build(deps): bump the minimum-runtime-dependencies group across 2 directories with 4 updates

[dependabot]

Updates the requirements on securesystemslib[awskms,azurekms,gcpkms,pynacl,sigstore], tuf, ruff and securesystemslib[awskms,azurekms,gcpkms,hsm,sigstore] to permit the latest version.
Updates securesystemslib[awskms,azurekms,gcpkms,pynacl,sigstore] to 1.1.0

Release notes

Sourced from securesystemslib[awskms,azurekms,gcpkms,pynacl,sigstore]'s releases.

v1.1.0

See CHANGELOG.md for details.

Changelog

Sourced from securesystemslib[awskms,azurekms,gcpkms,pynacl,sigstore]'s changelog.

securesystemslib v1.1.0

This is a small release that only re-enables the use of SigstoreSigner. Note that SigstoreSigner and SigstoreKey are still not part of the default set of supported signers & keys but now they can be enabled.

Changed

• SigstoreSigner: Re-enable compatibility with Sigstore (#781)

securesystemslib v1.0.0

Securesystemslib API is now considered stable. The core functionality is provided in the Signer interface and the half a dozen integrated Signer implementations that can be found in the signer module. Smaller helper modules dsse, formats, hash and storage are also part of the API. Several legacy modules have been removed.

Added

• Signer: add public_key attribute to interface (#756)
• VaultSigner: Signer implementation for HashiCorp Vault (#800)
• CryptoSigner: support ecdsa keytype that is no longer in spec (#711)
• CryptoSigner: add private_bytes property (#799)
• CryptoSigner: add "file2" signer uri (#759)
• test: use localstack to test AWSSigner (#777)

Removed

• CryptoSigner: remove "file" signer uri (#759)
• migration script for legacy keys (#770)
• SSlibSigner class and *_securesystemslib_key methods (#771)
• legacy key key*, interface, util and schema modules (#772, #773, #776)
• unused functions in hash, and formats module (#774, #776)
• unused global key constants (#806)

Changed

• SSlibKey: strengthen input validation (#780, #795)
• AWSSigner: support default scheme and add stronger input validation (#724, #778)
• dsse: change Envelope.signatures type to dict (#743)
• vendor: update ed25519 copy (#793)
• docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796)
• test: improve and temporarily disable SigstoreSigner test (#779, #785)
• ci: use dependabot groups, update weekly (#735)
• ci: test macOS and Windows on latest Python only (#797)
• Make securessystemslib.gpg internal (#792)

Fixed

• Fix check-upstream-ed25519 workflow permission (#706)
• SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794)

securesystemslib v0.31.0

... (truncated)

Commits

• c70d7be Merge pull request #821 from jku/release-v1.1.0
• 9d4a99e Prepare v1.1
• 08e64be Merge pull request #819 from secure-systems-lab/dependabot/pip/dependencies-2...
• 7058f55 Bump the dependencies group across 1 directory with 4 updates
• 5e734e4 Merge pull request #813 from jku/upgrade-sigstore
• bc6f882 Merge pull request #814 from secure-systems-lab/dependabot/pip/test-and-lint-...
• f61cf1a GCPSigner: Add exception for unsupported keys
• 323d572 Merge pull request #816 from secure-systems-lab/dependabot/github_actions/act...
• 3b7b7e6 ---
• 603b461 ---
• Additional commits viewable in compare view

Updates tuf to 5.1.0

Release notes

Sourced from tuf's releases.

v5.1.0

Changed

• ngclient: default user-agent was updated from "tuf/x.y.z" to "python-tuf/x.y.z" (#2632)
• ngclient: max_root_rotations default value was bumped to 256 to prevent a too small value from creating issues in actual deployments were the embedded root is not easily updateable (#2675)
• repository: do_snapshot() and do_timestamp() now always create new versions if current version is not correctly signed (#2650)
• Various infrastructure and documentation improvements

Changelog

Sourced from tuf's changelog.

