From bd9de57e809871b3dcb4aee971eb34d07120a7ce Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 14:07:51 +0000
Subject: [PATCH] Bump the pip group with 3 updates

Bumps the pip group with 3 updates: [paramiko](https://github.com/paramiko/paramiko), [python-gnupg](https://github.com/vsajip/python-gnupg) and [sigstore](https://github.com/sigstore/sigstore-python).


Updates `paramiko` from 3.5.1 to 4.0.0
- [Commits](https://github.com/paramiko/paramiko/compare/3.5.1...4.0.0)

Updates `python-gnupg` from 0.5.4 to 0.5.5
- [Release notes](https://github.com/vsajip/python-gnupg/releases)
- [Changelog](https://github.com/vsajip/python-gnupg/blob/master/release)
- [Commits](https://github.com/vsajip/python-gnupg/compare/0.5.4...0.5.5)

Updates `sigstore` from 3.6.4 to 3.6.5
- [Release notes](https://github.com/sigstore/sigstore-python/releases)
- [Changelog](https://github.com/sigstore/sigstore-python/blob/v3.6.5/CHANGELOG.md)
- [Commits](https://github.com/sigstore/sigstore-python/compare/v3.6.4...v3.6.5)

---
updated-dependencies:
- dependency-name: paramiko
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pip
- dependency-name: python-gnupg
  dependency-version: 0.5.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip
- dependency-name: sigstore
  dependency-version: 3.6.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 mypy-requirements.txt |  2 +-
 requirements.txt      | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/mypy-requirements.txt b/mypy-requirements.txt
index 4b2df441..d621fdc1 100644
--- a/mypy-requirements.txt
+++ b/mypy-requirements.txt
@@ -5,6 +5,6 @@ pyfakefs
 pytest
 pytest-mock
 python-gnupg  # untyped :(
-sigstore==3.6.4
+sigstore==3.6.5
 types-paramiko
 types-requests
diff --git a/requirements.txt b/requirements.txt
index cb64f944..68b1f0c8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -460,6 +460,9 @@ idna==3.10 \
     #   email-validator
     #   requests
     #   yarl
+invoke==2.2.0 \
+    --hash=sha256:6ea924cc53d4f78e3d98bc436b08069a03077e6f85ad1ddaa8a116d7dad15820
+    # via paramiko
 markdown-it-py==3.0.0 \
     --hash=sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1
     # via rich
@@ -562,8 +565,8 @@ multidict==6.1.0 \
     #   aiohttp
     #   grpclib
     #   yarl
-paramiko==3.5.1 \
-    --hash=sha256:43b9a0501fc2b5e70680388d9346cf252cfb7d00b0667c39e80eb43a408b8f61
+paramiko==4.0.0 \
+    --hash=sha256:0e20e00ac666503bf0b4eda3b6d833465a2b7aff2e2b3d79a8bba5ef144ee3b9
     # via -r requirements.in
 platformdirs==4.3.6 \
     --hash=sha256:73e575e1408ab8103900836b97580d5307456908a03e92031bab39e4554cc3fb
@@ -788,8 +791,8 @@ pyopenssl==25.0.0 \
 python-dateutil==2.9.0.post0 \
     --hash=sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427
     # via betterproto
-python-gnupg==0.5.4 \
-    --hash=sha256:40ce25cde9df29af91fe931ce9df3ce544e14a37f62b13ca878c897217b2de6c
+python-gnupg==0.5.5 \
+    --hash=sha256:51fa7b8831ff0914bc73d74c59b99c613de7247b91294323c39733bb85ac3fc1
     # via -r requirements.in
 requests==2.32.4 \
     --hash=sha256:27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c