Update all dependencies

This MR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
boto3	==1.24.53 -> ==1.24.58						patch
jsonschema (changelog)	==4.10.0 -> ==4.14.0						minor
oras-project/oras	v0.13.0 -> v0.14.0					ironbank-github	minor
sigstore/cosign	v1.10.1 -> v1.11.0					ironbank-github	minor

---

Release Notes

boto/boto3

v1.24.58

Compare Source

=======

• api-change:rds: [botocore] RDS for Oracle supports Oracle Data Guard switchover and read replica backups.
• api-change:sso-admin: [botocore] Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)

v1.24.57

Compare Source

=======

• api-change:docdb: [botocore] Update document for volume clone
• api-change:ec2: [botocore] R6a instances are powered by 3rd generation AMD EPYC (Milan) processors delivering all-core turbo frequency of 3.6 GHz. C6id, M6id, and R6id instances are powered by 3rd generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz.
• api-change:forecast: [botocore] releasing What-If Analysis APIs and update ARN regex pattern to be more strict in accordance with security recommendation
• api-change:forecastquery: [botocore] releasing What-If Analysis APIs
• api-change:iotsitewise: [botocore] Enable non-unique asset names under different hierarchies
• api-change:lexv2-models: [botocore] Update lexv2-models client to latest version
• api-change:securityhub: [botocore] Added new resource details objects to ASFF, including resources for AwsBackupBackupVault, AwsBackupBackupPlan and AwsBackupRecoveryPoint. Added FixAvailable, FixedInVersion and Remediation to Vulnerability.
• api-change:support-app: [botocore] This is the initial SDK release for the AWS Support App in Slack.

v1.24.56

Compare Source

=======

• api-change:connect: [botocore] This release adds SearchSecurityProfiles API which can be used to search for Security Profile resources within a Connect Instance.
• api-change:ivschat: [botocore] Documentation Change for IVS Chat API Reference - Doc-only update to change text/description for tags field.
• api-change:kendra: [botocore] This release adds support for a new authentication type - Personal Access Token (PAT) for confluence server.
• api-change:lookoutmetrics: [botocore] This release is to make GetDataQualityMetrics API publicly available.

v1.24.55

Compare Source

=======

• api-change:chime-sdk-media-pipelines: [botocore] The Amazon Chime SDK now supports live streaming of real-time video from the Amazon Chime SDK sessions to streaming platforms such as Amazon IVS and Amazon Elemental MediaLive. We have also added support for concatenation to create a single media capture file.
• api-change:cloudwatch: [botocore] Update cloudwatch client to latest version
• api-change:cognito-idp: [botocore] This change is being made simply to fix the public documentation based on the models. We have included the PasswordChange and ResendCode events, along with the Pass, Fail and InProgress status. We have removed the Success and Failure status which are never returned by our APIs.
• api-change:dynamodb: [botocore] This release adds support for importing data from S3 into a new DynamoDB table
• api-change:ec2: [botocore] This release adds support for VPN log options , a new feature allowing S2S VPN connections to send IKE activity logs to CloudWatch Logs
• api-change:networkmanager: [botocore] Add TransitGatewayPeeringAttachmentId property to TransitGatewayPeering Model

v1.24.54

Compare Source

=======

• api-change:appmesh: [botocore] AWS App Mesh release to support Multiple Listener and Access Log Format feature
• api-change:connectcampaigns: [botocore] Updated exceptions for Amazon Connect Outbound Campaign api's.
• api-change:kendra: [botocore] This release adds Zendesk connector (which allows you to specify Zendesk SAAS platform as data source), Proxy Support for Sharepoint and Confluence Server (which allows you to specify the proxy configuration if proxy is required to connect to your Sharepoint/Confluence Server as data source).
• api-change:lakeformation: [botocore] This release adds a new API support "AssumeDecoratedRoleWithSAML" and also release updates the corresponding documentation.
• api-change:lambda: [botocore] Added support for customization of Consumer Group ID for MSK and Kafka Event Source Mappings.
• api-change:lexv2-models: [botocore] Update lexv2-models client to latest version
• api-change:rds: [botocore] Adds support for Internet Protocol Version 6 (IPv6) for RDS Aurora database clusters.
• api-change:secretsmanager: [botocore] Documentation updates for Secrets Manager.