v5.1.0

Changed

• ngclient: default user-agent was updated from "tuf/x.y.z" to "python-tuf/x.y.z" (#2632)
• ngclient: max_root_rotations default value was bumped to 256 to prevent a too small value from creating issues in actual deployments were the embedded root is not easily updateable (#2675)
• repository: do_snapshot() and do_timestamp() now always create new versions if current version is not correctly signed (#2650)
• Various infrastructure and documentation improvements

v5.0.0

This release, most notably, marks stable securesystemslib v1.0.0 as minimum requirement. The update causes a minor break in the new DSSE API (see below) and affects users who also directly depend on securesystemslib. See the securesystemslib release notes and the updated python-tuf examples (#2617) for details. ngclient API remains backwards-compatible.

Changed

• DSSE API: change SimpleEnvelope.signatures type to dict, remove SimpleEnvelope.signatures_dict (#2617)
• ngclient: support app-specific user-agents (#2612)
• Various build, test and lint improvements

v4.0.0

This release is a small API change for Metadata API users (see below). ngclient API is compatible but optional DSSE support has been added.

Added

• Added optional DSSE support to Metadata API and ngclient (#2436)

Changed

• Metadata API: Improved verification functionality for repository users (#2551):
  • This is an API change for Metadata API users ( Root.get_verification_result() and Targets.get_verification_result() specifically)
  • Root.get_root_verification_result() has been added to handle the special case of root verification
• Started using UTC datetimes instead of naive datetimes internally (#2573)
• Constrain securesystemslib dependency to <0.32.0 in preparation for future securesystemslib API changes
• Various build, test and lint improvements

v3.1.1

... (truncated)

Commits

• dd4caf4 Merge pull request #2712 from jku/prepare-v5.1
• 72d0cea Prepare v5.1.0 release
• 4fbcfa0 build(deps): bump theupdateframework/tuf-conformance (#2711)
• 22b82d5 build(deps): bump ruff in the test-and-lint-dependencies group (#2709)
• 4ec49e2 build(deps): bump actions/checkout in the action-dependencies group (#2710)
• d77ab75 build(deps): bump pypa/gh-action-pypi-publish (#2706)
• 42240dc build(deps): bump ruff in the test-and-lint-dependencies group (#2705)
• 9f7db14 Merge pull request #2707 from kairoaraujo/add-kairoaraujo-maintainers
• 107cd2a docs: include kairoaraujo info in MAINTAINERS.txt
• 5971b09 build(deps): bump theupdateframework/tuf-conformance (#2704)
• Additional commits viewable in compare view

Updates ruff from 0.7.1 to 0.8.1

Release notes

Sourced from ruff's releases.

0.8.1

Release Notes

Preview features

• Formatter: Avoid invalid syntax for format-spec with quotes for all Python versions (#14625)
• Formatter: Consider quotes inside format-specs when choosing the quotes for an f-string (#14493)
• Formatter: Do not consider f-strings with escaped newlines as multiline (#14624)
• Formatter: Fix f-string formatting in assignment statement (#14454)
• Formatter: Fix unnecessary space around power operator (**) in overlong f-string expressions (#14489)
• [airflow] Avoid implicit schedule argument to DAG and @dag (AIR301) (#14581)
• [flake8-builtins] Exempt private built-in modules (A005) (#14505)
• [flake8-pytest-style] Fix pytest.mark.parametrize rules to check calls instead of decorators (#14515)
• [flake8-type-checking] Implement runtime-cast-value (TC006) (#14511)
• [flake8-type-checking] Implement unquoted-type-alias (TC007) and quoted-type-alias (TC008) (#12927)
• [flake8-use-pathlib] Recommend Path.iterdir() over os.listdir() (PTH208) (#14509)
• [pylint] Extend invalid-envvar-default to detect os.environ.get (PLW1508) (#14512)
• [pylint] Implement len-test (PLC1802) (#14309)
• [refurb] Fix bug where methods defined using lambdas were flagged by FURB118 (#14639)
• [ruff] Auto-add r prefix when string has no backslashes for unraw-re-pattern (RUF039) (#14536)
• [ruff] Implement invalid-assert-message-literal-argument (RUF040) (#14488)
• [ruff] Implement unnecessary-nested-literal (RUF041) (#14323)
• [ruff] Implement unnecessary-regular-expression (RUF055) (#14659)

Rule changes

• Ignore more rules for stub files (#14541)
• [pep8-naming] Eliminate false positives for single-letter names (N811, N814) (#14584)
• [pyflakes] Avoid false positives in @no_type_check contexts (F821, F722) (#14615)
• [ruff] Detect redirected-noqa in file-level comments (RUF101) (#14635)
• [ruff] Mark fixes for unsorted-dunder-all and unsorted-dunder-slots as unsafe when there are complex comments in the sequence (RUF022, RUF023) (#14560)

Bug fixes

• Avoid fixing code to None | None for redundant-none-literal (PYI061) and never-union (RUF020) (#14583, #14589)
• [flake8-bugbear] Fix mutable-contextvar-default to resolve annotated function calls properly (B039) (#14532)
• [flake8-pyi, ruff] Fix traversal of nested literals and unions (PYI016, PYI051, PYI055, PYI062, RUF041) (#14641)
• [flake8-pyi] Avoid rewriting invalid type expressions in unnecessary-type-union (PYI055) (#14660)
• [flake8-type-checking] Avoid syntax errors and type checking problem for quoted annotations autofix (TC003, TC006) (#14634)
• [pylint] Do not wrap function calls in parentheses in the fix for unnecessary-dunder-call (PLC2801) (#14601)
• [ruff] Handle attrs's auto_attribs correctly (RUF009) (#14520)

Contributors

• @​AlexWaygood
• @​Daverball
• @​Glyphack
• @​InSyncWithFoo
• @​Lokejoke
• @​MichaReiser
• @​cake-monotone

... (truncated)

Changelog

Sourced from ruff's changelog.

0.8.1

Preview features

• Formatter: Avoid invalid syntax for format-spec with quotes for all Python versions (#14625)
• Formatter: Consider quotes inside format-specs when choosing the quotes for an f-string (#14493)
• Formatter: Do not consider f-strings with escaped newlines as multiline (#14624)
• Formatter: Fix f-string formatting in assignment statement (#14454)
• Formatter: Fix unnecessary space around power operator (**) in overlong f-string expressions (#14489)
• [airflow] Avoid implicit schedule argument to DAG and @dag (AIR301) (#14581)
• [flake8-builtins] Exempt private built-in modules (A005) (#14505)
• [flake8-pytest-style] Fix pytest.mark.parametrize rules to check calls instead of decorators (#14515)
• [flake8-type-checking] Implement runtime-cast-value (TC006) (#14511)
• [flake8-type-checking] Implement unquoted-type-alias (TC007) and quoted-type-alias (TC008) (#12927)
• [flake8-use-pathlib] Recommend Path.iterdir() over os.listdir() (PTH208) (#14509)
• [pylint] Extend invalid-envvar-default to detect os.environ.get (PLW1508) (#14512)
• [pylint] Implement len-test (PLC1802) (#14309)
• [refurb] Fix bug where methods defined using lambdas were flagged by FURB118 (#14639)
• [ruff] Auto-add r prefix when string has no backslashes for unraw-re-pattern (RUF039) (#14536)
• [ruff] Implement invalid-assert-message-literal-argument (RUF040) (#14488)
• [ruff] Implement unnecessary-nested-literal (RUF041) (#14323)
• [ruff] Implement unnecessary-regular-expression (RUF055) (#14659)

Rule changes

• Ignore more rules for stub files (#14541)
• [pep8-naming] Eliminate false positives for single-letter names (N811, N814) (#14584)
• [pyflakes] Avoid false positives in @no_type_check contexts (F821, F722) (#14615)
• [ruff] Detect redirected-noqa in file-level comments (RUF101) (#14635)
• [ruff] Mark fixes for unsorted-dunder-all and unsorted-dunder-slots as unsafe when there are complex comments in the sequence (RUF022, RUF023) (#14560)

