build(deps-dev): bump sigstore-rekor-types from 0.0.12 to 0.0.13

[dependabot]

Bumps sigstore-rekor-types from 0.0.12 to 0.0.13.

Release notes

Sourced from sigstore-rekor-types's releases.

v0.0.13

What's Changed

• bump rekor to 1.3.6 by @​woodruffw in trailofbits/sigstore-rekor-types#26

Full Changelog: trailofbits/sigstore-rekor-types@v0.0.12...v0.0.13

Commits

• cb51dc2 rekor_types: 0.0.13
• 0bbbec8 bump rekor to 1.3.6 (#26)
• 7637117 build(deps): bump actions/deploy-pages from 4.0.4 to 4.0.5 (#37)
• 86ca37e build(deps-dev): update ruff requirement from <0.3.4 to <0.3.5 (#38)
• a1fa8f3 build(deps-dev): update ruff requirement from <0.3.3 to <0.3.4 (#36)
• 734dd39 build(deps-dev): update ruff requirement from <0.3.1 to <0.3.3 (#34)
• dcd6305 build(deps): bump pypa/gh-action-pypi-publish from 1.8.12 to 1.8.14 (#35)
• b5391b1 build(deps-dev): update ruff requirement from <0.2.3 to <0.3.1 (#32)
• 8d5a1c2 build(deps): bump pypa/gh-action-pypi-publish from 1.8.11 to 1.8.12 (#33)
• 2ef01cc build(deps-dev): update ruff requirement from <0.2.2 to <0.2.3 (#31)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[jku]

sigstore/sign.py:208: error: Module has no attribute "DsseV001Schema"; maybe "DsseV001Schema1", "DsseV001Schema2", or "DsseSchema"?

I suppose we want to use DsseV001Schema1 and strictly pin sigstore-rekor-types==0.0.13?

Or is DsseSchema an option?

[woodruffw]

Or is DsseSchema an option?

Yeah, I believe this is what we should switch to. I'll poke at it today 🙂

[woodruffw]

NB: mypy is currently unhappy with this because of koxudaxi/datamodel-code-generator#1903:

sigstore/sign.py:208: error: Unexpected keyword argument "proposed_content" for "DsseSchema"  [call-arg]
Found 1 error in 1 file (checked 27 source files)
make: *** [Makefile:65: lint] Error 1

Edit: this may (?) also be a manifestation of a partially fixed Pydantic bug: pydantic/pydantic#7418 (comment)

[woodruffw]

Doing this manually.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.