From 6f73becfdacc7d2d6de438a78b01374a251c20b5 Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Thu, 21 Nov 2024 09:57:26 +0100
Subject: [PATCH 01/12] Initial version

---
 .../templates/includes/file-details.html      | 76 +++++++++++++++++--
 1 file changed, 69 insertions(+), 7 deletions(-)

diff --git a/warehouse/templates/includes/file-details.html b/warehouse/templates/includes/file-details.html
index 1fdeb30d5215..507c2ff3c93c 100644
--- a/warehouse/templates/includes/file-details.html
+++ b/warehouse/templates/includes/file-details.html
@@ -12,15 +12,40 @@
  # limitations under the License.
 -#}
 
-{% macro publisher(publ) -%}
+{% macro repo_url_with_reference(repo_url, reference) %}
+    {{ repo_url }}/tree/{{ reference }}
+{% endmacro %}
+
+{% macro workflow_filename(publisher) %}
+    {% if publisher.kind == "GitHub" %}
+        {{- publisher.workflow -}}
+    {% elif publisher.kind == "GitLab" %}
+        {{- publisher.workflow_filepath -}}
+    {% endif %}
+{% endmacro %}
+
+{% macro workflow_url(publisher, claims) %}
+    {%- set repo_url = claims.get('1.3.6.1.4.1.57264.1.12', '') -%}
+    {%- set build_hash = claims.get('1.3.6.1.4.1.57264.1.19', '') -%}
+    {%- set workflow_url = claims.get('1.3.6.1.4.1.57264.1.18', '') -%}
+    {%- set file_path = workflow_url.split('@')[0].replace(repo_url + '/', '') -%}
+    {{ repo_url + "/blob/" + build_hash + "/" + file_path }}
+{% endmacro %}
+
+{% macro repository_name(publisher) %}
+    {{ publisher.repository }}
+{% endmacro %}
+
+{% macro publisher(publ, claims) -%}
 {% if publ.kind == "GitHub" %}
+    {%- set brand="github" -%}
+{% endif %}
 <p>
-  Publisher: <a href="https://github.com/{{ publ.repository }}/blob/HEAD/.github/workflows/{{ publ.workflow }}">
-    <i class="fa-brands fa-github" aria-hidden="true"></i>
-    <code>{{ publ.workflow }}</code> on {{ publ.repository }}
+  Publisher: <a href="{{ workflow_url(publ, claims) }}">
+    <i class="fa-brands fa-{{ brand }}" aria-hidden="true"></i>
+    <code>{{ workflow_filename(publ) }}</code> on {{ repository_name(publ) }}
   </a>
 </p>
-{% endif %}
 {%- endmacro %}
 
 <div id="{{ file.filename }}" data-project-tabs-target="content" class="vertical-tabs__content" role="tabpanel" aria-labelledby="file-tab mobile-file-tab" tabindex="-1">
@@ -111,7 +136,7 @@ <h3>Provenance</h3>
         </div>
 
         <div class="card file__card">
-          {{ publisher(bundle.publisher )}}
+          {{ publisher(bundle.publisher, bundle.attestations[0].certificate_claims )}}
           Attestations:
           <ul>
             {% for attestation in bundle.attestations %}
@@ -126,6 +151,43 @@ <h3>Provenance</h3>
                 <li>Sigstore transparency entry: <a href="https://search.sigstore.dev/?logIndex={{ tlog_entry.logIndex }}">{{ tlog_entry.logIndex }}</a> </li>
                 <li>Sigstore integration time: {{ humanize(tlog_entry.integratedTime | int | ctime, time="true") }} </li>
               </ul>
+              Certificate claims:
+                <small><i>This information comes from the certificate used to sign the release.</i></small>
+
+                {% set claims = attestation.certificate_claims %}
+                <ul>
+                    <!-- 1.3.6.1.4.1.57264.1.8 | Issuer-->
+                    <li>Token Issuer: <code>{{ claims.get("1.3.6.1.4.1.57264.1.8") }}</code></li>
+                    <!-- 1.3.6.1.4.1.57264.1.9 | Build Signer URI-->
+                    <!-- 1.3.6.1.4.1.57264.1.10 | Build Signer Digest-->
+                    <!-- 1.3.6.1.4.1.57264.1.11 | Runner Environment-->
+                    <li>Build Environment: <code>{{ claims.get("1.3.6.1.4.1.57264.1.11") }}</code></li>
+                    <!-- 1.3.6.1.4.1.57264.1.12 | Source Repository URI-->
+                    <!-- 1.3.6.1.4.1.57264.1.13 | Source Repository Digest-->
+                    <li>Source Repository: <a href="{{ repo_url_with_reference(claims.get("1.3.6.1.4.1.57264.1.12"), claims.get("1.3.6.1.4.1.57264.1.13")) }}">
+                        <code>{{ repository_name(bundle.publisher) }} @ {{ claims.get("1.3.6.1.4.1.57264.1.13") }}</code>
+                    </a></li>
+                    <!-- 1.3.6.1.4.1.57264.1.14 | Source Repository Ref-->
+                    <li>Branch / Tag: <a href="{{ repo_url_with_reference(claims.get("1.3.6.1.4.1.57264.1.12"), claims.get("1.3.6.1.4.1.57264.1.14")) }} ">
+                        <code>{{ claims.get("1.3.6.1.4.1.57264.1.14") }}</code>
+                    </a></li>
+                    <!-- 1.3.6.1.4.1.57264.1.15 | Source Repository Identifier-->
+                    <!-- 1.3.6.1.4.1.57264.1.16 | Source Repository Owner URI-->
+                    <li>Repository Owner: <a href="{{ claims.get("1.3.6.1.4.1.57264.1.16") }}">{{ claims.get("1.3.6.1.4.1.57264.1.16") }}</a></li>
+                    <!-- 1.3.6.1.4.1.57264.1.17 | Source Repository Owner Identifier-->
+                    <!-- 1.3.6.1.4.1.57264.1.18 | Build Config URI-->
+                    <!-- 1.3.6.1.4.1.57264.1.19 | Build Config Digest-->
+                    <li>Build Configuration File:
+                        <a href="{{ workflow_url(bundle.publisher, claims) }}">
+                            <code>{{ workflow_filename(bundle.publisher) }} @ {{ claims.get("1.3.6.1.4.1.57264.1.19") }}</code>
+                        </a>
+                    </li>
+                    <!-- 1.3.6.1.4.1.57264.1.20 | Build Trigger-->
+                    <li>Trigger Event: <code>{{ claims.get("1.3.6.1.4.1.57264.1.20") }}</code></li>
+                    <!-- 1.3.6.1.4.1.57264.1.21 | Run Invocation URI-->
+                    <!-- 1.3.6.1.4.1.57264.1.22 | Source Repository Visibility At Signing-->
+                    <li>Repository Access: <code>{{ claims.get("1.3.6.1.4.1.57264.1.22") }}</code></li>
+                </ul>
             </li>
             {% endfor %}
           </ul>
@@ -133,4 +195,4 @@ <h3>Provenance</h3>
       </div>
     {% endfor %}
   {% endif %}
-</div>
+</div>
\ No newline at end of file

From 3f43bfbd3bdb8e5c7081737802c56778631ada8d Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Thu, 21 Nov 2024 10:54:10 +0100
Subject: [PATCH 02/12] Refine UI

---
 Dockerfile                                    |  3 +-
 warehouse/static/sass/blocks/_files.scss      |  7 ++
 .../templates/includes/file-details.html      | 94 ++++++++++---------
 3 files changed, 59 insertions(+), 45 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 51782549274a..d6ad26e6b4c1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -220,7 +220,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     set -x \
     && apt-get update \
     && apt-get install --no-install-recommends -y \
-        libpq5 libxml2 libxslt1.1 libcurl4  \
+        libpq5 libxml2 libxslt1.1 libcurl4 git \
         $(if [ "$DEVEL" = "yes" ]; then echo 'bash libjpeg62 postgresql-client build-essential libffi-dev libxml2-dev libxslt-dev libpq-dev libcurl4-openssl-dev libssl-dev vim oathtool'; fi) \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -238,4 +238,5 @@ COPY . /opt/warehouse/src/
 RUN tldextract --update
 # Load our module to pre-compile as much bytecode as we can easily.
 # Saves time collectively on container boot!
+RUN pip install --force pypi-attestations@git+https://github.com/trailofbits/pypi-attestations/@dm/extensions
 RUN python -m warehouse
diff --git a/warehouse/static/sass/blocks/_files.scss b/warehouse/static/sass/blocks/_files.scss
index d3470d995f74..8cfdf1b43980 100644
--- a/warehouse/static/sass/blocks/_files.scss
+++ b/warehouse/static/sass/blocks/_files.scss
@@ -57,5 +57,12 @@
   &__card {
     display: block;
     margin: $quarter-spacing-unit 0;
+
+    small {
+      display: block;
+      margin-top: 4px;
+      margin-bottom: 6px;
+    }
+
   }
 }
diff --git a/warehouse/templates/includes/file-details.html b/warehouse/templates/includes/file-details.html
index 507c2ff3c93c..97037f10c016 100644
--- a/warehouse/templates/includes/file-details.html
+++ b/warehouse/templates/includes/file-details.html
@@ -29,21 +29,23 @@
     {%- set build_hash = claims.get('1.3.6.1.4.1.57264.1.19', '') -%}
     {%- set workflow_url = claims.get('1.3.6.1.4.1.57264.1.18', '') -%}
     {%- set file_path = workflow_url.split('@')[0].replace(repo_url + '/', '') -%}
-    {{ repo_url + "/blob/" + build_hash + "/" + file_path }}
+    {{- repo_url + "/blob/" + build_hash + "/" + file_path -}}
 {% endmacro %}
 
 {% macro repository_name(publisher) %}
-    {{ publisher.repository }}
+    {{- publisher.repository -}}
 {% endmacro %}
 