Bug fixes

• Avoid fixing code to None | None for redundant-none-literal (PYI061) and never-union (RUF020) (#14583, #14589)
• [flake8-bugbear] Fix mutable-contextvar-default to resolve annotated function calls properly (B039) (#14532)
• [flake8-pyi, ruff] Fix traversal of nested literals and unions (PYI016, PYI051, PYI055, PYI062, RUF041) (#14641)
• [flake8-pyi] Avoid rewriting invalid type expressions in unnecessary-type-union (PYI055) (#14660)
• [flake8-type-checking] Avoid syntax errors and type checking problem for quoted annotations autofix (TC003, TC006) (#14634)
• [pylint] Do not wrap function calls in parentheses in the fix for unnecessary-dunder-call (PLC2801) (#14601)
• [ruff] Handle attrs's auto_attribs correctly (RUF009) (#14520)

0.8.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

See also, the "Remapped rules" section which may result in disabled rules.

• Default to Python 3.9

... (truncated)

Commits

• b3b2c98 Update CHANGELOG.md with the new commits for 0.8.1 (#14664)
• abb3c6e [flake8-pyi] Avoid rewriting invalid type expressions in `unnecessary-type-...
• 224fe75 [ruff] Implement unnecessary-regular-expression (RUF055) (#14659)
• dc29f52 [flake8-pyi, ruff] Fix traversal of nested literals and unions (PYI016,...
• d9cbf2f Avoids unnecessary overhead for TC004, when TC001-003 are disabled (#14657)
• 3f6c65e [red-knot] Fix merged type after if-else without explicit else branch (#14621)
• 976c37a Bump version to 0.8.1 (#14655)
• a378ff3 [red-knot] Fix Boolean flags in mdtests (#14654)
• d8bca0d Fix bug where methods defined using lambdas were flagged by FURB118 (#14639)
• 6f1cf5b [red-knot] Minor fix in MRO tests (#14652)
• Additional commits viewable in compare view

Updates tuf to 5.1.0

Release notes

Sourced from tuf's releases.

v5.1.0

Changed

• ngclient: default user-agent was updated from "tuf/x.y.z" to "python-tuf/x.y.z" (#2632)
• ngclient: max_root_rotations default value was bumped to 256 to prevent a too small value from creating issues in actual deployments were the embedded root is not easily updateable (#2675)
• repository: do_snapshot() and do_timestamp() now always create new versions if current version is not correctly signed (#2650)
• Various infrastructure and documentation improvements

Changelog

Sourced from tuf's changelog.

v5.1.0

Changed

• ngclient: default user-agent was updated from "tuf/x.y.z" to "python-tuf/x.y.z" (#2632)
• ngclient: max_root_rotations default value was bumped to 256 to prevent a too small value from creating issues in actual deployments were the embedded root is not easily updateable (#2675)
• repository: do_snapshot() and do_timestamp() now always create new versions if current version is not correctly signed (#2650)
• Various infrastructure and documentation improvements

v5.0.0

This release, most notably, marks stable securesystemslib v1.0.0 as minimum requirement. The update causes a minor break in the new DSSE API (see below) and affects users who also directly depend on securesystemslib. See the securesystemslib release notes and the updated python-tuf examples (#2617) for details. ngclient API remains backwards-compatible.

Changed

• DSSE API: change SimpleEnvelope.signatures type to dict, remove SimpleEnvelope.signatures_dict (#2617)
• ngclient: support app-specific user-agents (#2612)
• Various build, test and lint improvements

v4.0.0

This release is a small API change for Metadata API users (see below). ngclient API is compatible but optional DSSE support has been added.

