chore(deps): bump securesystemslib from 0.24.0 to 0.25.0

[dependabot]

Bumps securesystemslib from 0.24.0 to 0.25.0.

Release notes

Sourced from securesystemslib's releases.

v0.25.0

Changed

• Do not use max salt lengths in RSA PSS signature creation (#436)
• Restrict read and write access for new private keys (#231)
• Replaced deprecated distutils.version.StrictVersion (#433)
• Bumped dependencies: cryptography (#435)

Fixed

• GPG availability check in tests (#434)

Changelog

Sourced from securesystemslib's changelog.

securesystemslib v0.25.0

Changed

• Do not use max salt lengths in RSA PSS signature creation (#436)
• Restrict read and write access for new private keys (#231)
• Replaced deprecated distutils.version.StrictVersion (#433)
• Bumped dependencies: cryptography (#435)

Fixed

• GPG availability check in tests (#434)

Commits

• 7ae6c54 Merge pull request #438 from lukpueh/bump_version_0.25.0
• b312500 Prepare v0.25.0 release
• 5d0f478 Merge pull request #436 from lukpueh/fix-pss-salt-len
• de3d1e5 Remove unused import
• dd42718 Revert to digest sized salts in rsassa-pss signing
• 50ea697 Merge pull request #435 from secure-systems-lab/dependabot/pip/cryptography-3...
• b83ae2e build(deps): bump cryptography from 38.0.1 to 38.0.2
• 57fbcdd Merge pull request #231 from sechkova/issue-222
• 9432937 Apply suggestions from code review
• 320f89d Merge pull request #433 from znewman01/removedeprecated
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[znewman01]

Test failure is this: secure-systems-lab/securesystemslib#428

v0.25.0 doesn't have the fix for it yet; the next release should.

[rdimitrov]

Test failure is this: secure-systems-lab/securesystemslib#428

v0.25.0 doesn't have the fix for it yet; the next release should.

Ah, I see 👍 In that sense even though there's no fix I think we can go ahead with merging this one considering that the bug is already present in the older versions, right?

[dependabot]

A newer version of securesystemslib exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[mnm678]

@dependabot close