Merge PRs #276 and #277 into release/v1

webknjaz · webknjaz · commit 72ead1a85a1f · 2024-10-30T02:04:39.000+01:00
diff --git a/action.yml b/action.yml
@@ -86,7 +86,7 @@ inputs:
       Enable experimental support for PEP 740 attestations.
       Only works with PyPI and TestPyPI via Trusted Publishing.
     required: false
-    default: 'false'
+    default: 'true'
 branding:
   color: yellow
   icon: upload-cloud
diff --git a/requirements/runtime.in b/requirements/runtime.in
@@ -10,8 +10,8 @@ id ~= 1.0
 requests
 
 # NOTE: Used to generate attestations.
-pypi-attestations ~= 0.0.12
-sigstore ~= 3.2.0
+pypi-attestations ~= 0.0.13
+sigstore ~= 3.5.1
 
 # NOTE: Used to detect the PyPI package name from the distribution files
 packaging
diff --git a/requirements/runtime.txt b/requirements/runtime.txt
@@ -72,7 +72,9 @@ pkginfo==1.10.0
 platformdirs==4.2.2
     # via sigstore
 pyasn1==0.6.0
-    # via sigstore
+    # via
+    #   pypi-attestations
+    #   sigstore
 pycparser==2.22
     # via cffi
 pydantic==2.7.1
@@ -91,7 +93,7 @@ pyjwt==2.8.0
     # via sigstore
 pyopenssl==24.1.0
     # via sigstore
-pypi-attestations==0.0.12
+pypi-attestations==0.0.13
     # via -r runtime.in
 python-dateutil==2.9.0.post0
     # via betterproto
@@ -117,7 +119,7 @@ rich==13.7.1
     #   twine
 securesystemslib==1.0.0
     # via tuf
-sigstore==3.2.0
+sigstore==3.5.1
     # via
     #   -r runtime.in
     #   pypi-attestations