Added

• Added optional DSSE support to Metadata API and ngclient (#2436)

Changed

• Metadata API: Improved verification functionality for repository users (#2551):
  • This is an API change for Metadata API users ( Root.get_verification_result() and Targets.get_verification_result() specifically)
  • Root.get_root_verification_result() has been added to handle the special case of root verification
• Started using UTC datetimes instead of naive datetimes internally (#2573)
• Constrain securesystemslib dependency to <0.32.0 in preparation for future securesystemslib API changes
• Various build, test and lint improvements

v3.1.1

... (truncated)

Commits

• dd4caf4 Merge pull request #2712 from jku/prepare-v5.1
• 72d0cea Prepare v5.1.0 release
• 4fbcfa0 build(deps): bump theupdateframework/tuf-conformance (#2711)
• 22b82d5 build(deps): bump ruff in the test-and-lint-dependencies group (#2709)
• 4ec49e2 build(deps): bump actions/checkout in the action-dependencies group (#2710)
• d77ab75 build(deps): bump pypa/gh-action-pypi-publish (#2706)
• 42240dc build(deps): bump ruff in the test-and-lint-dependencies group (#2705)
• 9f7db14 Merge pull request #2707 from kairoaraujo/add-kairoaraujo-maintainers
• 107cd2a docs: include kairoaraujo info in MAINTAINERS.txt
• 5971b09 build(deps): bump theupdateframework/tuf-conformance (#2704)
• Additional commits viewable in compare view

Updates ruff from 0.7.1 to 0.8.1

Release notes

Sourced from ruff's releases.

0.8.1

Release Notes

Preview features

• Formatter: Avoid invalid syntax for format-spec with quotes for all Python versions (#14625)
• Formatter: Consider quotes inside format-specs when choosing the quotes for an f-string (#14493)
• Formatter: Do not consider f-strings with escaped newlines as multiline (#14624)
• Formatter: Fix f-string formatting in assignment statement (#14454)
• Formatter: Fix unnecessary space around power operator (**) in overlong f-string expressions (#14489)
• [airflow] Avoid implicit schedule argument to DAG and @dag (AIR301) (#14581)
• [flake8-builtins] Exempt private built-in modules (A005) (#14505)
• [flake8-pytest-style] Fix pytest.mark.parametrize rules to check calls instead of decorators (#14515)
• [flake8-type-checking] Implement runtime-cast-value (TC006) (#14511)
• [flake8-type-checking] Implement unquoted-type-alias (TC007) and quoted-type-alias (TC008) (#12927)
• [flake8-use-pathlib] Recommend Path.iterdir() over os.listdir() (PTH208) (#14509)
• [pylint] Extend invalid-envvar-default to detect os.environ.get (PLW1508) (#14512)
• [pylint] Implement len-test (PLC1802) (#14309)
• [refurb] Fix bug where methods defined using lambdas were flagged by FURB118 (#14639)
• [ruff] Auto-add r prefix when string has no backslashes for unraw-re-pattern (RUF039) (#14536)
• [ruff] Implement invalid-assert-message-literal-argument (RUF040) (#14488)
• [ruff] Implement unnecessary-nested-literal (RUF041) (#14323)
• [ruff] Implement unnecessary-regular-expression (RUF055) (#14659)

Rule changes

• Ignore more rules for stub files (#14541)
• [pep8-naming] Eliminate false positives for single-letter names (N811, N814) (#14584)
• [pyflakes] Avoid false positives in @no_type_check contexts (F821, F722) (#14615)
• [ruff] Detect redirected-noqa in file-level comments (RUF101) (#14635)
• [ruff] Mark fixes for unsorted-dunder-all and unsorted-dunder-slots as unsafe when there are complex comments in the sequence (RUF022, RUF023) (#14560)

Bug fixes

• Avoid fixing code to None | None for redundant-none-literal (PYI061) and never-union (RUF020) (#14583, #14589)
• [flake8-bugbear] Fix mutable-contextvar-default to resolve annotated function calls properly (B039) (#14532)
• [flake8-pyi, ruff] Fix traversal of nested literals and unions (PYI016, PYI051, PYI055, PYI062, RUF041) (#14641)
• [flake8-pyi] Avoid rewriting invalid type expressions in unnecessary-type-union (PYI055) (#14660)
• [flake8-type-checking] Avoid syntax errors and type checking problem for quoted annotations autofix (TC003, TC006) (#14634)
• [pylint] Do not wrap function calls in parentheses in the fix for unnecessary-dunder-call (PLC2801) (#14601)
• [ruff] Handle attrs's auto_attribs correctly (RUF009) (#14520)