 {% macro publisher(publ, claims) -%}
 {% if publ.kind == "GitHub" %}
     {%- set brand="github" -%}
+{% elif publ.kind == "GitLab" %}
+    {%- set brand="gitlab" -%}
 {% endif %}
 <p>
-  Publisher: <a href="{{ workflow_url(publ, claims) }}">
+  Permanent source link: <a href="{{ repo_url_with_reference(claims.get('1.3.6.1.4.1.57264.1.12'),claims.get('1.3.6.1.4.1.57264.1.13')) }}">
     <i class="fa-brands fa-{{ brand }}" aria-hidden="true"></i>
-    <code>{{ workflow_filename(publ) }}</code> on {{ repository_name(publ) }}
+    {{ repository_name(publ) }}#{{ claims.get("1.3.6.1.4.1.57264.1.13") }}
   </a>
 </p>
 {%- endmacro %}
@@ -138,12 +140,16 @@ <h3>Provenance</h3>
         <div class="card file__card">
           {{ publisher(bundle.publisher, bundle.attestations[0].certificate_claims )}}
           Attestations:
+          <small>
+            <i>Values shown here reflect the state when the release was signed and may no longer be current.</i>
+          </small>
           <ul>
-            {% for attestation in bundle.attestations %}
+          {% for attestation in bundle.attestations %}
             <li>
               {% set statement = attestation.statement %}
-              Statement type: <a href="{{ statement._type }}"><code>{{ statement._type }}</code></a>
+              Statement:
               <ul>
+                <li>Statement type: <a href="{{ statement._type }}"><code>{{ statement._type }}</code></a></li>
                 <li>Predicate type: <a href="{{ statement.predicateType }}"><code>{{ statement.predicateType }}</code></a></li>
                 <li>Subject name: <code>{{ statement.subject[0].name }}</code></li>
                 <li>Subject digest: <code>{{ statement.subject[0].digest.sha256 }}</code></li>
@@ -151,44 +157,44 @@ <h3>Provenance</h3>
                 <li>Sigstore transparency entry: <a href="https://search.sigstore.dev/?logIndex={{ tlog_entry.logIndex }}">{{ tlog_entry.logIndex }}</a> </li>
                 <li>Sigstore integration time: {{ humanize(tlog_entry.integratedTime | int | ctime, time="true") }} </li>
               </ul>
-              Certificate claims:
-                <small><i>This information comes from the certificate used to sign the release.</i></small>
-
-                {% set claims = attestation.certificate_claims %}
-                <ul>
-                    <!-- 1.3.6.1.4.1.57264.1.8 | Issuer-->
-                    <li>Token Issuer: <code>{{ claims.get("1.3.6.1.4.1.57264.1.8") }}</code></li>
-                    <!-- 1.3.6.1.4.1.57264.1.9 | Build Signer URI-->
-                    <!-- 1.3.6.1.4.1.57264.1.10 | Build Signer Digest-->
-                    <!-- 1.3.6.1.4.1.57264.1.11 | Runner Environment-->
-                    <li>Build Environment: <code>{{ claims.get("1.3.6.1.4.1.57264.1.11") }}</code></li>
-                    <!-- 1.3.6.1.4.1.57264.1.12 | Source Repository URI-->
-                    <!-- 1.3.6.1.4.1.57264.1.13 | Source Repository Digest-->
-                    <li>Source Repository: <a href="{{ repo_url_with_reference(claims.get("1.3.6.1.4.1.57264.1.12"), claims.get("1.3.6.1.4.1.57264.1.13")) }}">
-                        <code>{{ repository_name(bundle.publisher) }} @ {{ claims.get("1.3.6.1.4.1.57264.1.13") }}</code>
-                    </a></li>
-                    <!-- 1.3.6.1.4.1.57264.1.14 | Source Repository Ref-->
-                    <li>Branch / Tag: <a href="{{ repo_url_with_reference(claims.get("1.3.6.1.4.1.57264.1.12"), claims.get("1.3.6.1.4.1.57264.1.14")) }} ">
-                        <code>{{ claims.get("1.3.6.1.4.1.57264.1.14") }}</code>
-                    </a></li>
-                    <!-- 1.3.6.1.4.1.57264.1.15 | Source Repository Identifier-->
-                    <!-- 1.3.6.1.4.1.57264.1.16 | Source Repository Owner URI-->
-                    <li>Repository Owner: <a href="{{ claims.get("1.3.6.1.4.1.57264.1.16") }}">{{ claims.get("1.3.6.1.4.1.57264.1.16") }}</a></li>
-                    <!-- 1.3.6.1.4.1.57264.1.17 | Source Repository Owner Identifier-->
-                    <!-- 1.3.6.1.4.1.57264.1.18 | Build Config URI-->
-                    <!-- 1.3.6.1.4.1.57264.1.19 | Build Config Digest-->
-                    <li>Build Configuration File:
-                        <a href="{{ workflow_url(bundle.publisher, claims) }}">
-                            <code>{{ workflow_filename(bundle.publisher) }} @ {{ claims.get("1.3.6.1.4.1.57264.1.19") }}</code>
-                        </a>
-                    </li>
-                    <!-- 1.3.6.1.4.1.57264.1.20 | Build Trigger-->
-                    <li>Trigger Event: <code>{{ claims.get("1.3.6.1.4.1.57264.1.20") }}</code></li>
-                    <!-- 1.3.6.1.4.1.57264.1.21 | Run Invocation URI-->
-                    <!-- 1.3.6.1.4.1.57264.1.22 | Source Repository Visibility At Signing-->
-                    <li>Repository Access: <code>{{ claims.get("1.3.6.1.4.1.57264.1.22") }}</code></li>
-                </ul>
-            </li>
+              {% set claims = attestation.certificate_claims %}
+              Source repository:
+              <ul>
+                <!-- 1.3.6.1.4.1.57264.1.12 | Source Repository URI-->
+                <!-- 1.3.6.1.4.1.57264.1.13 | Source Repository Digest-->
+                <li>Permalink: <a href="{{ repo_url_with_reference(claims.get("1.3.6.1.4.1.57264.1.12"), claims.get("1.3.6.1.4.1.57264.1.13")) }}">
+                    <code>{{ repository_name(bundle.publisher) }}#{{ claims.get("1.3.6.1.4.1.57264.1.13") }}</code>
+                </a></li>
+                <!-- 1.3.6.1.4.1.57264.1.14 | Source Repository Ref-->
+                <li>Branch / Tag: <a href="{{ repo_url_with_reference(claims.get("1.3.6.1.4.1.57264.1.12"), claims.get("1.3.6.1.4.1.57264.1.14")) }} ">
+                    <code>{{ claims.get("1.3.6.1.4.1.57264.1.14") }}</code>
+                </a></li>
+                <!-- 1.3.6.1.4.1.57264.1.15 | Source Repository Identifier-->
+                <!-- 1.3.6.1.4.1.57264.1.16 | Source Repository Owner URI-->
+                <li>Owner: <a href="{{ claims.get("1.3.6.1.4.1.57264.1.16") }}">{{ claims.get("1.3.6.1.4.1.57264.1.16") }}</a></li>
+                <!-- 1.3.6.1.4.1.57264.1.17 | Source Repository Owner Identifier-->
+                <!-- 1.3.6.1.4.1.57264.1.22 | Source Repository Visibility At Signing-->
+                <li>Access: <code>{{ claims.get("1.3.6.1.4.1.57264.1.22") }}</code></li>
+              </ul>
+              Build information:
+              <ul>
+                <!-- 1.3.6.1.4.1.57264.1.8 | Issuer-->
+                <!-- 1.3.6.1.4.1.57264.1.9 | Build Signer URI-->
+                <!-- 1.3.6.1.4.1.57264.1.10 | Build Signer Digest-->
+                <li>Token Issuer: <code>{{ claims.get("1.3.6.1.4.1.57264.1.8") }}</code></li>
+                <!-- 1.3.6.1.4.1.57264.1.11 | Runner Environment-->
+                <li>Build Environment: <code>{{ claims.get("1.3.6.1.4.1.57264.1.11") }}</code></li>
+                <!-- 1.3.6.1.4.1.57264.1.18 | Build Config URI-->
+                <!-- 1.3.6.1.4.1.57264.1.19 | Build Config Digest-->
+                <li>Build Configuration File:
+                  <a href="{{ workflow_url(bundle.publisher, claims) }}">
+                    <code>{{ workflow_filename(bundle.publisher) }}#{{ claims.get("1.3.6.1.4.1.57264.1.19") }}</code>
+                  </a>
+                </li>
+                <!-- 1.3.6.1.4.1.57264.1.20 | Build Trigger-->
+                <li>Trigger Event: <code>{{ claims.get("1.3.6.1.4.1.57264.1.20") }}</code></li>
+                <!-- 1.3.6.1.4.1.57264.1.21 | Run Invocation URI-->
+              </ul>
             {% endfor %}
           </ul>
         </div>

From baa9e725c4104a37871507c575e1816ea5717747 Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Thu, 21 Nov 2024 11:29:14 +0100
Subject: [PATCH 03/12] Update translations

---
 warehouse/locale/messages.pot | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/warehouse/locale/messages.pot b/warehouse/locale/messages.pot
index 4fc56b05440c..5c8e8c072699 100644
--- a/warehouse/locale/messages.pot
+++ b/warehouse/locale/messages.pot
@@ -826,7 +826,7 @@ msgstr ""
 #: warehouse/templates/base.html:321 warehouse/templates/base.html:331
 #: warehouse/templates/base.html:344
 #: warehouse/templates/includes/accounts/profile-callout.html:18
-#: warehouse/templates/includes/file-details.html:101
+#: warehouse/templates/includes/file-details.html:121
 #: warehouse/templates/index.html:100 warehouse/templates/index.html:104
 #: warehouse/templates/manage/account.html:228
 #: warehouse/templates/manage/account.html:234
@@ -2707,51 +2707,51 @@ msgstr ""
 msgid "Public profile"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:34
+#: warehouse/templates/includes/file-details.html:54
 msgid "File details"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:45
+#: warehouse/templates/includes/file-details.html:65
 #, python-format
 msgid "Upload date: %(upload_time)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:46
+#: warehouse/templates/includes/file-details.html:66
 #, python-format
 msgid "Size: %(size)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:47
+#: warehouse/templates/includes/file-details.html:67
 #, python-format
 msgid "Tags: %(tags)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:49
+#: warehouse/templates/includes/file-details.html:69
 #, python-format
 msgid "Uploaded using Trusted Publishing? %(is_tp)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:54
+#: warehouse/templates/includes/file-details.html:74
 #, python-format
 msgid "Uploaded via: %(uploaded_via)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:62
+#: warehouse/templates/includes/file-details.html:82
 #, python-format
 msgid "Hashes for %(filename)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:65
+#: warehouse/templates/includes/file-details.html:85
 msgid "Algorithm"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:66
+#: warehouse/templates/includes/file-details.html:86
 msgid "Hash digest"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:75
-#: warehouse/templates/includes/file-details.html:84
-#: warehouse/templates/includes/file-details.html:93
+#: warehouse/templates/includes/file-details.html:95
+#: warehouse/templates/includes/file-details.html:104
+#: warehouse/templates/includes/file-details.html:113
 #: warehouse/templates/manage/account.html:206
 #: warehouse/templates/manage/account/recovery_codes-provision.html:58
 #: warehouse/templates/manage/account/totp-provision.html:57
@@ -2761,9 +2761,9 @@ msgstr ""
 msgid "Copy to clipboard"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:76
-#: warehouse/templates/includes/file-details.html:85
-#: warehouse/templates/includes/file-details.html:94
+#: warehouse/templates/includes/file-details.html:96
+#: warehouse/templates/includes/file-details.html:105
+#: warehouse/templates/includes/file-details.html:114
 #: warehouse/templates/manage/account.html:207
 #: warehouse/templates/manage/account/recovery_codes-provision.html:59
 #: warehouse/templates/manage/account/totp-provision.html:58
@@ -2772,7 +2772,7 @@ msgstr ""
 msgid "Copy"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:101
+#: warehouse/templates/includes/file-details.html:121
 #, python-format
 msgid ""
 "<a href=\"%(href)s\" title=\"%(title)s\" target=\"_blank\" "

From c76d44a222fb5c30b8ab1e0797fdf2000d977529 Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Tue, 26 Nov 2024 17:17:14 +0100
Subject: [PATCH 04/12] Update claims.

