From 1545e96dcbd4dfda3304df772fdf2b616046d32c Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Tue, 22 Oct 2024 12:40:04 -0400
Subject: [PATCH 1/3] requirements: bump sigstore, pypi-attestations

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 requirements/runtime.in  | 4 ++--
 requirements/runtime.txt | 8 +++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/requirements/runtime.in b/requirements/runtime.in
index 3758e3a..b0a0aaa 100644
--- a/requirements/runtime.in
+++ b/requirements/runtime.in
@@ -10,8 +10,8 @@ id ~= 1.0
 requests
 
 # NOTE: Used to generate attestations.
-pypi-attestations ~= 0.0.12
-sigstore ~= 3.2.0
+pypi-attestations ~= 0.0.13
+sigstore ~= 3.4.0
 
 # NOTE: Used to detect the PyPI package name from the distribution files
 packaging
diff --git a/requirements/runtime.txt b/requirements/runtime.txt
index 5ff03bb..162eb95 100644
--- a/requirements/runtime.txt
+++ b/requirements/runtime.txt
@@ -72,7 +72,9 @@ pkginfo==1.10.0
 platformdirs==4.2.2
     # via sigstore
 pyasn1==0.6.0
-    # via sigstore
+    # via
+    #   pypi-attestations
+    #   sigstore
 pycparser==2.22
     # via cffi
 pydantic==2.7.1
@@ -91,7 +93,7 @@ pyjwt==2.8.0
     # via sigstore
 pyopenssl==24.1.0
     # via sigstore
-pypi-attestations==0.0.12
+pypi-attestations==0.0.13
     # via -r runtime.in
 python-dateutil==2.9.0.post0
     # via betterproto
@@ -117,7 +119,7 @@ rich==13.7.1
     #   twine
 securesystemslib==1.0.0
     # via tuf
-sigstore==3.2.0
+sigstore==3.4.0
     # via
     #   -r runtime.in
     #   pypi-attestations

From 335e8b00ae050a2b9c5938415e7203ca6732f0d5 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 28 Oct 2024 14:29:41 -0400
Subject: [PATCH 2/3] bump sigstore==3.5.1

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 requirements/runtime.in  | 2 +-
 requirements/runtime.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/runtime.in b/requirements/runtime.in
index b0a0aaa..0868f81 100644
--- a/requirements/runtime.in
+++ b/requirements/runtime.in
@@ -11,7 +11,7 @@ requests
 
 # NOTE: Used to generate attestations.
 pypi-attestations ~= 0.0.13
-sigstore ~= 3.4.0
+sigstore ~= 3.5.1
 
 # NOTE: Used to detect the PyPI package name from the distribution files
 packaging
diff --git a/requirements/runtime.txt b/requirements/runtime.txt
index 162eb95..13b5f7c 100644
--- a/requirements/runtime.txt
+++ b/requirements/runtime.txt
@@ -119,7 +119,7 @@ rich==13.7.1
     #   twine
 securesystemslib==1.0.0
     # via tuf
-sigstore==3.4.0
+sigstore==3.5.1
     # via
     #   -r runtime.in
     #   pypi-attestations

From 0126dcac8e27a0ec77a286e2599ac4a36a3cc2f0 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 28 Oct 2024 14:31:58 -0400
Subject: [PATCH 3/3] action: enable attestations by default

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/action.yml b/action.yml
index 40fed97..f71598d 100644
--- a/action.yml
+++ b/action.yml
@@ -86,7 +86,7 @@ inputs:
       Enable experimental support for PEP 740 attestations.
       Only works with PyPI and TestPyPI via Trusted Publishing.
     required: false
-    default: 'false'
+    default: 'true'
 branding:
   color: yellow
   icon: upload-cloud