Contributors

• @​AlexWaygood
• @​Daverball
• @​Glyphack
• @​InSyncWithFoo
• @​Lokejoke
• @​MichaReiser
• @​cake-monotone

... (truncated)

Changelog

Sourced from ruff's changelog.

0.8.1

Preview features

• Formatter: Avoid invalid syntax for format-spec with quotes for all Python versions (#14625)
• Formatter: Consider quotes inside format-specs when choosing the quotes for an f-string (#14493)
• Formatter: Do not consider f-strings with escaped newlines as multiline (#14624)
• Formatter: Fix f-string formatting in assignment statement (#14454)
• Formatter: Fix unnecessary space around power operator (**) in overlong f-string expressions (#14489)
• [airflow] Avoid implicit schedule argument to DAG and @dag (AIR301) (#14581)
• [flake8-builtins] Exempt private built-in modules (A005) (#14505)
• [flake8-pytest-style] Fix pytest.mark.parametrize rules to check calls instead of decorators (#14515)
• [flake8-type-checking] Implement runtime-cast-value (TC006) (#14511)
• [flake8-type-checking] Implement unquoted-type-alias (TC007) and quoted-type-alias (TC008) (#12927)
• [flake8-use-pathlib] Recommend Path.iterdir() over os.listdir() (PTH208) (#14509)
• [pylint] Extend invalid-envvar-default to detect os.environ.get (PLW1508) (#14512)
• [pylint] Implement len-test (PLC1802) (#14309)
• [refurb] Fix bug where methods defined using lambdas were flagged by FURB118 (#14639)
• [ruff] Auto-add r prefix when string has no backslashes for unraw-re-pattern (RUF039) (#14536)
• [ruff] Implement invalid-assert-message-literal-argument (RUF040) (#14488)
• [ruff] Implement unnecessary-nested-literal (RUF041) (#14323)
• [ruff] Implement unnecessary-regular-expression (RUF055) (#14659)

Rule changes

• Ignore more rules for stub files (#14541)
• [pep8-naming] Eliminate false positives for single-letter names (N811, N814) (#14584)
• [pyflakes] Avoid false positives in @no_type_check contexts (F821, F722) (#14615)
• [ruff] Detect redirected-noqa in file-level comments (RUF101) (#14635)
• [ruff] Mark fixes for unsorted-dunder-all and unsorted-dunder-slots as unsafe when there are complex comments in the sequence (RUF022, RUF023) (#14560)

Bug fixes

• Avoid fixing code to None | None for redundant-none-literal (PYI061) and never-union (RUF020) (#14583, #14589)
• [flake8-bugbear] Fix mutable-contextvar-default to resolve annotated function calls properly (B039) (#14532)
• [flake8-pyi, ruff] Fix traversal of nested literals and unions (PYI016, PYI051, PYI055, PYI062, RUF041) (#14641)
• [flake8-pyi] Avoid rewriting invalid type expressions in unnecessary-type-union (PYI055) (#14660)
• [flake8-type-checking] Avoid syntax errors and type checking problem for quoted annotations autofix (TC003, TC006) (#14634)
• [pylint] Do not wrap function calls in parentheses in the fix for unnecessary-dunder-call (PLC2801) (#14601)
• [ruff] Handle attrs's auto_attribs correctly (RUF009) (#14520)

0.8.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

See also, the "Remapped rules" section which may result in disabled rules.

