From b5950833acd269d05128ce33f3a9fd91797a407f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 15:31:35 -0500
Subject: [PATCH 1/2] build(deps-dev): bump id from 1.1.0 to 1.2.1 (#828)

Bumps [id](https://github.com/di/id) from 1.1.0 to 1.2.1.
- [Release notes](https://github.com/di/id/releases)
- [Changelog](https://github.com/di/id/blob/main/CHANGELOG.md)
- [Commits](https://github.com/di/id/compare/v1.1.0...v1.2.1)

---
updated-dependencies:
- dependency-name: id
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 install/requirements.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/install/requirements.txt b/install/requirements.txt
index 6dd7f46fe..4bff3a18b 100644
--- a/install/requirements.txt
+++ b/install/requirements.txt
@@ -216,9 +216,9 @@ hyperframe==6.0.1 \
     --hash=sha256:0ec6bafd80d8ad2195c4f03aacba3a8265e57bc4cff261e802bf39970ed02a15 \
     --hash=sha256:ae510046231dc8e9ecb1a6586f63d2347bf4c8905914aa84ba585ae85f28a914
     # via h2
-id==1.1.0 \
-    --hash=sha256:726b995ffea6954ecbe3f2bb9e9d52b8502b2683b8470b13c58a429cd8e701e8 \
-    --hash=sha256:a15f919fa1e847f57572748d37cf40192913a861a2669059b4cb5079bbbbbdbd
+id==1.2.1 \
+    --hash=sha256:339fe8d7a0edf20514ed5e5dc841e504c99f38c7b7d7a2849724c6dfedc89860 \
+    --hash=sha256:51021c5ba12c6ee88fb58240a58f788f43aa9c4f629280d6a97a1192f3cefdb9
     # via sigstore
 idna==3.4 \
     --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \

From c5cec14bd8ac3582dd07126de72b930a5421a4bd Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Tue, 12 Dec 2023 15:34:01 -0500
Subject: [PATCH 2/2] workflows/release: fix build provenance job (#829)

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 .github/workflows/release.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 935f06ce8..3028fd55b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -107,9 +107,8 @@ jobs:
     # https://github.com/slsa-framework/slsa-github-generator#verification-of-provenance
     uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
     with:
-      attestation-name: provenance-sigstore-${{ github.event.release.tag_name }}.intoto.jsonl
+      provenance-name: provenance-sigstore-${{ github.event.release.tag_name }}.intoto.jsonl
       base64-subjects: "${{ needs.build.outputs.hashes }}"
-      compile-generator: true # Workaround for https://github.com/slsa-framework/slsa-github-generator/issues/1163
       upload-assets: true
 
   release-pypi: