From 1a48f0c52f5f2ac83d4458baf9cf46a47790f4d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Aug 2024 01:25:15 +0000
Subject: [PATCH 1/5] build(deps): update sigstore requirement in the python
 group

Updates the requirements on [sigstore](https://github.com/sigstore/sigstore-python) to permit the latest version.

Updates `sigstore` to 3.2.0
- [Release notes](https://github.com/sigstore/sigstore-python/releases)
- [Changelog](https://github.com/sigstore/sigstore-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/sigstore-python/compare/v3.1.0...v3.2.0)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-type: direct:production
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 84f23d4..21c7480 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -17,7 +17,7 @@ dependencies = [
     "cryptography",
     "packaging",
     "pydantic",
-    "sigstore~=3.1.0",
+    "sigstore>=3.1,<3.3",
     "sigstore-protobuf-specs",
 ]
 requires-python = ">=3.11"

From d6c51cf9e0932bdbe81815d79f2fb3c5b02a97d9 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Tue, 20 Aug 2024 11:51:19 -0400
Subject: [PATCH 2/5] test: formatting

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 test/test_cli.py  | 5 +++--
 test/test_impl.py | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/test/test_cli.py b/test/test_cli.py
index 6fbfda5..969568c 100644
--- a/test/test_cli.py
+++ b/test/test_cli.py
@@ -8,9 +8,11 @@
 import tempfile
 from pathlib import Path
 
-import pypi_attestations._cli
 import pytest
 import sigstore.oidc
+from sigstore.oidc import IdentityError
+
+import pypi_attestations._cli
 from pypi_attestations._cli import (
     _logger,
     _validate_files,
@@ -18,7 +20,6 @@
     main,
 )
 from pypi_attestations._impl import Attestation
-from sigstore.oidc import IdentityError
 
 ONLINE_TESTS = "CI" in os.environ or "TEST_INTERACTIVE" in os.environ
 online = pytest.mark.skipif(not ONLINE_TESTS, reason="online tests not enabled")
diff --git a/test/test_impl.py b/test/test_impl.py
index 5afe8f5..2edcec8 100644
--- a/test/test_impl.py
+++ b/test/test_impl.py
@@ -7,7 +7,6 @@
 from typing import Any
 
 import pretend
-import pypi_attestations._impl as impl
 import pytest
 import sigstore
 from pydantic import TypeAdapter, ValidationError
@@ -17,6 +16,8 @@
 from sigstore.sign import SigningContext
 from sigstore.verify import Verifier, policy
 
+import pypi_attestations._impl as impl
+
 ONLINE_TESTS = "CI" in os.environ or "TEST_INTERACTIVE" in os.environ
 
 online = pytest.mark.skipif(not ONLINE_TESTS, reason="online tests not enabled")

From ae2a6e551f6e7beef9bb792fb0510391af535e7a Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Tue, 20 Aug 2024 13:22:11 -0400
Subject: [PATCH 3/5] update private API use

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 src/pypi_attestations/_impl.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pypi_attestations/_impl.py b/src/pypi_attestations/_impl.py
index d7346d3..53d0670 100644
--- a/src/pypi_attestations/_impl.py
+++ b/src/pypi_attestations/_impl.py
@@ -255,7 +255,7 @@ def from_bundle(cls, sigstore_bundle: Bundle) -> Attestation:
             verification_material=VerificationMaterial(
                 certificate=base64.b64encode(certificate),
                 transparency_entries=[
-                    TransparencyLogEntry(sigstore_bundle.log_entry._to_dict_rekor())  # noqa: SLF001
+                    sigstore_bundle.log_entry._to_rekor()  # noqa: SLF001
                 ],
             ),
             envelope=Envelope(

From 4168e58765e1bacc601ef3cb3a79efe95acd0b42 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Tue, 20 Aug 2024 13:22:47 -0400
Subject: [PATCH 4/5] pyproject: bump sigstore to ~3.2

3.1 isn't supported, due to private API changes.

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 21c7480..c23f60d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -17,7 +17,7 @@ dependencies = [
     "cryptography",
     "packaging",
     "pydantic",
-    "sigstore>=3.1,<3.3",
+    "sigstore~=3.2",
     "sigstore-protobuf-specs",
 ]
 requires-python = ">=3.11"

From b302a1a1bb05373d4bf9765b618bbaaeec92d755 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Tue, 20 Aug 2024 13:26:49 -0400
Subject: [PATCH 5/5] convert to dict

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 src/pypi_attestations/_impl.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pypi_attestations/_impl.py b/src/pypi_attestations/_impl.py
index 53d0670..efd94b6 100644
--- a/src/pypi_attestations/_impl.py
+++ b/src/pypi_attestations/_impl.py
@@ -255,7 +255,7 @@ def from_bundle(cls, sigstore_bundle: Bundle) -> Attestation:
             verification_material=VerificationMaterial(
                 certificate=base64.b64encode(certificate),
                 transparency_entries=[
-                    sigstore_bundle.log_entry._to_rekor()  # noqa: SLF001
+                    sigstore_bundle.log_entry._to_rekor().to_dict()  # noqa: SLF001
                 ],
             ),
             envelope=Envelope(