---
 tests/unit/packaging/test_views.py            | 130 ++++++++++++++++++
 warehouse/packaging/views.py                  |  62 +++++++++
 .../templates/includes/file-details.html      |  92 ++++---------
 3 files changed, 221 insertions(+), 63 deletions(-)

diff --git a/tests/unit/packaging/test_views.py b/tests/unit/packaging/test_views.py
index bf7aea3bcde5..b363d6f76f9a 100644
--- a/tests/unit/packaging/test_views.py
+++ b/tests/unit/packaging/test_views.py
@@ -232,6 +232,8 @@ def test_detail_rendered(self, db_request):
             ],
             "maintainers": sorted(users, key=lambda u: u.username.lower()),
             "license": None,
+            "get_publication_details": views.get_publication_details,
+            "format_url": views.format_url,
         }
 
     def test_detail_renders_files_natural_sort(self, db_request):
@@ -323,6 +325,134 @@ def test_long_singleline_license(self, db_request):
             "characters, it's really so lo..."
         )
 
+    @pytest.mark.parametrize(
+        ("base_url", "reference", "expected"),
+        [
+            (
+                "https://github.com/pypi/warehouse",
+                "2ec275dc2a05cd8ed2f0a9a0adadfcff9096d982",
+                (
+                    "https://github.com/pypi/warehouse/tree/"
+                    "2ec275dc2a05cd8ed2f0a9a0adadfcff9096d982"
+                ),
+            ),
+            (
+                "https://gitlab.com/sample/sample",
+                "refs/heads/main",
+                "https://gitlab.com/sample/sample/tree/refs/heads/main",
+            ),
+        ],
+    )
+    def test_format_url(self, base_url, reference, expected):
+        assert views.format_url(base_url, reference) == expected
+
+    @pytest.mark.parametrize(
+        ("publisher_name", "claims"),
+        [
+            (
+                "GitLab",
+                {
+                    "1.3.6.1.4.1.57264.1.8": "https://gitlab.com",
+                    "1.3.6.1.4.1.57264.1.9": (
+                        "https://gitlab.com/facutuesca/gitlab-oidc-project//"
+                        ".gitlab-ci.yml@refs/heads/main"
+                    ),
+                    "1.3.6.1.4.1.57264.1.10": (
+                        "72f7c63b75eb55ea80864962f0e645c93414da34"
+                    ),
+                    "1.3.6.1.4.1.57264.1.11": "gitlab-hosted",
+                    "1.3.6.1.4.1.57264.1.12": (
+                        "https://gitlab.com/facutuesca/gitlab-oidc-project"
+                    ),
+                    "1.3.6.1.4.1.57264.1.13": (
+                        "72f7c63b75eb55ea80864962f0e645c93414da34"
+                    ),
+                    "1.3.6.1.4.1.57264.1.14": "refs/heads/main",
+                    "1.3.6.1.4.1.57264.1.15": "55235664",
+                    "1.3.6.1.4.1.57264.1.16": "https://gitlab.com/facutuesca",
+                    "1.3.6.1.4.1.57264.1.17": "12885801",
+                    "1.3.6.1.4.1.57264.1.18": (
+                        "https://gitlab.com/facutuesca/gitlab-oidc-project//"
+                        ".gitlab-ci.yml@refs/heads/main"
+                    ),
+                    "1.3.6.1.4.1.57264.1.19": (
+                        "72f7c63b75eb55ea80864962f0e645c93414da34"
+                    ),
+                    "1.3.6.1.4.1.57264.1.20": "push",
+                    "1.3.6.1.4.1.57264.1.21": (
+                        "https://gitlab.com/facutuesca/gitlab-oidc-project/-/jobs/"
+                        "8415754949"
+                    ),
+                    "1.3.6.1.4.1.57264.1.22": "private",
+                },
+            ),
+            (
+                "GitHub",
+                {
+                    "1.3.6.1.4.1.57264.1.8": (
+                        "https://token.actions.githubusercontent.com"
+                    ),
+                    "1.3.6.1.4.1.57264.1.9": (
+                        "https://github.com/trailofbits/pypi-attestations/"
+                        ".github/workflows/release.yml@refs/tags/v0.0.16"
+                    ),
+                    "1.3.6.1.4.1.57264.1.10": (
+                        "58c872e67c03c9c031ba71b1654ff542ff290cd7"
+                    ),
+                    "1.3.6.1.4.1.57264.1.11": "github-hosted",
+                    "1.3.6.1.4.1.57264.1.12": (
+                        "https://github.com/trailofbits/pypi-attestations"
+                    ),
+                    "1.3.6.1.4.1.57264.1.13": (
+                        "58c872e67c03c9c031ba71b1654ff542ff290cd7"
+                    ),
+                    "1.3.6.1.4.1.57264.1.14": "refs/tags/v0.0.16",
+                    "1.3.6.1.4.1.57264.1.15": "772247423",
+                    "1.3.6.1.4.1.57264.1.16": "https://github.com/trailofbits",
+                    "1.3.6.1.4.1.57264.1.17": "2314423",
+                    "1.3.6.1.4.1.57264.1.18": (
+                        "https://github.com/trailofbits/pypi-attestations/"
+                        ".github/workflows/release.yml@refs/tags/v0.0.16"
+                    ),
+                    "1.3.6.1.4.1.57264.1.19": (
+                        "58c872e67c03c9c031ba71b1654ff542ff290cd7"
+                    ),
+                    "1.3.6.1.4.1.57264.1.20": "release",
+                    "1.3.6.1.4.1.57264.1.21": (
+                        "https://github.com/trailofbits/pypi-attestations/actions/"
+                        "runs/11732568384/attempts/1"
+                    ),
+                    "1.3.6.1.4.1.57264.1.22": "public",
+                },
+            ),
+        ],
+    )
+    def test_get_publication_details(self, publisher_name, claims):
+        if publisher_name == "GitLab":
+            publisher = pretend.stub(
+                kind="GitLab",
+                workflow_filepath="subfolder/example.yml",
+            )
+        elif publisher_name == "GitHub":
+            publisher = pretend.stub(
+                kind="GitHub",
+                workflow="example.yml",
+            )
+
+        views.get_publication_details(
+            claims,
+            publisher,
+        )
+
+    def test_get_publication_details_unknown(self):
+        results = views.get_publication_details(
+            claims={},
+            publisher=pretend.stub(kind="unknown-publisher"),
+        )
+
+        assert not results["workflow_filename"]
+        assert results["workflow_url"] == "/blob//"
+
 
 class TestReportMalwareButton:
     def test_report_malware_button(self):
diff --git a/warehouse/packaging/views.py b/warehouse/packaging/views.py
index 6e083d119608..7d7600179acb 100644
--- a/warehouse/packaging/views.py
+++ b/warehouse/packaging/views.py
@@ -9,6 +9,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import typing
 
 from natsort import natsorted
 from pyramid.httpexceptions import HTTPMovedPermanently, HTTPNotFound
@@ -22,6 +23,9 @@
 from warehouse.packaging.forms import SubmitMalwareObservationForm
 from warehouse.packaging.models import Description, File, Project, Release, Role
 
+if typing.TYPE_CHECKING:
+    import pypi_attestations
+
 
 @view_config(
     route_name="packaging.project",
@@ -56,6 +60,61 @@ def project_detail(project, request):
     return release_detail(release, request)
 
 
+def format_url(base_url: str, reference: str):
+    """Format a URL to create a permalink to a repository.
+
+    Works on both GitHub and GitLab.
+    Reference can either be a hash or a named revision.
+    """
+    return f"{base_url}/tree/{reference}"
+
+
+def get_publication_details(
+    claims: dict[str, str], publisher: pypi_attestations.Publisher
+):
+    """Helper function for Jinja to format the claims present in the attestation."""
+    workflow_filename = ""
+    if publisher.kind == "GitHub":
+        workflow_filename = publisher.workflow
+    elif publisher.kind == "GitLab":
+        workflow_filename = publisher.workflow_filepath
+
+    # Source Repository URI
+    repo_url = claims.get("1.3.6.1.4.1.57264.1.12", "")
+    # Build Config URI
+    workflow_url = claims.get("1.3.6.1.4.1.57264.1.18", "")
+    # Build Config Digest
+    build_hash = claims.get("1.3.6.1.4.1.57264.1.19", "")
+
+    # The claim `workflow_url` does not return a valid link to the repository,
+    # but we can use it to retrieve the path towards the workflow file.
+    workflow_file_path = workflow_url.split("@")[0].replace(repo_url + "/", "")
+
+    workflow_permalink = f"{repo_url}/blob/{build_hash}/{workflow_file_path}"
+
+    return {
+        "workflow_url": workflow_permalink,
+        "workflow_filename": workflow_filename,
+        "build_hash": build_hash,
+        # Issuer
+        "issuer": claims.get("1.3.6.1.4.1.57264.1.8"),
+        # Runner Environment
+        "environment": claims.get("1.3.6.1.4.1.57264.1.11"),
+        # Source Repository URI
+        "source": claims.get("1.3.6.1.4.1.57264.1.12"),
+        # Source Repository Digest
+        "source_digest": claims.get("1.3.6.1.4.1.57264.1.13"),
+        # Source Repository Ref
+        "source_ref": claims.get("1.3.6.1.4.1.57264.1.14"),
+        # Source Repository Owner URI
+        "owner": claims.get("1.3.6.1.4.1.57264.1.16"),
+        # Build Trigger
+        "trigger": claims.get("1.3.6.1.4.1.57264.1.20"),
+        # Source Repository Visibility At Signing
+        "access": claims.get("1.3.6.1.4.1.57264.1.22"),
+    }
+
+
 @view_config(
     route_name="packaging.release",
     context=Release,
@@ -148,6 +207,9 @@ def release_detail(release, request):
         "all_versions": project.all_versions,
         "maintainers": maintainers,
         "license": license,
+        # Additional function to format the attestations
+        "get_publication_details": get_publication_details,
+        "format_url": format_url,
     }
 
 
diff --git a/warehouse/templates/includes/file-details.html b/warehouse/templates/includes/file-details.html
index 97037f10c016..e6febcd45ee3 100644
--- a/warehouse/templates/includes/file-details.html
+++ b/warehouse/templates/includes/file-details.html
@@ -12,42 +12,22 @@
  # limitations under the License.
 -#}
 
-{% macro repo_url_with_reference(repo_url, reference) %}
-    {{ repo_url }}/tree/{{ reference }}
-{% endmacro %}
-
-{% macro workflow_filename(publisher) %}
-    {% if publisher.kind == "GitHub" %}
-        {{- publisher.workflow -}}
-    {% elif publisher.kind == "GitLab" %}
-        {{- publisher.workflow_filepath -}}
-    {% endif %}
-{% endmacro %}
-
-{% macro workflow_url(publisher, claims) %}
-    {%- set repo_url = claims.get('1.3.6.1.4.1.57264.1.12', '') -%}
-    {%- set build_hash = claims.get('1.3.6.1.4.1.57264.1.19', '') -%}
-    {%- set workflow_url = claims.get('1.3.6.1.4.1.57264.1.18', '') -%}
-    {%- set file_path = workflow_url.split('@')[0].replace(repo_url + '/', '') -%}
-    {{- repo_url + "/blob/" + build_hash + "/" + file_path -}}
-{% endmacro %}
-
-{% macro repository_name(publisher) %}
-    {{- publisher.repository -}}
-{% endmacro %}
-
-{% macro publisher(publ, claims) -%}
+{% macro publisher(publ) -%}
 {% if publ.kind == "GitHub" %}
-    {%- set brand="github" -%}
+<p>
+  Publisher: <a href="https://github.com/{{ publ.repository }}/blob/HEAD/.github/workflows/{{ publ.workflow }}">
+    <i class="fa-brands fa-github" aria-hidden="true"></i>
+    <code>{{ publ.workflow }}</code> on {{ publ.repository }}
+  </a>
+</p>
 {% elif publ.kind == "GitLab" %}
-    {%- set brand="gitlab" -%}
-{% endif %}
 <p>
-  Permanent source link: <a href="{{ repo_url_with_reference(claims.get('1.3.6.1.4.1.57264.1.12'),claims.get('1.3.6.1.4.1.57264.1.13')) }}">
-    <i class="fa-brands fa-{{ brand }}" aria-hidden="true"></i>
-    {{ repository_name(publ) }}#{{ claims.get("1.3.6.1.4.1.57264.1.13") }}
+  Publisher: <a href="https://gitlab.com/{{ publ.repository }}/blob/HEAD/{{ publ.workflow_filepath }}">
+    <i class="fa-brands fa-gitlab" aria-hidden="true"></i>
+    <code>{{ publ.workflow_filepath }}</code> on {{ publ.repository }}
   </a>
 </p>
+{% endif %}
 {%- endmacro %}
 
 <div id="{{ file.filename }}" data-project-tabs-target="content" class="vertical-tabs__content" role="tabpanel" aria-labelledby="file-tab mobile-file-tab" tabindex="-1">
@@ -138,14 +118,14 @@ <h3>Provenance</h3>
         </div>
 
         <div class="card file__card">
-          {{ publisher(bundle.publisher, bundle.attestations[0].certificate_claims )}}
+          {{ publisher(bundle.publisher) }}
           Attestations:
           <small>
             <i>Values shown here reflect the state when the release was signed and may no longer be current.</i>
           </small>
           <ul>
           {% for attestation in bundle.attestations %}
-            <li>
+          <li>
               {% set statement = attestation.statement %}
               Statement:
               <ul>
@@ -157,45 +137,31 @@ <h3>Provenance</h3>
                 <li>Sigstore transparency entry: <a href="https://search.sigstore.dev/?logIndex={{ tlog_entry.logIndex }}">{{ tlog_entry.logIndex }}</a> </li>
                 <li>Sigstore integration time: {{ humanize(tlog_entry.integratedTime | int | ctime, time="true") }} </li>
               </ul>
-              {% set claims = attestation.certificate_claims %}
+              {% set claims = get_publication_details(attestation.certificate_claims, bundle.publisher) %}
               Source repository:
               <ul>
-                <!-- 1.3.6.1.4.1.57264.1.12 | Source Repository URI-->
-                <!-- 1.3.6.1.4.1.57264.1.13 | Source Repository Digest-->
-                <li>Permalink: <a href="{{ repo_url_with_reference(claims.get("1.3.6.1.4.1.57264.1.12"), claims.get("1.3.6.1.4.1.57264.1.13")) }}">
-                    <code>{{ repository_name(bundle.publisher) }}#{{ claims.get("1.3.6.1.4.1.57264.1.13") }}</code>
+                <li>Permalink: <a href="{{ format_url(claims.source, claims.source_digest) }}">
+                    <code>{{ bundle.publisher.repository }}@{{ claims.source_digest }}</code>
                 </a></li>
-                <!-- 1.3.6.1.4.1.57264.1.14 | Source Repository Ref-->
-                <li>Branch / Tag: <a href="{{ repo_url_with_reference(claims.get("1.3.6.1.4.1.57264.1.12"), claims.get("1.3.6.1.4.1.57264.1.14")) }} ">
-                    <code>{{ claims.get("1.3.6.1.4.1.57264.1.14") }}</code>
+                <li>Branch / Tag: <a href="{{ format_url(claims.source, claims.source_ref) }} ">
+                    <code>{{ claims.source_ref }}</code>
                 </a></li>
-                <!-- 1.3.6.1.4.1.57264.1.15 | Source Repository Identifier-->
-                <!-- 1.3.6.1.4.1.57264.1.16 | Source Repository Owner URI-->
-                <li>Owner: <a href="{{ claims.get("1.3.6.1.4.1.57264.1.16") }}">{{ claims.get("1.3.6.1.4.1.57264.1.16") }}</a></li>
-                <!-- 1.3.6.1.4.1.57264.1.17 | Source Repository Owner Identifier-->
-                <!-- 1.3.6.1.4.1.57264.1.22 | Source Repository Visibility At Signing-->
-                <li>Access: <code>{{ claims.get("1.3.6.1.4.1.57264.1.22") }}</code></li>
+                <li>Owner: <a href="{{ claims.owner }}">{{ claims.owner }}</a></li>
+                <li>Access: <code>{{ claims.access }}</code></li>
               </ul>
-              Build information:
+              Publication detail:
               <ul>
-                <!-- 1.3.6.1.4.1.57264.1.8 | Issuer-->
-                <!-- 1.3.6.1.4.1.57264.1.9 | Build Signer URI-->
-                <!-- 1.3.6.1.4.1.57264.1.10 | Build Signer Digest-->
-                <li>Token Issuer: <code>{{ claims.get("1.3.6.1.4.1.57264.1.8") }}</code></li>
-                <!-- 1.3.6.1.4.1.57264.1.11 | Runner Environment-->
-                <li>Build Environment: <code>{{ claims.get("1.3.6.1.4.1.57264.1.11") }}</code></li>
-                <!-- 1.3.6.1.4.1.57264.1.18 | Build Config URI-->
-                <!-- 1.3.6.1.4.1.57264.1.19 | Build Config Digest-->
-                <li>Build Configuration File:
-                  <a href="{{ workflow_url(bundle.publisher, claims) }}">
-                    <code>{{ workflow_filename(bundle.publisher) }}#{{ claims.get("1.3.6.1.4.1.57264.1.19") }}</code>
+                <li>Token Issuer: <code>{{ claims.issuer }}</code></li>
+                <li>Runner Environment: <code>{{ claims.environment }}</code></li>
+                <li>Publication workflow:
+                  <a href="{{ claims.workflow_url }}">
+                    <code>{{ claims.workflow_filename }}@{{ claims.build_hash }}</code>
                   </a>
                 </li>
-                <!-- 1.3.6.1.4.1.57264.1.20 | Build Trigger-->
-                <li>Trigger Event: <code>{{ claims.get("1.3.6.1.4.1.57264.1.20") }}</code></li>
-                <!-- 1.3.6.1.4.1.57264.1.21 | Run Invocation URI-->
+                <li>Trigger Event: <code>{{ claims.trigger }}</code></li>
               </ul>
-            {% endfor %}
+          </li>
+          {% endfor %}
           </ul>
         </div>
       </div>

From 611631f97a5c5bcdd237043d3590ba063641efae Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Wed, 27 Nov 2024 15:36:23 +0100
Subject: [PATCH 05/12] Fix GitLab URLs

---
 tests/unit/packaging/test_views.py            | 16 ++++++--
 warehouse/packaging/views.py                  | 40 +++++++++++--------
 .../templates/includes/file-details.html      |  4 +-
 3 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/tests/unit/packaging/test_views.py b/tests/unit/packaging/test_views.py
index b363d6f76f9a..66a80f5562b0 100644
--- a/tests/unit/packaging/test_views.py
+++ b/tests/unit/packaging/test_views.py
@@ -326,11 +326,12 @@ def test_long_singleline_license(self, db_request):
         )
 
