Skip to content

build(deps): bump sigstore-protobuf-specs from 0.3.2 to 0.4.1 #1343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build(deps): bump sigstore-protobuf-specs from 0.3.2 to 0.4.1 #1343

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 4, 2025
edited
Loading

Bumps sigstore-protobuf-specs from 0.3.2 to 0.4.1.

Changelog

Sourced from sigstore-protobuf-specs's changelog.

0.4.1

Changed

  • Updated SigningConfig to specify API versions and validity periods (#539)
  • Added deprecated, but still in use, algorithms for ECDSA P384 and P512 using SHA256 (#572)

0.4.0

  • Announced deprecation of JSONSchema outputs from this project (#493)

Fixed

  • Fix toolchain to write generated code as the user running the build instead of root (#473)

Changed

  • Recreated toolchain for code generation instead of depending on third-party container image (#469) (#475)
  • Updated code generation tools for Go library to latest stable releases (#476)
  • Updated code generation tools for JSONSchema files to latest stable releases (#478)
  • Updated code generation tools for Python library to latest stable releases (#479)
  • Updated code generation tools for Ruby library to latest stable releases (#481)
  • Updated code generation tools for Rust library to latest stable releases (#486)
  • Updated code generation tools for Typescript library to latest stable releases (#488)

0.3.3

  • Allowed specifying artifact digest for verification (#406)
  • Added version to SigningConfig message (#383)

Changed

  • Docs: Clarify that integration time is only trustworthy with a Signed Entry Timestamp (#442)
  • Docs: Clarify inclusion promise requirement (#380)
  • Docs: Clarify that artifact digest verification should not be used with

... (truncated)

Commits
  • 9581010 protos/PublicKeyDetails: add compatibility algorithms using SHA256 (#572)
  • 44b9830 build(deps): bump quote from 1.0.38 to 1.0.40 in /gen/pb-rust (#580)
  • e5bccce build(deps): bump syn from 2.0.98 to 2.0.100 in /gen/pb-rust (#581)
  • ed1f69d build(deps): bump prost from 0.13.4 to 0.13.5 in /gen/pb-rust (#584)
  • 3629838 build(deps): bump serde_json from 1.0.139 to 1.0.140 in /gen/pb-rust (#583)
  • a9885b2 build(deps): bump anyhow from 1.0.96 to 1.0.97 in /gen/pb-rust (#582)
  • 7e4a1ad Update Dockerfile.protobuf to 29.4 (#571)
  • bf91edb minor zizmor fixes to specify permissions (#570)
  • 01c386e build(deps): bump gradle/actions from 4.3.0 to 4.3.1 (#567)
  • 793836f build(deps): bump ruby/setup-ruby from 1.227.0 to 1.229.0 (#569)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump sigstore-protobuf-specs from 0.3.2 to 0.4.1
c519722 
Bumps [sigstore-protobuf-specs](https://github.com/sigstore/protobuf-specs) from 0.3.2 to 0.4.1.
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.3.2...v0.4.1)

---
updated-dependencies:
- dependency-name: sigstore-protobuf-specs
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 4, 2025
@woodruffw
Copy link
Member

#1276.

@woodruffw woodruffw closed this Apr 4, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 4, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/pip/sigstore-protobuf-specs-0.4.1 branch April 4, 2025 19:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@woodruffw