python-jsonschema/jsonschema

v4.14.0

Compare Source

=======

• FormatChecker.cls_checks is deprecated. Use FormatChecker.checks on an instance of FormatChecker instead.
• unevaluatedItems has been fixed for draft 2019. It's nonetheless discouraged to use draft 2019 for any schemas, new or old.
• Fix a number of minor annotation issues in protocols.Validator

v4.13.0

Compare Source

=======

• Add support for creating validator classes whose metaschema uses a different dialect than its schemas. In other words, they may use draft2020-12 to define which schemas are valid, but the schemas themselves use draft7 (or a custom dialect, etc.) to define which instances are valid. Doing this is likely not something most users, even metaschema authors, may need, but occasionally will be useful for advanced use cases.

v4.12.1

Compare Source

=======

• Fix some stray comments in the README.

v4.12.0

Compare Source

=======

• Warn at runtime when subclassing validator classes. Doing so was not intended to be public API, though it seems some downstream libraries do so. A future version will make this an error, as it is brittle and better served by composing validator objects instead. Feel free to reach out if there are any cases where changing existing code seems difficult and I can try to provide guidance.

v4.11.0

Compare Source

=======

• Make the rendered README in PyPI simpler and fancier. Thanks Hynek (#​983)!

v4.10.3

Compare Source

=======

• jsonschema.validators.validator_for now properly uses the explicitly provided default validator even if the $schema URI is not found.

v4.10.2

Compare Source

=======

• Fix a second place where subclasses may have added attrs attributes (#​982).

v4.10.1

Compare Source

=======

• Fix Validator.evolve (and APIs like iter_errors which call it) for cases where the validator class has been subclassed. Doing so wasn't intended to be public API, but given it didn't warn or raise an error it's of course understandable. The next release however will make it warn (and a future one will make it error). If you need help migrating usage of inheriting from a validator class feel free to open a discussion and I'll try to give some guidance (#​982).

oras-project/oras

v0.14.0

Compare Source

New Features

• New command sets
  • oras attach: [Preview] Attach files to an existing artifact
  • oras discover: [Preview] Discover referrers of a manifest in the remote registry
  • oras copy: [Preview] Copy artifacts from one target to another
  • oras manifest fetch: [Preview] Fetch manifest of the target artifact
• New options for oras push
  • Add ability to export manifest after pushing artifacts by --export-manifest <path>
  • Add --artifact-type to set the media type of the manifest config for OCI manifests
  • Add --annotation <key>=<value> option for easier specifying manifest annotations
• New options for oras pull
  • Support pulling arbitrary manifest config

Bug Fixes

• fix: oras doesn't push a file with 2 tags #​447
• fix: push error for ECR: PUT request body is not rewindable #​456
• fix: can't pull behind proxy on version 0.13.0 #​513

Breaking Changes

• Renamed option --manifest-annotations to --annotation-file for all applicable commands
• Renamed option --manifest-config to --config while --config is renamed to --registry-config for all commands

Other Changes

• Improved documentation
• Updated oras-go to v2.0.0-rc.2
  • oras push uploads empty config blob of size 0 bytes instead of {} (empty JSON object of size 2 bytes)
• Migrated to codecov.io for code coverage reports
• Improved performance for oras pull when ORAS_CACHE is set
• Bumped golang version to 1.19
• Improved UX output

