From 4d8bad49e0561d44050a938ed91e0d1a342df4a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:23:39 -0400 Subject: [PATCH] chore(deps): bump pypi-attestations from 0.0.12 to 0.0.13 (#16954) * chore(deps): bump pypi-attestations from 0.0.12 to 0.0.13 Bumps [pypi-attestations](https://github.com/trailofbits/pypi-attestations) from 0.0.12 to 0.0.13. - [Release notes](https://github.com/trailofbits/pypi-attestations/releases) - [Changelog](https://github.com/trailofbits/pypi-attestations/blob/main/CHANGELOG.md) - [Commits](https://github.com/trailofbits/pypi-attestations/compare/v0.0.12...v0.0.13) --- updated-dependencies: - dependency-name: pypi-attestations dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * update for new verify interface --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ee Durbin --- requirements/main.in | 2 +- requirements/main.txt | 7 ++++--- tests/unit/attestations/test_services.py | 3 +-- warehouse/attestations/services.py | 2 -- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/requirements/main.in b/requirements/main.in index d9ba3f8c9fb4..063202f905bc 100644 --- a/requirements/main.in +++ b/requirements/main.in @@ -65,7 +65,7 @@ rfc3986 sentry-sdk setuptools sigstore~=3.5.0 -pypi-attestations==0.0.12 +pypi-attestations==0.0.13 sqlalchemy[asyncio]>=2.0,<3.0 stdlib-list stripe diff --git a/requirements/main.txt b/requirements/main.txt index 005733764381..1e3e0483298f 100644 --- a/requirements/main.txt +++ b/requirements/main.txt @@ -1591,6 +1591,7 @@ pyasn1==0.6.1 \ --hash=sha256:6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034 # via # pyasn1-modules + # pypi-attestations # rsa # sigstore pyasn1-modules==0.4.1 \ @@ -1781,9 +1782,9 @@ pyparsing==3.2.0 \ --hash=sha256:93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84 \ --hash=sha256:cbf74e27246d595d9a74b186b810f6fbb86726dbf3b9532efb343f6d7294fe9c # via linehaul -pypi-attestations==0.0.12 \ - --hash=sha256:b1b2d5e700def138a214869f65835ff20e5f2e524acca841d5280ea89c2d2c46 \ - --hash=sha256:d4a901121993ff8693ef9fd99e83f506ce79b5f799c36fcf8ddcdb38f4f8960b +pypi-attestations==0.0.13 \ + --hash=sha256:2f61f3ba81d836b54359096f43f19d7ddb15fa13542d3236b9caf92bd8b3af65 \ + --hash=sha256:cc4213c2aab3b9d06d54c353ed7f23febf92b2409b0bb4ce5d8ade0aadcbd6ed # via -r requirements/main.in pyqrcode==1.2.1 \ --hash=sha256:1b2812775fa6ff5c527977c4cd2ccb07051ca7d0bc0aecf937a43864abe5eff6 \ diff --git a/tests/unit/attestations/test_services.py b/tests/unit/attestations/test_services.py index f08e2b0ff921..c955aa360a4c 100644 --- a/tests/unit/attestations/test_services.py +++ b/tests/unit/attestations/test_services.py @@ -181,10 +181,9 @@ def test_parse_attestations_fails_verification( [dummy_attestation] ) - def failing_verify(_self, _verifier, _policy, _dist): + def failing_verify(_self, _policy, _dist): raise verify_exception("error") - monkeypatch.setattr(Verifier, "production", lambda: pretend.stub()) monkeypatch.setattr(Attestation, "verify", failing_verify) with pytest.raises(AttestationUploadError, match=expected_message): diff --git a/warehouse/attestations/services.py b/warehouse/attestations/services.py index 3915e69ad3b4..b4b10bb9d6a3 100644 --- a/warehouse/attestations/services.py +++ b/warehouse/attestations/services.py @@ -30,7 +30,6 @@ VerificationError, ) from pyramid.request import Request -from sigstore.verify import Verifier from zope.interface import implementer from warehouse.attestations.errors import AttestationUploadError @@ -207,7 +206,6 @@ def parse_attestations( for attestation_model in attestations: try: predicate_type, _ = attestation_model.verify( - Verifier.production(), verification_policy, distribution, )