     @pytest.mark.parametrize(
-        ("base_url", "reference", "expected"),
+        ("base_url", "reference", "publisher", "expected"),
         [
             (
                 "https://github.com/pypi/warehouse",
                 "2ec275dc2a05cd8ed2f0a9a0adadfcff9096d982",
+                pretend.stub(kind="GitHub"),
                 (
                     "https://github.com/pypi/warehouse/tree/"
                     "2ec275dc2a05cd8ed2f0a9a0adadfcff9096d982"
@@ -339,12 +340,19 @@ def test_long_singleline_license(self, db_request):
             (
                 "https://gitlab.com/sample/sample",
                 "refs/heads/main",
-                "https://gitlab.com/sample/sample/tree/refs/heads/main",
+                pretend.stub(kind="GitLab"),
+                "https://gitlab.com/sample/sample/-/tree/main",
+            ),
+            (
+                "https://example.com/sample/sample",
+                "refs/heads/main",
+                pretend.stub(kind="Unknown"),
+                "https://example.com/sample/sample/refs/heads/main",
             ),
         ],
     )
-    def test_format_url(self, base_url, reference, expected):
-        assert views.format_url(base_url, reference) == expected
+    def test_format_url(self, base_url, reference, publisher, expected):
+        assert views.format_url(base_url, reference, publisher) == expected
 
     @pytest.mark.parametrize(
         ("publisher_name", "claims"),
diff --git a/warehouse/packaging/views.py b/warehouse/packaging/views.py
index 7d7600179acb..8b359f954dbb 100644
--- a/warehouse/packaging/views.py
+++ b/warehouse/packaging/views.py
@@ -9,9 +9,11 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-import typing
+
+from typing import cast
 
 from natsort import natsorted
+from pypi_attestations import GitHubPublisher, GitLabPublisher, Publisher
 from pyramid.httpexceptions import HTTPMovedPermanently, HTTPNotFound
 from pyramid.view import view_config
 from sqlalchemy.exc import NoResultFound
@@ -23,9 +25,6 @@
 from warehouse.packaging.forms import SubmitMalwareObservationForm
 from warehouse.packaging.models import Description, File, Project, Release, Role
 
-if typing.TYPE_CHECKING:
-    import pypi_attestations
-
 
 @view_config(
     route_name="packaging.project",
@@ -60,24 +59,31 @@ def project_detail(project, request):
     return release_detail(release, request)
 
 
-def format_url(base_url: str, reference: str):
+def format_url(base_url: str, reference: str, publisher: Publisher):
     """Format a URL to create a permalink to a repository.
 
-    Works on both GitHub and GitLab.
     Reference can either be a hash or a named revision.
     """
-    return f"{base_url}/tree/{reference}"
-
-
-def get_publication_details(
-    claims: dict[str, str], publisher: pypi_attestations.Publisher
-):
+    match publisher.kind:
+        case "GitHub":
+            return f"{base_url}/tree/{reference}"
+        case "GitLab":
+            reference = reference.removeprefix("refs/heads/")
+            return f"{base_url}/-/tree/{reference}"
+        case _:
+            # Best effort here
+            return f"{base_url}/{reference}"
+
+
+def get_publication_details(claims: dict[str, str], publisher: Publisher):
     """Helper function for Jinja to format the claims present in the attestation."""
-    workflow_filename = ""
-    if publisher.kind == "GitHub":
-        workflow_filename = publisher.workflow
-    elif publisher.kind == "GitLab":
-        workflow_filename = publisher.workflow_filepath
+    match publisher.kind:
+        case "GitHub":
+            workflow_filename = cast(GitHubPublisher, publisher).workflow
+        case "GitLab":
+            workflow_filename = cast(GitLabPublisher, publisher).workflow_filepath
+        case _:
+            workflow_filename = ""
 
     # Source Repository URI
     repo_url = claims.get("1.3.6.1.4.1.57264.1.12", "")
diff --git a/warehouse/templates/includes/file-details.html b/warehouse/templates/includes/file-details.html
index e6febcd45ee3..074e8b7f4f43 100644
--- a/warehouse/templates/includes/file-details.html
+++ b/warehouse/templates/includes/file-details.html
@@ -140,10 +140,10 @@ <h3>Provenance</h3>
               {% set claims = get_publication_details(attestation.certificate_claims, bundle.publisher) %}
               Source repository:
               <ul>
-                <li>Permalink: <a href="{{ format_url(claims.source, claims.source_digest) }}">
+                <li>Permalink: <a href="{{ format_url(claims.source, claims.source_digest, bundle.publisher) }}">
                     <code>{{ bundle.publisher.repository }}@{{ claims.source_digest }}</code>
                 </a></li>
-                <li>Branch / Tag: <a href="{{ format_url(claims.source, claims.source_ref) }} ">
+                <li>Branch / Tag: <a href="{{ format_url(claims.source, claims.source_ref, bundle.publisher) }} ">
                     <code>{{ claims.source_ref }}</code>
                 </a></li>
                 <li>Owner: <a href="{{ claims.owner }}">{{ claims.owner }}</a></li>

From 7ee4de0c00525adc831530e3cbca7154077d7853 Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Wed, 27 Nov 2024 15:48:59 +0100
Subject: [PATCH 06/12] Update Translations

---
 warehouse/locale/messages.pot | 36 +++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/warehouse/locale/messages.pot b/warehouse/locale/messages.pot
index d36a6f3318fc..cc86ff8dfe39 100644
--- a/warehouse/locale/messages.pot
+++ b/warehouse/locale/messages.pot
@@ -757,7 +757,7 @@ msgstr ""
 msgid "Provide an Inspector link to specific lines of code."
 msgstr ""
 
-#: warehouse/packaging/views.py:212
+#: warehouse/packaging/views.py:280
 msgid "Your report has been recorded. Thank you for your help."
 msgstr ""
 
@@ -826,7 +826,7 @@ msgstr ""
 #: warehouse/templates/base.html:321 warehouse/templates/base.html:331
 #: warehouse/templates/base.html:344
 #: warehouse/templates/includes/accounts/profile-callout.html:18
-#: warehouse/templates/includes/file-details.html:121
+#: warehouse/templates/includes/file-details.html:101
 #: warehouse/templates/index.html:100 warehouse/templates/index.html:104
 #: warehouse/templates/manage/account.html:228
 #: warehouse/templates/manage/account.html:234
@@ -2707,51 +2707,51 @@ msgstr ""
 msgid "Public profile"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:54
+#: warehouse/templates/includes/file-details.html:34
 msgid "File details"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:65
+#: warehouse/templates/includes/file-details.html:45
 #, python-format
 msgid "Upload date: %(upload_time)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:66
+#: warehouse/templates/includes/file-details.html:46
 #, python-format
 msgid "Size: %(size)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:67
+#: warehouse/templates/includes/file-details.html:47
 #, python-format
 msgid "Tags: %(tags)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:69
+#: warehouse/templates/includes/file-details.html:49
 #, python-format
 msgid "Uploaded using Trusted Publishing? %(is_tp)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:74
+#: warehouse/templates/includes/file-details.html:54
 #, python-format
 msgid "Uploaded via: %(uploaded_via)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:82
+#: warehouse/templates/includes/file-details.html:62
 #, python-format
 msgid "Hashes for %(filename)s"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:85
+#: warehouse/templates/includes/file-details.html:65
 msgid "Algorithm"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:86
+#: warehouse/templates/includes/file-details.html:66
 msgid "Hash digest"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:95
-#: warehouse/templates/includes/file-details.html:104
-#: warehouse/templates/includes/file-details.html:113
+#: warehouse/templates/includes/file-details.html:75
+#: warehouse/templates/includes/file-details.html:84
+#: warehouse/templates/includes/file-details.html:93
 #: warehouse/templates/manage/account.html:206
 #: warehouse/templates/manage/account/recovery_codes-provision.html:58
 #: warehouse/templates/manage/account/totp-provision.html:57
@@ -2761,9 +2761,9 @@ msgstr ""
 msgid "Copy to clipboard"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:96
-#: warehouse/templates/includes/file-details.html:105
-#: warehouse/templates/includes/file-details.html:114
+#: warehouse/templates/includes/file-details.html:76
+#: warehouse/templates/includes/file-details.html:85
+#: warehouse/templates/includes/file-details.html:94
 #: warehouse/templates/manage/account.html:207
 #: warehouse/templates/manage/account/recovery_codes-provision.html:59
 #: warehouse/templates/manage/account/totp-provision.html:58
@@ -2772,7 +2772,7 @@ msgstr ""
 msgid "Copy"
 msgstr ""
 
-#: warehouse/templates/includes/file-details.html:121
+#: warehouse/templates/includes/file-details.html:101
 #, python-format
 msgid ""
 "<a href=\"%(href)s\" title=\"%(title)s\" target=\"_blank\" "

From a583a740dbd13f3a00ff9e53967b6cfc43b8358e Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Mon, 2 Dec 2024 14:53:37 +0100
Subject: [PATCH 07/12] Remove workaround to install unreleased
 pypi-attestation

---
 Dockerfile            | 3 +--
 requirements/main.in  | 2 +-
 requirements/main.txt | 6 +++---
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 88ec49acd987..5f1988795a63 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -220,7 +220,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     set -x \
     && apt-get update \
     && apt-get install --no-install-recommends -y \
-        libpq5 libxml2 libxslt1.1 libcurl4 git \
+        libpq5 libxml2 libxslt1.1 libcurl4  \
         $(if [ "$DEVEL" = "yes" ]; then echo 'bash libjpeg62 postgresql-client build-essential libffi-dev libxml2-dev libxslt-dev libpq-dev libcurl4-openssl-dev libssl-dev vim oathtool'; fi) \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -238,5 +238,4 @@ COPY . /opt/warehouse/src/
 RUN tldextract --update
 # Load our module to pre-compile as much bytecode as we can easily.
 # Saves time collectively on container boot!
-RUN pip install --force pypi-attestations@git+https://github.com/trailofbits/pypi-attestations/@dm/extensions
 RUN python -m warehouse
diff --git a/requirements/main.in b/requirements/main.in
index 50bf00d4dc91..1671b9b8f6a1 100644
--- a/requirements/main.in
+++ b/requirements/main.in
@@ -65,7 +65,7 @@ redis>=2.8.0,<6.0.0
 rfc3986
 sentry-sdk
 setuptools
-pypi-attestations==0.0.17
+pypi-attestations==0.0.18
 sqlalchemy[asyncio]>=2.0,<3.0
 stdlib-list
 stripe
diff --git a/requirements/main.txt b/requirements/main.txt
index 67a7a4e01ac9..50f3b8b3ba02 100644
--- a/requirements/main.txt
+++ b/requirements/main.txt
@@ -1798,9 +1798,9 @@ pyparsing==3.2.0 \
     --hash=sha256:93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84 \
     --hash=sha256:cbf74e27246d595d9a74b186b810f6fbb86726dbf3b9532efb343f6d7294fe9c
     # via linehaul
-pypi-attestations==0.0.17 \
-    --hash=sha256:5936c0c69af4e31d69543d03c9809c53c3f1c12b7eed6d83fe1bc81bf6a58c2e \
-    --hash=sha256:5a8a6a89f146d97357284fb6f467ea095273cf385f2f62ce49ad70b0a2057841
+pypi-attestations==0.0.18 \
+    --hash=sha256:08490f8f6bebb032e0776539e130f8101163a96ad84e2983b9b0cd11a45f346f \
+    --hash=sha256:1c88f7d312ba86e82882d3d704077f9d87a360e5215d26c872e90565829ce855
     # via -r requirements/main.in
 pyqrcode==1.2.1 \
     --hash=sha256:1b2812775fa6ff5c527977c4cd2ccb07051ca7d0bc0aecf937a43864abe5eff6 \

