chore(deps): bump securesystemslib from 0.28.0 to 0.29.0

[dependabot]

Bumps securesystemslib from 0.28.0 to 0.29.0.

Release notes

Sourced from securesystemslib's releases.

0.29.0

This release is reaping the rewards of the new signer API with four(!) new signing methods: Two cloud based KMSs, post-quantum crypto support and a "keyless" signing system.

Advance notice to folks using the keys, ecdsa_keys, rsa_keys and ed25519_keys modules: these modules are headed for deprecation. Please have a look at the signer API and get in touch if the functionality you need isn't there (or if more documentation is needed).

Added

• Sigstore as a new experimental signing method (#552)
• SPHINCS+ as a new experimental signing method (#568)
• Azure Key Vault as a new signing method (#588)
• AWS KMS as a new signing method (#609)
• CryptoSigner as a more featureful replacement for SSLibSigner (#604)
• Documentation that focuses on the signer API (#634, #622)

Changed

• SSLibSigner has been deprecated: Please use CryptoSigner instead (#604)
• keys module is not used for signature verification in signer API (#585)
• Various minor fixes, please see git log for details

New Contributors

• @​malancas made their first contribution in secure-systems-lab/securesystemslib#588
• @​kommendorkapten made their first contribution in secure-systems-lab/securesystemslib#597
• @​ianhundere made their first contribution in secure-systems-lab/securesystemslib#609

Full Changelog: secure-systems-lab/securesystemslib@v0.28.0...v0.29.0

Changelog

Sourced from securesystemslib's changelog.

securesystemslib v0.29.0

This release is reaping the rewards of the new signer API with four(!) new signing methods: Two cloud based KMSs, post-quantum crypto support and a "keyless" signing system.

Advance notice to folks using the keys, ecdsa_keys, rsa_keys and ed25519_keys modules: these modules are headed for deprecation. Please have a look at the signer API and get in touch if the functionality you need isn't there (or if more documentation is needed).

Added

• Sigstore as a new experimental signing method (#552)
• SPHINCS+ as a new experimental signing method (#568)
• Azure Key Vault as a new signing method (#588)
• AWS KMS as a new signing method (#609)
• CryptoSigner as a more featureful replacement for SSLibSigner (#604)
• Documentation that focuses on the signer API (#634, #622)

Changed

• SSLibSigner has been deprecated: Please use CryptoSigner instead (#604)
• keys module is not used for signature verification in signer API (#585)
• Various minor fixes, please see git log for details

Commits

• 03f4ad8 Merge pull request #635 from jku/release-0.29.0
• 3b5056c Release 0.29.0
• 819e5a1 Merge pull request #632 from jku/add-unstable-api-notes
• d0dcbd8 Merge pull request #634 from MVrachev/rewrite-readme
• f2a39f5 Sigstore, Spx: Improve docstring phrasing
• 2538c3e Apply Jussi's suggestions improving README
• 4bef900 Merge pull request #622 from lukpueh/rtd-docs
• 46363c4 Merge pull request #626 from secure-systems-lab/dependabot/github_actions/act...
• 936bc04 Spx: Make SpxKey not part of default keyset
• e7f7c89 Sigstore: improve docstring language
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)