Fixed a CLI parsing bug introduced in 3.5.0 when attempting
to suppress irrelevant warnings
(#1192)
v3.5.0
Added
CLI: The sigstore plumbing update-trust-root command has been added.
Like other plumbing-level commands, this is considered unstable and
changes are not subject to our semver policy until explicitly noted
(#1174)
Fixed
CLI: Fixed an incorrect warning when verifying detached .crt/.sig
inputs (#1179)
Fixed a CLI parsing bug introduced in 3.5.0 when attempting
to suppress irrelevant warnings
(#1192)
[3.5.0]
Added
CLI: The sigstore plumbing update-trust-root command has been added.
Like other plumbing-level commands, this is considered unstable and
changes are not subject to our semver policy until explicitly noted
(#1174)
Fixed
CLI: Fixed an incorrect warning when verifying detached .crt/.sig
inputs (#1179)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the dependencies group with 3 updates: sigstore, boto3 and botocore.
Updates
sigstorefrom 3.4.0 to 3.5.1Release notes
Sourced from sigstore's releases.
Changelog
Sourced from sigstore's changelog.
Commits
0ac33eesigstore: prep 3.5.1 (#1193)33951a5_cli: fix warning check (#1192)f403812README: bump tag for gh-action-sigstore-python (#1191)8a94b6bbuild(deps): bump actions/setup-python from 5.2.0 to 5.3.0 in the actions gro...e56830ebuild(deps): update ruff requirement from <0.7.1 to <0.7.2 (#1189)68a7497Prep 3.5.0 (#1184)4de8bd7build(deps): bump actions/checkout from 4.2.1 to 4.2.2 in the actions group (...f849402_cli: don't warn on bare .sigstore if cert/sig is used (#1179)cfacc77build(deps): bump rich from 13.9.2 to 13.9.3 (#1180)ba097abbuild(deps): bump github/codeql-action from 3.26.13 to 3.27.0 in the actions ...Updates
boto3from 1.35.45 to 1.35.50Commits
ab1c5a9Merge branch 'release-1.35.50'743bcbdBumping version to 1.35.509902766Add changelog entries from botocore9f80f5aMerge pull request #4319 from boto/dependabot/github_actions/actions/setup-py...27def47Merge pull request #4318 from boto/dependabot/github_actions/github/codeql-ac...ad10febBump actions/setup-python from 5.2.0 to 5.3.05f884acBump github/codeql-action from 3.26.0 to 3.27.0d39929bMerge branch 'release-1.35.49'7610e03Merge branch 'release-1.35.49' into developbb191f2Bumping version to 1.35.49Updates
botocorefrom 1.35.45 to 1.35.50Commits
d7e0b58Merge branch 'release-1.35.50'540eeaaBumping version to 1.35.503bcc8a4Update endpoints model1a82143Update to latest models51be9a2Merge pull request #3290 from boto/dependabot/github_actions/actions/setup-py...733f64eMerge pull request #3289 from boto/dependabot/github_actions/github/codeql-ac...033346fBump actions/setup-python from 5.2.0 to 5.3.05080a30Bump github/codeql-action from 3.26.0 to 3.27.0ab80bd8Merge branch 'release-1.35.49'8aade76Merge branch 'release-1.35.49' into developDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show