From d9730fd1d77a0fb840d2d1a9d88023d7f66d2d29 Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Mon, 2 Dec 2024 17:22:35 +0100
Subject: [PATCH 08/12] Update to use a viewer

---
 dev/db/post-migrations.sql                    |   3 +-
 requirements/main.txt                         | 197 +++++++-------
 ...p740-sampleproject-1.0.0.tar.gz.provenance |  67 +++++
 .../sampleproject-4.0.0.tar.gz.provenance     |  64 +++++
 tests/conftest.py                             |  28 +-
 tests/unit/packaging/test_views.py            | 253 +++++++++---------
 warehouse/packaging/views.py                  | 202 +++++++++-----
 .../templates/includes/file-details.html      |  38 ++-
 8 files changed, 540 insertions(+), 312 deletions(-)
 create mode 100644 tests/_fixtures/pep740-sampleproject-1.0.0.tar.gz.provenance
 create mode 100644 tests/_fixtures/sampleproject-4.0.0.tar.gz.provenance

diff --git a/dev/db/post-migrations.sql b/dev/db/post-migrations.sql
index 14ed5b9d0764..f9a638d95ede 100644
--- a/dev/db/post-migrations.sql
+++ b/dev/db/post-migrations.sql
@@ -64,8 +64,9 @@ INSERT INTO provenance (file_id, provenance)
     WHERE release_id = (SELECT id FROM releases WHERE project_id = '4587cc12-e342-4880-9f61-ea4990fb81ea' AND version = '1.2.0')
     AND packagetype = 'sdist';
 
