Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the dependencies group with 3 updates #901

Merged
merged 1 commit into from
Oct 29, 2024
Merged

Bump the dependencies group with 3 updates #901

merged 1 commit into from
Oct 29, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 28, 2024

Bumps the dependencies group with 3 updates: sigstore, boto3 and botocore.

Updates sigstore from 3.4.0 to 3.5.1

Release notes

Sourced from sigstore's releases.

v3.5.1

Fixed

  • Fixed a CLI parsing bug introduced in 3.5.0 when attempting to suppress irrelevant warnings (#1192)

v3.5.0

Added

  • CLI: The sigstore plumbing update-trust-root command has been added. Like other plumbing-level commands, this is considered unstable and changes are not subject to our semver policy until explicitly noted (#1174)

Fixed

  • CLI: Fixed an incorrect warning when verifying detached .crt/.sig inputs (#1179)
Changelog

Sourced from sigstore's changelog.

[3.5.1]

Fixed

  • Fixed a CLI parsing bug introduced in 3.5.0 when attempting to suppress irrelevant warnings (#1192)

[3.5.0]

Added

  • CLI: The sigstore plumbing update-trust-root command has been added. Like other plumbing-level commands, this is considered unstable and changes are not subject to our semver policy until explicitly noted (#1174)

Fixed

  • CLI: Fixed an incorrect warning when verifying detached .crt/.sig inputs (#1179)
Commits
  • 0ac33ee sigstore: prep 3.5.1 (#1193)
  • 33951a5 _cli: fix warning check (#1192)
  • f403812 README: bump tag for gh-action-sigstore-python (#1191)
  • 8a94b6b build(deps): bump actions/setup-python from 5.2.0 to 5.3.0 in the actions gro...
  • e56830e build(deps): update ruff requirement from <0.7.1 to <0.7.2 (#1189)
  • 68a7497 Prep 3.5.0 (#1184)
  • 4de8bd7 build(deps): bump actions/checkout from 4.2.1 to 4.2.2 in the actions group (...
  • f849402 _cli: don't warn on bare .sigstore if cert/sig is used (#1179)
  • cfacc77 build(deps): bump rich from 13.9.2 to 13.9.3 (#1180)
  • ba097ab build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 in the actions ...
  • Additional commits viewable in compare view

Updates boto3 from 1.35.45 to 1.35.50

Commits
  • ab1c5a9 Merge branch 'release-1.35.50'
  • 743bcbd Bumping version to 1.35.50
  • 9902766 Add changelog entries from botocore
  • 9f80f5a Merge pull request #4319 from boto/dependabot/github_actions/actions/setup-py...
  • 27def47 Merge pull request #4318 from boto/dependabot/github_actions/github/codeql-ac...
  • ad10feb Bump actions/setup-python from 5.2.0 to 5.3.0
  • 5f884ac Bump github/codeql-action from 3.26.0 to 3.27.0
  • d39929b Merge branch 'release-1.35.49'
  • 7610e03 Merge branch 'release-1.35.49' into develop
  • bb191f2 Bumping version to 1.35.49
  • Additional commits viewable in compare view

Updates botocore from 1.35.45 to 1.35.50

Commits
  • d7e0b58 Merge branch 'release-1.35.50'
  • 540eeaa Bumping version to 1.35.50
  • 3bcc8a4 Update endpoints model
  • 1a82143 Update to latest models
  • 51be9a2 Merge pull request #3290 from boto/dependabot/github_actions/actions/setup-py...
  • 733f64e Merge pull request #3289 from boto/dependabot/github_actions/github/codeql-ac...
  • 033346f Bump actions/setup-python from 5.2.0 to 5.3.0
  • 5080a30 Bump github/codeql-action from 3.26.0 to 3.27.0
  • ab80bd8 Merge branch 'release-1.35.49'
  • 8aade76 Merge branch 'release-1.35.49' into develop
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group with 3 updates
e3b4922 
Bumps the dependencies group with 3 updates: [sigstore](https://github.com/sigstore/sigstore-python), [boto3](https://github.com/boto/boto3) and [botocore](https://github.com/boto/botocore).


Updates `sigstore` from 3.4.0 to 3.5.1
- [Release notes](https://github.com/sigstore/sigstore-python/releases)
- [Changelog](https://github.com/sigstore/sigstore-python/blob/main/CHANGELOG.md)
- [Commits](sigstore/sigstore-python@v3.4.0...v3.5.1)

Updates `boto3` from 1.35.45 to 1.35.50
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.45...1.35.50)

Updates `botocore` from 1.35.45 to 1.35.50
- [Commits](boto/botocore@1.35.45...1.35.50)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: botocore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 28, 2024
@jku jku merged commit 167f4c7 into main Oct 29, 2024
19 checks passed
@dependabot dependabot bot deleted the dependabot/pip/dependencies-b13ae9151f branch October 29, 2024 06:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jku jku jku approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jku