket bridged through a central server. Signing requests are sent to a remote machine which is in possession of the signing key. Signatures are made on the remote machine and transmitted back to the originating machine. Remote signing enables signing to be performed more securely by facilitating signing without having to give the initiating machine access to the signing key.
  • Default log output format has changed. Lines are no longer prefixed with the time, log level, or logging module by default. A -v/--verbose global flag has been added to increase the verbosity of logging. This can restore the printing of the prefixes. This crate uses env_logger <https://crates.io/crates/env_logger>_, so it is possible to customize default behavior via environment variables.
  • The possible values for the --code-signature-flags are now advertised in help output.
  • Written Mach-O files should now always have their filesystem permissions preserved. Before, we may not have preserved file permissions in all code paths writing Mach-O files.
  • A new keychain-print-certificates command can be used to print certificates available in macOS keychains.
  • Initial support for using macOS keychain certificates for code signing. Previously, we required that certificates be exported from keychain in order to sign. We now support signing using SecurityFramework APIs so keys don't have to leave the keychain. Due to a limitation in the Rust bindings to SecurityFramework, decryption using keychain keys is not supported. So the public key agreement method of remote code signing will not yet work with keychain-based keys. The new --keychain-domain and --keychain-fingerprint arguments can be used to specify how to search for and use keychain hosted keys.

PyOxidizer 0.13.2

No release notes provided.

Commits
  • 2bcfe15 releasebot: release-version-change x509-certificate 0.14.0-pre -> 0.14.0
  • 71b31aa releasebot: release-version-change pgp-cleartext 0.3.0-pre -> 0.3.0
  • 313e378 apple-codesign: add release date for 0.17
  • d3a7859 pyoxidizer: synchronize new-project-cargo.lock
  • a7ef243 apple-codesign: docs tweaks
  • b30bc50 apple-codesign: remove unused dependencies
  • e2614e3 apple-codesign: use common function for sending App Store Connect API requests
  • ec89148 apple-codesign: remove unused constant
  • 1df03e3 apple-codesign: add notary-log command
  • 3f2bce0 apple-codesign: add a new notary-wait command
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

The following labels could not be found: dependencies.

dependabot[bot] commented 2 years ago

Looks like x509-certificate is up-to-date now, so this is no longer needed.