Bump in-toto dependency.#226
Conversation
3493212 to
c8b29af
Compare
|
Hmm... |
|
Hello old friend: |
|
Looks like chains is depending on the The two things I found that need to move out to make a
I will look into splitting these out in the morning (unless someone beats me to it!) EDIT: This is an example of the depcheck I added to sigstore when the |
efcb0bc to
623b760
Compare
|
Ok, I am optimistic that this will pass, but I had to tweak an e2e test to reflect a change pulled in via the updated deps. |
| { | ||
| "_type": "https://in-toto.io/Statement/v0.1", | ||
| "predicateType": "https://in-toto.io/Provenance/v0.1", | ||
| "predicateType": "https://slsa.dev/provenance/v0.1", |
There was a problem hiding this comment.
@priyawadhwa LMK if this is expected, but this seems to be what the provenance type changed to in in-toto 🤷
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dlorenc The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Merge conflict, fixing it now |
I noticed that there were some breaking changes in the in-toto version pulled in compared with the version in sigstore. This updates things to HEAD.
623b760 to
be66513
Compare
|
Rebased on main and updated deps, but I'll need a fresh |
|
/lgtm |
I noticed that there were some breaking changes in the in-toto version pulled in compared with the version in sigstore. This updates things to HEAD.