build(deps): bump the dependencies group across 1 directory with 10 updates

.github/workflows/_test.yml

@@ -69,9 +69,11 @@ jobs:
             echo "PYKCS11LIB=/usr/lib/softhsm/libsofthsm2.so" >> $GITHUB_ENV
 
           elif [ "$RUNNER_OS" == "macOS" ]; then
-            brew install softhsm
-            echo "PYKCS11LIB=$(brew --prefix softhsm)/lib/softhsm/libsofthsm2.so" >> $GITHUB_ENV
-
+            ## disabled due to https://github.com/secure-systems-lab/securesystemslib/issues/1015
+            unset PYKCS11LIB
+            echo "Skipping HSM tests on MacOS"
+            # brew install softhsm
+            # echo "PYKCS11LIB=$(brew --prefix softhsm)/lib/softhsm/libsofthsm2.so" >> $GITHUB_ENV
           elif [ "$RUNNER_OS" == "Windows" ]; then
             echo "Skipping HSM tests on Windows"
             # see https://github.com/secure-systems-lab/securesystemslib/issues/520

requirements-aws.txt

@@ -1,2 +1,2 @@
-boto3~=1.38.28
-botocore~=1.38.28
+boto3~=1.40.7
+botocore~=1.40.7

requirements-build.txt

@@ -1 +1 @@
-build==1.2.2.post1
+build==1.3.0

requirements-lint.txt

@@ -1,3 +1,3 @@
-mypy==1.16.0
-ruff==0.11.13
-zizmor==1.9.0
+mypy==1.17.1
+ruff==0.12.8
+zizmor==1.11.0

requirements-pinned.txt

@@ -10,11 +10,11 @@ cffi==1.17.1
     # via
     #   cryptography
     #   pyspx
-cryptography==44.0.3
+cryptography==45.0.6
     # via -r requirements.txt
 pycparser==2.22
     # via cffi
-pykcs11==1.5.17
+pykcs11==1.5.18
     # via -r requirements.txt
 pyspx==0.5.0 ; platform_system != "Windows"
     # via -r requirements.txt

requirements-sigstore.txt

@@ -1 +1 @@
-sigstore==3.6.2
+sigstore==3.6.5

requirements-test.txt

@@ -1,2 +1,2 @@
 # additional test tools
-coverage==7.8.2
+coverage==7.10.3

securesystemslib/dsse.py

@@ -42,6 +42,9 @@ def __eq__(self, other: Any) -> bool:
             and self.signatures == other.signatures
         )
 
+    def __hash__(self) -> int:
+        return hash((self.payload, self.payload_type, self.signatures))
+
     @classmethod
     def from_dict(cls, data: dict) -> Envelope:
         """Creates a DSSE Envelope from its JSON/dict representation.

securesystemslib/signer/_key.py

@@ -127,6 +127,17 @@ def __eq__(self, other: Any) -> bool:
             and self.unrecognized_fields == other.unrecognized_fields
         )
 
+    def __hash__(self) -> int:
+        return hash(
+            (
+                self.keyid,
+                self.keytype,
+                self.scheme,
+                self.keyval,
+                self.unrecognized_fields,
+            )
+        )
+
     @classmethod
     @abstractmethod
     def from_dict(cls, keyid: str, key_dict: dict[str, Any]) -> Key:

securesystemslib/signer/_signature.py

@@ -55,6 +55,9 @@ def __eq__(self, other: Any) -> bool:
             and self.unrecognized_fields == other.unrecognized_fields
         )
 
+    def __hash__(self) -> int:
+        return hash((self.keyid, self.signature, self.unrecognized_fields))
+
     @classmethod
     def from_dict(cls, signature_dict: dict) -> Signature:
         """Creates a Signature object from its JSON/dict representation.

securesystemslib/signer/_sigstore_signer.py

@@ -22,6 +22,8 @@
 
 IMPORT_ERROR = "sigstore library required to use 'sigstore-oidc' keys"
 
+# ruff: noqa: PLC0415
+
 logger = logging.getLogger(__name__)
 
 

tests/aggregate_tests.py

@@ -27,7 +27,7 @@
 if __name__ == "__main__":
     suite = unittest.TestLoader().discover("tests", top_level_dir=".")
     all_tests_passed = (
-        unittest.TextTestRunner(verbosity=1, buffer=True).run(suite).wasSuccessful()
+        unittest.TextTestRunner(verbosity=2, buffer=True).run(suite).wasSuccessful()
     )
     if not all_tests_passed:
         sys.exit(1)

tox.ini

@@ -70,7 +70,7 @@ commands =
     ruff check {[testenv:lint]lint_dirs}
 
     mypy securesystemslib
-    zizmor --persona=pedantic -q .
+    zizmor --persona=regular -q .
 
 [testenv:fix]
 deps = {[testenv:lint]deps}