Update dependency securesystemslib to v1 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
securesystemslib	<1 -> <2

---

Release Notes

secure-systems-lab/securesystemslib (securesystemslib)

v1.3.1

Compare Source

Fixed

• AWSSigner: Don't send payload to AWS for signing, send hash only (#​1026)
• Set Development status classifier to "production/stable" in Python
  packaging (#​1030)

Internals

• Minor infrastructure changes (#​1005, #​1013)

v1.3.0

Compare Source

The hash module will be removed in the next major version. Consider using
hashlib from the standard library directly instead.

Added

• Annotate library (#​970)

Changed

• Deprecate hash module (#​977)
• Modernize license metadata (#​942)

Internals

• Refactor signing scheme parsing (#​981)
• Misc test and ci/cd improvements (#​926, #​953, #​958, #​965, #​966)

v1.2.0

Compare Source

Small release with mostly internal changes.

Thanks to @​L77H and @​NicholasTanz for the bulk of the work on this release.

Added

• ecdsa-sha2-nistp521 supported in signer API (#​852)
• SigstoreSigner now has a convenience function for creating a signing
  identity for GitHub Actions workflow (#​842)

Internals

• Linting refactoring, switched to ruff
• Modern annotations used in most of the code base

v1.1.0

Compare Source

This is a small release that only re-enables the use of SigstoreSigner.
Note that SigstoreSigner and SigstoreKey are still not part of the default
set of supported signers & keys but now they can be enabled.

Changed

• SigstoreSigner: Re-enable compatibility with Sigstore (#​781)

v1.0.0

Compare Source

Securesystemslib API is now considered stable. The core functionality is
provided in the Signer interface and the half a dozen integrated Signer
implementations that can be found in the signer module. Smaller helper
modules dsse, formats, hash and storage are also part of the API.
Several legacy modules have been removed.

Added

• Signer: add public_key attribute to interface (#​756)
• VaultSigner: Signer implementation for HashiCorp Vault (#​800)
• CryptoSigner: support ecdsa keytype that is no longer in spec (#​711)
• CryptoSigner: add private_bytes property (#​799)
• CryptoSigner: add "file2" signer uri (#​759)
• test: use localstack to test AWSSigner (#​777)

Removed

• CryptoSigner: remove "file" signer uri (#​759)
• migration script for legacy keys (#​770)
• SSlibSigner class and *_securesystemslib_key methods (#​771)
• legacy key key*, interface, util and schema modules (#​772, #​773, #​776)
• unused functions in hash, and formats module (#​774, #​776)
• unused global key constants (#​806)

Changed

• SSlibKey: strengthen input validation (#​780, #​795)
• AWSSigner: support default scheme and add stronger input validation (#​724, #​778)
• dsse: change Envelope.signatures type to dict (#​743)
• vendor: update ed25519 copy (#​793)
• docs: improve user and contributor docs (#​744, #​745, #​746, #​749, #​759, #​796)
• test: improve and temporarily disable SigstoreSigner test (#​779, #​785)
• ci: use dependabot groups, update weekly (#​735)
• ci: test macOS and Windows on latest Python only (#​797)
• Make securessystemslib.gpg internal (#​792)

Fixed

• Fix check-upstream-ed25519 workflow permission (#​706)
• SSlibKey: fix default scheme and test for ecdsa nistp384 key (#​763 #​794)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.