• Default to Python 3.9

... (truncated)

Commits

• b3b2c98 Update CHANGELOG.md with the new commits for 0.8.1 (#14664)
• abb3c6e [flake8-pyi] Avoid rewriting invalid type expressions in `unnecessary-type-...
• 224fe75 [ruff] Implement unnecessary-regular-expression (RUF055) (#14659)
• dc29f52 [flake8-pyi, ruff] Fix traversal of nested literals and unions (PYI016,...
• d9cbf2f Avoids unnecessary overhead for TC004, when TC001-003 are disabled (#14657)
• 3f6c65e [red-knot] Fix merged type after if-else without explicit else branch (#14621)
• 976c37a Bump version to 0.8.1 (#14655)
• a378ff3 [red-knot] Fix Boolean flags in mdtests (#14654)
• d8bca0d Fix bug where methods defined using lambdas were flagged by FURB118 (#14639)
• 6f1cf5b [red-knot] Minor fix in MRO tests (#14652)
• Additional commits viewable in compare view

Updates securesystemslib[awskms,azurekms,gcpkms,hsm,sigstore] to 1.1.0

Release notes

Sourced from securesystemslib[awskms,azurekms,gcpkms,hsm,sigstore]'s releases.

v1.1.0

See CHANGELOG.md for details.

Changelog

Sourced from securesystemslib[awskms,azurekms,gcpkms,hsm,sigstore]'s changelog.

securesystemslib v1.1.0

This is a small release that only re-enables the use of SigstoreSigner. Note that SigstoreSigner and SigstoreKey are still not part of the default set of supported signers & keys but now they can be enabled.

Changed

• SigstoreSigner: Re-enable compatibility with Sigstore (#781)

securesystemslib v1.0.0

Securesystemslib API is now considered stable. The core functionality is provided in the Signer interface and the half a dozen integrated Signer implementations that can be found in the signer module. Smaller helper modules dsse, formats, hash and storage are also part of the API. Several legacy modules have been removed.

Added

• Signer: add public_key attribute to interface (#756)
• VaultSigner: Signer implementation for HashiCorp Vault (#800)
• CryptoSigner: support ecdsa keytype that is no longer in spec (#711)
• CryptoSigner: add private_bytes property (#799)
• CryptoSigner: add "file2" signer uri (#759)
• test: use localstack to test AWSSigner (#777)

Removed

• CryptoSigner: remove "file" signer uri (#759)
• migration script for legacy keys (#770)
• SSlibSigner class and *_securesystemslib_key methods (#771)
• legacy key key*, interface, util and schema modules (#772, #773, #776)
• unused functions in hash, and formats module (#774, #776)
• unused global key constants (#806)

Changed

• SSlibKey: strengthen input validation (#780, #795)
• AWSSigner: support default scheme and add stronger input validation (#724, #778)
• dsse: change Envelope.signatures type to dict (#743)
• vendor: update ed25519 copy (#793)
• docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796)
• test: improve and temporarily disable SigstoreSigner test (#779, #785)
• ci: use dependabot groups, update weekly (#735)
• ci: test macOS and Windows on latest Python only (#797)
• Make securessystemslib.gpg internal (#792)

Fixed

• Fix check-upstream-ed25519 workflow permission (#706)
• SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794)

securesystemslib v0.31.0

... (truncated)

Commits

• c70d7be Merge pull request #821 from jku/release-v1.1.0
• 9d4a99e Prepare v1.1
• 08e64be Merge pull request #819 from secure-systems-lab/dependabot/pip/dependencies-2...
• 7058f55 Bump the dependencies group across 1 directory with 4 updates
• 5e734e4 Merge pull request #813 from jku/upgrade-sigstore
• bc6f882 Merge pull request #814 from secure-systems-lab/dependabot/pip/test-and-lint-...

[jku]

@dependabot ignore securesystemslib 1.1.0
@dependabot ignore securesystemslib 1.2.0
@dependabot ignore tuf 5.1.0

(tuf and securesystemslib upgrades handled in #485: I'm testing if I can get dependabot to handle the other updates here)

[jku]

@dependabot ignore securesystemslib[awskms,azurekms,gcpkms,pynacl,sigstore] 1.1.0

[jku]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.