chore(deps): bump securesystemslib from 0.28.0 to 0.30.0

[dependabot]

Bumps securesystemslib from 0.28.0 to 0.30.0.

Release notes

Sourced from securesystemslib's releases.

0.30.0

This release contains improved Sigstore support.

Changed

• SigstoreSigner adapted to sigstore-python 2.0 API: This allows improved UX where a new signing identity can be defined using interactive credentials (browser login): SigstoreSigner.import_via_auth()
• Documentation improvements

Removed

• Python 3.7 is no longer supported

0.29.0

This release is reaping the rewards of the new signer API with four(!) new signing methods: Two cloud based KMSs, post-quantum crypto support and a "keyless" signing system.

Advance notice to folks using the keys, ecdsa_keys, rsa_keys and ed25519_keys modules: these modules are headed for deprecation. Please have a look at the signer API and get in touch if the functionality you need isn't there (or if more documentation is needed).

Added

• Sigstore as a new experimental signing method (#552)
• SPHINCS+ as a new experimental signing method (#568)
• Azure Key Vault as a new signing method (#588)
• AWS KMS as a new signing method (#609)
• CryptoSigner as a more featureful replacement for SSLibSigner (#604)
• Documentation that focuses on the signer API (#634, #622)

Changed

• SSLibSigner has been deprecated: Please use CryptoSigner instead (#604)
• keys module is not used for signature verification in signer API (#585)
• Various minor fixes, please see git log for details

New Contributors

• @​malancas made their first contribution in secure-systems-lab/securesystemslib#588
• @​kommendorkapten made their first contribution in secure-systems-lab/securesystemslib#597
• @​ianhundere made their first contribution in secure-systems-lab/securesystemslib#609

Full Changelog: secure-systems-lab/securesystemslib@v0.28.0...v0.29.0

Changelog

Sourced from securesystemslib's changelog.

securesystemslib v0.30.0

This release contains improved Sigstore support.

Changed

• SigstoreSigner adapted to sigstore-python 2.0 API: This allows improved UX where a new signing identity can be defined using interactive credentials (browser login): SigstoreSigner.import_via_auth()
• Documentation improvements

Removed

• Python 3.7 is no longer supported

securesystemslib v0.29.0

This release is reaping the rewards of the new signer API with four(!) new signing methods: Two cloud based KMSs, post-quantum crypto support and a "keyless" signing system.

Advance notice to folks using the keys, ecdsa_keys, rsa_keys and ed25519_keys modules: these modules are headed for deprecation. Please have a look at the signer API and get in touch if the functionality you need isn't there (or if more documentation is needed).

Added

• Sigstore as a new experimental signing method (#552)
• SPHINCS+ as a new experimental signing method (#568)
• Azure Key Vault as a new signing method (#588)
• AWS KMS as a new signing method (#609)
• CryptoSigner as a more featureful replacement for SSLibSigner (#604)
• Documentation that focuses on the signer API (#634, #622)

Changed

• SSLibSigner has been deprecated: Please use CryptoSigner instead (#604)
• keys module is not used for signature verification in signer API (#585)
• Various minor fixes, please see git log for details

Commits

• fe0cf39 Merge pull request #652 from secure-systems-lab/release-0.30.0
• 6f71afd Release 0.30.0
• ba59fea Merge pull request #649 from secure-systems-lab/dependabot/pip/cffi-1.16.0
• d2791cc Merge pull request #650 from secure-systems-lab/dependabot/pip/pylint-2.17.7
• 3ed46e5 Merge pull request #630 from secure-systems-lab/new-sigstore-api
• 856aa57 sigstore: Tweak method signature
• 280036f build(deps): bump pylint from 2.17.6 to 2.17.7
• c01f957 build: Fix sigstore compatible release" versioning
• 4a938c8 Sigstore: Use new public SigningResult.to_bundle()
• 1434f83 Sigstore: Add an import method with no args
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)