chore(deps): bump pypi-attestations from 0.0.12 to 0.0.13 (#16954)

* chore(deps): bump pypi-attestations from 0.0.12 to 0.0.13 Bumps [pypi-attestations](https://github.com/trailofbits/pypi-attestations) from 0.0.12 to 0.0.13. - [Release notes](https://github.com/trailofbits/pypi-attestations/releases) - [Changelog](https://github.com/trailofbits/pypi-attestations/blob/main/CHANGELOG.md) - [Commits](trailofbits/pypi-attestations@v0.0.12...v0.0.13) --- updated-dependencies: - dependency-name: pypi-attestations dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * update for new verify interface --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ee Durbin <[email protected]>
pypi · Oct 25, 2024 · 4d8bad4 · 4d8bad4
1 parent 211b9bc
commit 4d8bad4
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 8 deletions.
diff --git a/requirements/main.in b/requirements/main.in
@@ -65,7 +65,7 @@ rfc3986
 sentry-sdk
 setuptools
 sigstore~=3.5.0
-pypi-attestations==0.0.12
+pypi-attestations==0.0.13
 sqlalchemy[asyncio]>=2.0,<3.0
 stdlib-list
 stripe

diff --git a/requirements/main.txt b/requirements/main.txt
@@ -1591,6 +1591,7 @@ pyasn1==0.6.1 \
     --hash=sha256:6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
     # via
     #   pyasn1-modules
+    #   pypi-attestations
     #   rsa
     #   sigstore
 pyasn1-modules==0.4.1 \
@@ -1781,9 +1782,9 @@ pyparsing==3.2.0 \
     --hash=sha256:93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84 \
     --hash=sha256:cbf74e27246d595d9a74b186b810f6fbb86726dbf3b9532efb343f6d7294fe9c
     # via linehaul
-pypi-attestations==0.0.12 \
-    --hash=sha256:b1b2d5e700def138a214869f65835ff20e5f2e524acca841d5280ea89c2d2c46 \
-    --hash=sha256:d4a901121993ff8693ef9fd99e83f506ce79b5f799c36fcf8ddcdb38f4f8960b
+pypi-attestations==0.0.13 \
+    --hash=sha256:2f61f3ba81d836b54359096f43f19d7ddb15fa13542d3236b9caf92bd8b3af65 \
+    --hash=sha256:cc4213c2aab3b9d06d54c353ed7f23febf92b2409b0bb4ce5d8ade0aadcbd6ed
     # via -r requirements/main.in
 pyqrcode==1.2.1 \
     --hash=sha256:1b2812775fa6ff5c527977c4cd2ccb07051ca7d0bc0aecf937a43864abe5eff6 \

diff --git a/tests/unit/attestations/test_services.py b/tests/unit/attestations/test_services.py
@@ -181,10 +181,9 @@ def test_parse_attestations_fails_verification(
             [dummy_attestation]
         )
 
-        def failing_verify(_self, _verifier, _policy, _dist):
+        def failing_verify(_self, _policy, _dist):
             raise verify_exception("error")
 
-        monkeypatch.setattr(Verifier, "production", lambda: pretend.stub())
         monkeypatch.setattr(Attestation, "verify", failing_verify)
 
         with pytest.raises(AttestationUploadError, match=expected_message):

diff --git a/warehouse/attestations/services.py b/warehouse/attestations/services.py
@@ -30,7 +30,6 @@
     VerificationError,
 )
 from pyramid.request import Request
-from sigstore.verify import Verifier
 from zope.interface import implementer
 
 from warehouse.attestations.errors import AttestationUploadError
@@ -207,7 +206,6 @@ def parse_attestations(
         for attestation_model in attestations:
             try:
                 predicate_type, _ = attestation_model.verify(
-                    Verifier.production(),
                     verification_policy,
                     distribution,
                 )