Detailed Commits

• Merging artifacts Branch: Add exporting manifest option for push by @​qweeah in https://github.com/oras-project/oras/pull/425
• Update ghcr package action yaml by @​qweeah in https://github.com/oras-project/oras/pull/422
• Merging artifacts Branch: Add discover comand by @​qweeah in https://github.com/oras-project/oras/pull/419
• fix: update help msg description about pullCmd() by @​junczhuMSFT in https://github.com/oras-project/oras/pull/438
• If no tag or digest specified when pulling, return error by @​qweeah in https://github.com/oras-project/oras/pull/440
• feat: add copyCmd() by @​junczhuMSFT in https://github.com/oras-project/oras/pull/432
• Add empty reference checking for discover cmd by @​qweeah in https://github.com/oras-project/oras/pull/442
• Add attach command by @​qweeah in https://github.com/oras-project/oras/pull/433
• Fix retagging failure with updated oras-go by @​qweeah in https://github.com/oras-project/oras/pull/452
• Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 by @​dependabot in https://github.com/oras-project/oras/pull/451
• Migrate to codecov.io by @​junczhuMSFT in https://github.com/oras-project/oras/pull/450
• Fix push error for ECR by @​qweeah in https://github.com/oras-project/oras/pull/462
• feat: use --artifact-type to change the media type of the config blob by @​yuehaoliang-microsoft in https://github.com/oras-project/oras/pull/482
• Adding support for windows-arm64 by @​koushdey in https://github.com/oras-project/oras/pull/457
• perf: add FetchReference support in the caching proxy by @​qweeah in https://github.com/oras-project/oras/pull/464
• fix(lang): update misspelling in copy.go by @​junczhuMSFT in https://github.com/oras-project/oras/pull/487
• Bump to golang 1.19 by @​sajayantony in https://github.com/oras-project/oras/pull/488
• fix: refill missing status for push copy and attach by @​qweeah in https://github.com/oras-project/oras/pull/481
• feat!: pass annotations as a string by @​junczhuMSFT in https://github.com/oras-project/oras/pull/468
• feat: Support pulling arbitrary manifest config by @​lizMSFT in https://github.com/oras-project/oras/pull/480
• refactor: move error to cmd internal packages by @​qweeah in https://github.com/oras-project/oras/pull/496
• feat: add fetch command to get manifest of an artifact by @​qweeah in https://github.com/oras-project/oras/pull/449
• fix: add new line to prettify manifest fetch result by @​qweeah in https://github.com/oras-project/oras/pull/499
• refactor: improve error message on platform mismatch by @​lizMSFT in https://github.com/oras-project/oras/pull/500
• fix: add empty check on blobs and manifest annotation by @​jasminetMSFT in https://github.com/oras-project/oras/pull/490
• refactor!: rename the --manifest-config to --config by @​lizMSFT in https://github.com/oras-project/oras/pull/504
• fix: fix the lookup check for registry-config option by @​lizMSFT in https://github.com/oras-project/oras/pull/505
• refactor: add pre-defined annotation keys into option.Packer by @​junczhuMSFT in https://github.com/oras-project/oras/pull/502
• refactor: reuse print status func by @​qweeah in https://github.com/oras-project/oras/pull/507
• docs: add doc comments for the loop of successors by @​wangxiaoxuan273 in https://github.com/oras-project/oras/pull/508
• fix: check if configPath is empty before writing to Annotations by @​wangxiaoxuan273 in https://github.com/oras-project/oras/pull/509
• feat: print digest and media type when content is skipped using sync.Map by @​wangxiaoxuan273 in https://github.com/oras-project/oras/pull/510
• fix: print post-copy logs for unnamed content in verbose mode by @​wangxiaoxuan273 in https://github.com/oras-project/oras/pull/511
• fix: enable proxy in auth by @​qweeah in https://github.com/oras-project/oras/pull/514
• doc: fix typo in long description by @​qweeah in https://github.com/oras-project/oras/pull/516
• bump: update version to release 0.14.0 by @​qweeah in https://github.com/oras-project/oras/pull/515
• fix!: rename the --manifest-config to --config for push command by @​lizMSFT in https://github.com/oras-project/oras/pull/517
• doc: update example doc by @​qweeah in https://github.com/oras-project/oras/pull/518

New Contributors

• @​junczhuMSFT made their first contribution in https://github.com/oras-project/oras/pull/438
• @​yuehaoliang-microsoft made their first contribution in https://github.com/oras-project/oras/pull/482
• @​koushdey made their first contribution in https://github.com/oras-project/oras/pull/457
• @​lizMSFT made their first contribution in https://github.com/oras-project/oras/pull/480
• @​jasminetMSFT made their first contribution in https://github.com/oras-project/oras/pull/490
• @​wangxiaoxuan273 made their first contribution in https://github.com/oras-project/oras/pull/508

Full Changelog: https://github.com/oras-project/oras/compare/v0.13.0...v0.14.0

Notes

This release was signed with 95BB 6CD4 6CA3 0D2B 9CAE E56C 9F2C D437 A97D CB8F (@​shizhMSFT's GPG key) which can be found here.

sigstore/cosign

v1.11.0

Compare Source

Enhancements

• use updated device flow logic with PKCE (https://github.com/sigstore/cosign/pull/2163)

Bug Fixes

• fix panic when os.Stat returns an error besides ErrNotExists (https://github.com/sigstore/cosign/pull/2162)
• fix: add env cmd to root (https://github.com/sigstore/cosign/pull/2171)
• fix: rekor get tlog entry with uuid (https://github.com/sigstore/cosign/pull/2058)
• fix oidc post-merge job (https://github.com/sigstore/cosign/pull/2164)
• fix handling of verify-attestation types for URIs (https://github.com/sigstore/cosign/pull/2159)
• fix: adds envelope hash to in-toto entries in tlog entry creation (https://github.com/sigstore/cosign/pull/2118)
• fix: fix blob verification output (https://github.com/sigstore/cosign/pull/2157)
• Verify the certificate chain against the Fulcio root trust by default (https://github.com/sigstore/cosign/pull/2139)

Documention

• docs: clarify wording in spec about usage of certificate chain (https://github.com/sigstore/cosign/pull/2152)
• Add notes to clarify registry use. (https://github.com/sigstore/cosign/pull/2145)

Others

• Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 (https://github.com/sigstore/cosign/pull/2167)
• Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (https://github.com/sigstore/cosign/pull/2168)
• update e2e job to run only when push to main (https://github.com/sigstore/cosign/pull/2169)
• Remove third_party (https://github.com/sigstore/cosign/pull/2166)
• bump to scaffolding v0.4.4 (https://github.com/sigstore/cosign/pull/2165)
• Bump sigs.k8s.io/release-utils from 0.6.0 to 0.7.3 (https://github.com/sigstore/cosign/pull/2102)
• Run tests using Go 1.18 (https://github.com/sigstore/cosign/pull/2093)
• Bump actions/github-script from 6.1.0 to 6.1.1 (https://github.com/sigstore/cosign/pull/2156)
• Bump go.uber.org/atomic from 1.9.0 to 1.10.0 (https://github.com/sigstore/cosign/pull/2155)
• Bump github.com/xanzy/go-gitlab from 0.71.0 to 0.72.0 (https://github.com/sigstore/cosign/pull/2148)
• Bump tests to use scaffolding-0.4.3. (https://github.com/sigstore/cosign/pull/2153)
• Bump google.golang.org/api from 0.91.0 to 0.92.0 (https://github.com/sigstore/cosign/pull/2150)
• Bump actions/cache from 3.0.6 to 3.0.7 (https://github.com/sigstore/cosign/pull/2151)
• Use TUF from scaffolding for validating cosign. (https://github.com/sigstore/cosign/pull/2146)
• Bump github.com/hashicorp/go-secure-stdlib/parseutil from 0.1.6 to 0.1.7 (https://github.com/sigstore/cosign/pull/2141)
• Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 (https://github.com/sigstore/cosign/pull/2140)
• Bump github.com/xanzy/go-gitlab from 0.70.0 to 0.71.0 (https://github.com/sigstore/cosign/pull/2142)
• Bump actions/cache from 3.0.5 to 3.0.6 (https://github.com/sigstore/cosign/pull/2136)
• Bump github.com/go-piv/piv-go from 1.9.0 to 1.10.0 (https://github.com/sigstore/cosign/pull/2135)
• Bump github/codeql-action from 2.1.17 to 2.1.18 (https://github.com/sigstore/cosign/pull/2129)
• Update CHANGELOG for 1.10.1 release (https://github.com/sigstore/cosign/pull/2130)

Contributors

• Asra Ali (@​asraa)
• Batuhan Apaydın (@​developer-guy)
• Bob Callaway (@​bobcallaway)
• Carlos Tadeu Panato Junior (@​cpanato)
• David Bendory (@​bendory)
• Jason Hall (@​imjasonh)
• Kazuma Watanabe (@​wata727)
• Matt Moore (@​mattmoor)
• Noah Kreiger (@​nkreiger)
• Priya Wadhwa (@​priyawadhwa)
• Samsondeen (@​dsa0x)
• Ville Aikas (@​vaikas)
• saso (@​otms61)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, click this checkbox.

---

This MR has been generated by Renovate Bot.