+-- This attestation comes from `pep740-example/sampleproject` version `1.0.0` on GitLab
 INSERT INTO provenance (file_id, provenance)
-  SELECT id, '{"attestation_bundles":[{"attestations":[{"envelope":{"signature":"MEQCIHAIF5F/e7GC6Ks9xmhP4JZcIOhLiX+tPXlD7wTPsCSVAiAPYs6cCAXYMZ3FqSlxfQ3Fx1GyrzqHawW+TaBUgRHu8A==","statement":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoic2FtcGxlcHJvamVjdC00LjAuMC1weTMtbm9uZS1hbnkud2hsIiwiZGlnZXN0Ijp7InNoYTI1NiI6ImMyM2U0NDdlYTkwZDc5NmQxZTY0NWMzNWM0YjJkZTEyNTA0MGFkZDEyYTg0NTgyNTU0NmY5MWM5M2YzOTFiNmIifX1dLCJwcmVkaWNhdGVUeXBlIjoiaHR0cHM6Ly9kb2NzLnB5cGkub3JnL2F0dGVzdGF0aW9ucy9wdWJsaXNoL3YxIiwicHJlZGljYXRlIjpudWxsfQ=="},"verification_material":{"certificate":"MIIGoTCCBiigAwIBAgITFai+PDKak1xA1HLq0mskqhDV5zAKBggqhkjOPQQDAzA3MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxHjAcBgNVBAMTFXNpZ3N0b3JlLWludGVybWVkaWF0ZTAeFw0yNDExMDYyMjM3MDdaFw0yNDExMDYyMjQ3MDdaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARbx1Fse2Ln00On5aFaL+lHNGFYLaqeKDduplZDPJS+w2PjYfNPL0g/n4sDWEQFZfyIExEWKulZ2GKNzAc0+SmUo4IFSDCCBUQwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBT/uSEIXmQzuRkppWXrTKVkfZFJbzAfBgNVHSMEGDAWgBTf0+nPViQRlvmo2OkoVaLGLhhkPzBhBgNVHREBAf8EVzBVhlNodHRwczovL2dpdGh1Yi5jb20vcHlwYS9zYW1wbGVwcm9qZWN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMBIGCisGAQQBg78wAQIEBHB1c2gwNgYKKwYBBAGDvzABAwQoNjIxZTQ5NzRjYTI1Y2U1MzE3NzNkZWY1ODZiYTNlZDhlNzM2YjNmYzAVBgorBgEEAYO/MAEEBAdSZWxlYXNlMCAGCisGAQQBg78wAQUEEnB5cGEvc2FtcGxlcHJvamVjdDAdBgorBgEEAYO/MAEGBA9yZWZzL2hlYWRzL21haW4wOwYKKwYBBAGDvzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMGMGCisGAQQBg78wAQkEVQxTaHR0cHM6Ly9naXRodWIuY29tL3B5cGEvc2FtcGxlcHJvamVjdC8uZ2l0aHViL3dvcmtmbG93cy9yZWxlYXNlLnltbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABCgQqDCg2MjFlNDk3NGNhMjVjZTUzMTc3M2RlZjU4NmJhM2VkOGU3MzZiM2ZjMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDA1BgorBgEEAYO/MAEMBCcMJWh0dHBzOi8vZ2l0aHViLmNvbS9weXBhL3NhbXBsZXByb2plY3QwOAYKKwYBBAGDvzABDQQqDCg2MjFlNDk3NGNhMjVjZTUzMTc3M2RlZjU4NmJhM2VkOGU3MzZiM2ZjMB8GCisGAQQBg78wAQ4EEQwPcmVmcy9oZWFkcy9tYWluMBgGCisGAQQBg78wAQ8ECgwIMTQ4OTk1OTYwJwYKKwYBBAGDvzABEAQZDBdodHRwczovL2dpdGh1Yi5jb20vcHlwYTAWBgorBgEEAYO/MAERBAgMBjY0NzAyNTBjBgorBgEEAYO/MAESBFUMU2h0dHBzOi8vZ2l0aHViLmNvbS9weXBhL3NhbXBsZXByb2plY3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoNjIxZTQ5NzRjYTI1Y2U1MzE3NzNkZWY1ODZiYTNlZDhlNzM2YjNmYzAUBgorBgEEAYO/MAEUBAYMBHB1c2gwWQYKKwYBBAGDvzABFQRLDElodHRwczovL2dpdGh1Yi5jb20vcHlwYS9zYW1wbGVwcm9qZWN0L2FjdGlvbnMvcnVucy8xMTcxMzAzODk4MS9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTA5/X5AAABAMARzBFAiA6nYK0GxqVzJutrjrYA1bAIKHUjGrsHMLrOJTTEUiERAIhAJZotATnSwlKt7C3Zwhx3fcSrhGfOakTlM2w+8qmltcjMAoGCCqGSM49BAMDA2cAMGQCMB+ilsPgy4ynUG9GtqDEBqW8+ZqjX6LpuxQqjCr7s4ytyt2ppFdgjrGrG1DY4nSZtQIwblrgq9t9izAMTkJeqhQBs2OUiyIJZipceD5vAAE/Nfgd/9uK0MZAHFsLgalqOBl8","transparency_entries":[{"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiMDMyYzUwMGI4MjYzY2U0ZDg2ZTA4ZWEzMWEyZDY4NzZjZGI5YjQ5Yzg4MDUyZGM2OTYxNTk4NmQxMzQ0NzY4MyJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjE3NTYxNzdmZDZlZTI1YjQxMjM4NjdmN2MyZTkyMzRlYWQ0NDU1MGRiYmRiMjU5Yjk0ZTllYjRiNzVmZDRkNWQifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVRQ0lIQUlGNUYvZTdHQzZLczl4bWhQNEpaY0lPaExpWCt0UFhsRDd3VFBzQ1NWQWlBUFlzNmNDQVhZTVozRnFTbHhmUTNGeDFHeXJ6cUhhd1crVGFCVWdSSHU4QT09IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VkdlZFTkRRbWxwWjBGM1NVSkJaMGxVUm1GcEsxQkVTMkZyTVhoQk1VaE1jVEJ0YzJ0eGFFUldOWHBCUzBKblozRm9hMnBQVUZGUlJFRjZRVE1LVFZKVmQwVjNXVVJXVVZGTFJYZDRlbUZYWkhwa1J6bDVXbE0xYTFwWVdYaElha0ZqUW1kT1ZrSkJUVlJHV0U1d1dqTk9NR0l6U214TVYyeDFaRWRXZVFwaVYxWnJZVmRHTUZwVVFXVkdkekI1VGtSRmVFMUVXWGxOYWswelRVUmtZVVozTUhsT1JFVjRUVVJaZVUxcVVUTk5SR1JoVFVGQmQxZFVRVlJDWjJOeENtaHJhazlRVVVsQ1FtZG5jV2hyYWs5UVVVMUNRbmRPUTBGQlVtSjRNVVp6WlRKTWJqQXdUMjQxWVVaaFRDdHNTRTVIUmxsTVlYRmxTMFJrZFhCc1drUUtVRXBUSzNjeVVHcFpaazVRVERCbkwyNDBjMFJYUlZGR1dtWjVTVVY0UlZkTGRXeGFNa2RMVG5wQll6QXJVMjFWYnpSSlJsTkVRME5DVlZGM1JHZFpSQXBXVWpCUVFWRklMMEpCVVVSQloyVkJUVUpOUjBFeFZXUktVVkZOVFVGdlIwTkRjMGRCVVZWR1FuZE5SRTFDTUVkQk1WVmtSR2RSVjBKQ1ZDOTFVMFZKQ2xodFVYcDFVbXR3Y0ZkWWNsUkxWbXRtV2taS1lucEJaa0puVGxaSVUwMUZSMFJCVjJkQ1ZHWXdLMjVRVm1sUlVteDJiVzh5VDJ0dlZtRk1SMHhvYUdzS1VIcENhRUpuVGxaSVVrVkNRV1k0UlZaNlFsWm9iRTV2WkVoU2QyTjZiM1pNTW1Sd1pFZG9NVmxwTldwaU1qQjJZMGhzZDFsVE9YcFpWekYzWWtkV2R3cGpiVGx4V2xkT01FeDVOVzVoV0ZKdlpGZEpkbVF5T1hsaE1scHpZak5rZWt3elNteGlSMVpvWXpKVmRXVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJDbUpYUm5CaWFrRTFRbWR2Y2tKblJVVkJXVTh2VFVGRlFrSkRkRzlrU0ZKM1kzcHZka3d6VW5aaE1sWjFURzFHYW1SSGJIWmliazExV2pKc01HRklWbWtLWkZoT2JHTnRUblppYmxKc1ltNVJkVmt5T1hSTlFrbEhRMmx6UjBGUlVVSm5OemgzUVZGSlJVSklRakZqTW1kM1RtZFpTMHQzV1VKQ1FVZEVkbnBCUWdwQmQxRnZUbXBKZUZwVVVUVk9lbEpxV1ZSSk1Wa3lWVEZOZWtVelRucE9hMXBYV1RGUFJGcHBXVlJPYkZwRWFHeE9lazB5V1dwT2JWbDZRVlpDWjI5eUNrSm5SVVZCV1U4dlRVRkZSVUpCWkZOYVYzaHNXVmhPYkUxRFFVZERhWE5IUVZGUlFtYzNPSGRCVVZWRlJXNUNOV05IUlhaak1rWjBZMGQ0YkdOSVNuWUtZVzFXYW1SRVFXUkNaMjl5UW1kRlJVRlpUeTlOUVVWSFFrRTVlVnBYV25wTU1taHNXVmRTZWt3eU1XaGhWelIzVDNkWlMwdDNXVUpDUVVkRWRucEJRZ3BEUVZGMFJFTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVk1iVVpxWkVkc2RtSnVUWFZhTW13d1lVaFdhV1JZVG14amJVNTJZbTVTYkdKdVVYVlpNamwwQ2sxSFRVZERhWE5IUVZGUlFtYzNPSGRCVVd0RlZsRjRWR0ZJVWpCalNFMDJUSGs1Ym1GWVVtOWtWMGwxV1RJNWRFd3pRalZqUjBWMll6SkdkR05IZUd3S1kwaEtkbUZ0Vm1wa1F6aDFXakpzTUdGSVZtbE1NMlIyWTIxMGJXSkhPVE5qZVRsNVdsZDRiRmxZVG14TWJteDBZa1ZDZVZwWFducE1NbWhzV1ZkU2VncE1NakZvWVZjMGQwOUJXVXRMZDFsQ1FrRkhSSFo2UVVKRFoxRnhSRU5uTWsxcVJteE9SR3N6VGtkT2FFMXFWbXBhVkZWNlRWUmpNMDB5VW14YWFsVTBDazV0U21oTk1sWnJUMGRWTTAxNldtbE5NbHBxVFVJd1IwTnBjMGRCVVZGQ1p6YzRkMEZSYzBWRWQzZE9XakpzTUdGSVZtbE1WMmgyWXpOU2JGcEVRVEVLUW1kdmNrSm5SVVZCV1U4dlRVRkZUVUpEWTAxS1YyZ3daRWhDZWs5cE9IWmFNbXd3WVVoV2FVeHRUblppVXpsM1pWaENhRXd6VG1oaVdFSnpXbGhDZVFwaU1uQnNXVE5SZDA5QldVdExkMWxDUWtGSFJIWjZRVUpFVVZGeFJFTm5NazFxUm14T1JHc3pUa2RPYUUxcVZtcGFWRlY2VFZSak0wMHlVbXhhYWxVMENrNXRTbWhOTWxaclQwZFZNMDE2V21sTk1scHFUVUk0UjBOcGMwZEJVVkZDWnpjNGQwRlJORVZGVVhkUVkyMVdiV041T1c5YVYwWnJZM2s1ZEZsWGJIVUtUVUpuUjBOcGMwZEJVVkZDWnpjNGQwRlJPRVZEWjNkSlRWUlJORTlVYXpGUFZGbDNTbmRaUzB0M1dVSkNRVWRFZG5wQlFrVkJVVnBFUW1SdlpFaFNkd3BqZW05MlRESmtjR1JIYURGWmFUVnFZakl3ZG1OSWJIZFpWRUZYUW1kdmNrSm5SVVZCV1U4dlRVRkZVa0pCWjAxQ2Fsa3dUbnBCZVU1VVFtcENaMjl5Q2tKblJVVkJXVTh2VFVGRlUwSkdWVTFWTW1nd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemwzWlZoQ2FFd3pUbWhpV0VKeldsaENlV0l5Y0d3S1dUTlJka3h0WkhCa1IyZ3hXV2s1TTJJelNuSmFiWGgyWkROTmRtTnRWbk5hVjBaNldsTTFOV0pYZUVGamJWWnRZM2s1YjFwWFJtdGplVGwwV1Zkc2RRcE5SR2RIUTJselIwRlJVVUpuTnpoM1FWSk5SVXRuZDI5T2FrbDRXbFJSTlU1NlVtcFpWRWt4V1RKVk1VMTZSVE5PZWs1cldsZFpNVTlFV21sWlZFNXNDbHBFYUd4T2VrMHlXV3BPYlZsNlFWVkNaMjl5UW1kRlJVRlpUeTlOUVVWVlFrRlpUVUpJUWpGak1tZDNWMUZaUzB0M1dVSkNRVWRFZG5wQlFrWlJVa3dLUkVWc2IyUklVbmRqZW05MlRESmtjR1JIYURGWmFUVnFZakl3ZG1OSWJIZFpVemw2V1ZjeGQySkhWbmRqYlRseFdsZE9NRXd5Um1wa1IyeDJZbTVOZGdwamJsWjFZM2s0ZUUxVVkzaE5la0Y2VDBSck5FMVRPV2hrU0ZKc1lsaENNR041T0hoTlFsbEhRMmx6UjBGUlVVSm5OemgzUVZKWlJVTkJkMGRqU0ZacENtSkhiR3BOU1VkTFFtZHZja0puUlVWQlpGbzFRV2RSUTBKSWQwVmxaMEkwUVVoWlFUTlVNSGRoYzJKSVJWUktha2RTTkdOdFYyTXpRWEZLUzFoeWFtVUtVRXN6TDJnMGNIbG5Remh3TjI4MFFVRkJSMVJCTlM5WU5VRkJRVUpCVFVGU2VrSkdRV2xCTm01WlN6QkhlSEZXZWtwMWRISnFjbGxCTVdKQlNVdElWUXBxUjNKelNFMU1jazlLVkZSRlZXbEZVa0ZKYUVGS1dtOTBRVlJ1VTNkc1MzUTNRek5hZDJoNE0yWmpVM0pvUjJaUFlXdFViRTB5ZHlzNGNXMXNkR05xQ2sxQmIwZERRM0ZIVTAwME9VSkJUVVJCTW1OQlRVZFJRMDFDSzJsc2MxQm5lVFI1YmxWSE9VZDBjVVJGUW5GWE9DdGFjV3BZTmt4d2RYaFJjV3BEY2pjS2N6UjVkSGwwTW5Cd1JtUm5hbkpIY2tjeFJGazBibE5hZEZGSmQySnNjbWR4T1hRNWFYcEJUVlJyU21WeGFGRkNjekpQVldsNVNVcGFhWEJqWlVRMWRncEJRVVV2VG1ablpDODVkVXN3VFZwQlNFWnpUR2RoYkhGUFFtdzRDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsifV19fQ==","inclusionPromise":{"signedEntryTimestamp":"MEQCIF/N/GzwLypgHSlaRpDtl6oTZ4cmviE++Z+aY5ksSWKWAiAlenzSiy6/zvFAo44EJSvvXPp8P+YiKZUxhaQPoVP5Wg=="},"inclusionProof":{"checkpoint":{"envelope":"rekor.sigstore.dev - 1193050959916656506\n25232885\nwfIuS5NLOf+4rU8wVjPaezQYEVVpf3aF1G/BfRYMXew=\n\n— rekor.sigstore.dev wNI9ajBFAiAj+8BDcU0CKq9AJ1uOND6fCQ/ugLsk1xnSz0IpXoaE+AIhALUXqsTZ40Mt2X30WNlk6baivF1KA4V4rrjbPNVo9eFC\n"},"hashes":["4bt58suSLj7v+PP3+G6iSxOJV7xu75I78Fh9SZAVbho=","VzJk3yFgaaO7bC/HxvHYPX2g22PiTWKDf0afdGrvceY=","nLzU/ukEW1eoGR2I2UulWDBG6VLtYrA7rNJnei8kH8s=","S182UV88MERSxCgUSBcfhCHJDuyUrAIs/fFmCbpjWgg=","PWqRmPYAwa1fq6R1qSrYlOxCtiKnFZq9hnNt7XwCIA8=","KHxYP0XNSf1yKjp+xY/5Kkckw0Yweyjx9Z6qn2+pnZM=","8/b9kmTAbALhl4EaKIH4uMXhES9ILB0XQkuH44FltJY=","mXfX9NDkaWje6HpniWis2CBELUGjv8LiW2jeMOclCs0=","jRPOva2IEma7ZE7mPN3xHtEnXtMF/HNvrmbC5TKTy14=","s8vUdxeRlxXWTCMdSLhiSzRiYM3eGsVvrm+5HWkTNBc=","4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=","gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="],"logIndex":"25232882","rootHash":"wfIuS5NLOf+4rU8wVjPaezQYEVVpf3aF1G/BfRYMXew=","treeSize":"25232885"},"integratedTime":"1730932628","kindVersion":{"kind":"dsse","version":"0.0.1"},"logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"logIndex":"147137144"}]},"version":1}],"publisher":{"claims":null,"environment":"","kind":"GitHub","repository":"pypa/sampleproject","workflow":"release.yml"}}],"version":1}'
+  SELECT id, '{"version":1,"attestation_bundles":[{"publisher":{"kind":"GitLab","repository":"pep740-example/sampleproject","workflow_filepath":".gitlab-ci.yml","environment":null},"attestations":[{"version":1,"verification_material":{"certificate":"MIIFzjCCBVWgAwIBAgIURx4YEuI6Myhj4jhJP+tGhi6RH4swCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMTI3MTYxNTQyWhcNMjQxMTI3MTYyNTQyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWxmRAqBYCVpUzTruvIbOV/a5IbYhJR9bAih7W8ohK410IJBWCxRRbePpkEUTe2VBdNAzwKsIqEPYLUKx556e8KOCBHQwggRwMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUtjn/Wp4sE0yGAXgsjsypIeeiPgYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wXQYDVR0RAQH/BFMwUYZPaHR0cHM6Ly9naXRsYWIuY29tL3BlcDc0MC1leGFtcGxlL3NhbXBsZXByb2plY3QvLy5naXRsYWItY2kueW1sQHJlZnMvaGVhZHMvbWFpbjAgBgorBgEEAYO/MAEBBBJodHRwczovL2dpdGxhYi5jb20wIgYKKwYBBAGDvzABCAQUDBJodHRwczovL2dpdGxhYi5jb20wXwYKKwYBBAGDvzABCQRRDE9odHRwczovL2dpdGxhYi5jb20vcGVwNzQwLWV4YW1wbGUvc2FtcGxlcHJvamVjdC8vLmdpdGxhYi1jaS55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wAQoEKgwoMGI3MDZiYmYxYjUwZTcyNjZiMzM3NjI1Njg1NjZkNmVjMGY3NmQ2OTAdBgorBgEEAYO/MAELBA8MDWdpdGxhYi1ob3N0ZWQwPwYKKwYBBAGDvzABDAQxDC9odHRwczovL2dpdGxhYi5jb20vcGVwNzQwLWV4YW1wbGUvc2FtcGxlcHJvamVjdDA4BgorBgEEAYO/MAENBCoMKDBiNzA2YmJmMWI1MGU3MjY2YjMzNzYyNTY4NTY2ZDZlYzBmNzZkNjkwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21haW4wGAYKKwYBBAGDvzABDwQKDAg2NDg5NTczNjAxBgorBgEEAYO/MAEQBCMMIWh0dHBzOi8vZ2l0bGFiLmNvbS9wZXA3NDAtZXhhbXBsZTAYBgorBgEEAYO/MAERBAoMCDk4MTM0NDA5MF8GCisGAQQBg78wARIEUQxPaHR0cHM6Ly9naXRsYWIuY29tL3BlcDc0MC1leGFtcGxlL3NhbXBsZXByb2plY3QvLy5naXRsYWItY2kueW1sQHJlZnMvaGVhZHMvbWFpbjA4BgorBgEEAYO/MAETBCoMKDBiNzA2YmJmMWI1MGU3MjY2YjMzNzYyNTY4NTY2ZDZlYzBmNzZkNjkwFAYKKwYBBAGDvzABFAQGDARwdXNoMFEGCisGAQQBg78wARUEQwxBaHR0cHM6Ly9naXRsYWIuY29tL3BlcDc0MC1leGFtcGxlL3NhbXBsZXByb2plY3QvLS9qb2JzLzg0ODY5NzQ1NTkwFwYKKwYBBAGDvzABFgQJDAdwcml2YXRlMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTbmgyrAAABAMARjBEAiAEy6m1+WMuQAW4WXQvhc7BotZSdJTWra7lhpsxRWMs5gIgLKK2xirEjEPMKYS8zYyfO+R3fVAwqDIZ0JuKpf5AVgkwCgYIKoZIzj0EAwMDZwAwZAIwF2MwWxICLdN/tyecQzhCVcp4najAHp2v1EklO53oTz/9Rdq/QSIt3EufKIfhBm4fAjA8mZGxgzOxecA5rCYGZlNL5CEPnLvCLzyDgyQ5Yr5CNCWZ0P9/E7UvK+Ht84kOLPc=","transparency_entries":[{"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiZWJmOTFiZTUxMjkzNzkyYzYzODE0OTRkMzdjODZlM2RlNDZlZjUwYjFkNTU4ZTgzNmUyYWI5ODE4ODMzZjE1NSJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjQ1Y2NkMTA2NjUwOGY4MTNlNmQzZWMwMjRiY2RkZjM2Y2VlNmUxZDM2ODE1YTVjOTJmMzExY2I4NTk2OGEzNGMifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVZQ0lRQ1J3ckZsaXlEZWdPQ0FDZkVlWjBmaFVrUVZMR0ZyZldzbDlndENueDhMU0FJaEFNYjY5UnZlVGU4Zk5FclNhZ3RSMU5vVjErcTlGOStzaEJIY0VDWjlTSEw0IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VaNmFrTkRRbFpYWjBGM1NVSkJaMGxWVW5nMFdVVjFTVFpOZVdocU5HcG9TbEFyZEVkb2FUWlNTRFJ6ZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwUmVFMVVTVE5OVkZsNFRsUlJlVmRvWTA1TmFsRjRUVlJKTTAxVVdYbE9WRkY1VjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVlhlRzFTUVhGQ1dVTldjRlY2VkhKMWRrbGlUMVl2WVRWSllsbG9TbEk1WWtGcGFEY0tWemh2YUVzME1UQkpTa0pYUTNoU1VtSmxVSEJyUlZWVVpUSldRbVJPUVhwM1MzTkpjVVZRV1V4VlMzZzFOVFpsT0V0UFEwSklVWGRuWjFKM1RVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVjBhbTR2Q2xkd05ITkZNSGxIUVZobmMycHplWEJKWldWcFVHZFpkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMWhSV1VSV1VqQlNRVkZJTDBKR1RYZFZXVnBRWVVoU01HTklUVFpNZVRsdVlWaFNjMWxYU1hWWk1qbDBURE5DYkdORVl6Qk5RekZzWlVkR2RBcGpSM2hzVEROT2FHSllRbk5hV0VKNVlqSndiRmt6VVhaTWVUVnVZVmhTYzFsWFNYUlpNbXQxWlZjeGMxRklTbXhhYmsxMllVZFdhRnBJVFhaaVYwWndDbUpxUVdkQ1oyOXlRbWRGUlVGWlR5OU5RVVZDUWtKS2IyUklVbmRqZW05MlRESmtjR1JIZUdoWmFUVnFZakl3ZDBsbldVdExkMWxDUWtGSFJIWjZRVUlLUTBGUlZVUkNTbTlrU0ZKM1kzcHZka3d5WkhCa1IzaG9XV2sxYW1JeU1IZFlkMWxMUzNkWlFrSkJSMFIyZWtGQ1ExRlNVa1JGT1c5a1NGSjNZM3B2ZGdwTU1tUndaRWQ0YUZscE5XcGlNakIyWTBkV2QwNTZVWGRNVjFZMFdWY3hkMkpIVlhaak1rWjBZMGQ0YkdOSVNuWmhiVlpxWkVNNGRreHRaSEJrUjNob0NsbHBNV3BoVXpVMVlsZDRRV050Vm0xamVUbHZXbGRHYTJONU9YUlpWMngxVFVSblIwTnBjMGRCVVZGQ1p6YzRkMEZSYjBWTFozZHZUVWRKTTAxRVdta0tXVzFaZUZscVZYZGFWR041VG1wYWFVMTZUVE5PYWtreFRtcG5NVTVxV210T2JWWnFUVWRaTTA1dFVUSlBWRUZrUW1kdmNrSm5SVVZCV1U4dlRVRkZUQXBDUVRoTlJGZGtjR1JIZUdoWmFURnZZak5PTUZwWFVYZFFkMWxMUzNkWlFrSkJSMFIyZWtGQ1JFRlJlRVJET1c5a1NGSjNZM3B2ZGt3eVpIQmtSM2hvQ2xscE5XcGlNakIyWTBkV2QwNTZVWGRNVjFZMFdWY3hkMkpIVlhaak1rWjBZMGQ0YkdOSVNuWmhiVlpxWkVSQk5FSm5iM0pDWjBWRlFWbFBMMDFCUlU0S1FrTnZUVXRFUW1sT2VrRXlXVzFLYlUxWFNURk5SMVV6VFdwWk1sbHFUWHBPZWxsNVRsUlpORTVVV1RKYVJGcHNXWHBDYlU1NldtdE9hbXQzU0hkWlN3cExkMWxDUWtGSFJIWjZRVUpFWjFGU1JFRTVlVnBYV25wTU1taHNXVmRTZWt3eU1XaGhWelIzUjBGWlMwdDNXVUpDUVVkRWRucEJRa1IzVVV0RVFXY3lDazVFWnpWT1ZHTjZUbXBCZUVKbmIzSkNaMFZGUVZsUEwwMUJSVkZDUTAxTlNWZG9NR1JJUW5wUGFUaDJXakpzTUdKSFJtbE1iVTUyWWxNNWQxcFlRVE1LVGtSQmRGcFlhR2hpV0VKeldsUkJXVUpuYjNKQ1owVkZRVmxQTDAxQlJWSkNRVzlOUTBSck5FMVVUVEJPUkVFMVRVWTRSME5wYzBkQlVWRkNaemM0ZHdwQlVrbEZWVkY0VUdGSVVqQmpTRTAyVEhrNWJtRllVbk5aVjBsMVdUSTVkRXd6UW14alJHTXdUVU14YkdWSFJuUmpSM2hzVEROT2FHSllRbk5hV0VKNUNtSXljR3haTTFGMlRIazFibUZZVW5OWlYwbDBXVEpyZFdWWE1YTlJTRXBzV201TmRtRkhWbWhhU0UxMllsZEdjR0pxUVRSQ1oyOXlRbWRGUlVGWlR5OEtUVUZGVkVKRGIwMUxSRUpwVG5wQk1sbHRTbTFOVjBreFRVZFZNMDFxV1RKWmFrMTZUbnBaZVU1VVdUUk9WRmt5V2tSYWJGbDZRbTFPZWxwclRtcHJkd3BHUVZsTFMzZFpRa0pCUjBSMmVrRkNSa0ZSUjBSQlVuZGtXRTV2VFVaRlIwTnBjMGRCVVZGQ1p6YzRkMEZTVlVWUmQzaENZVWhTTUdOSVRUWk1lVGx1Q21GWVVuTlpWMGwxV1RJNWRFd3pRbXhqUkdNd1RVTXhiR1ZIUm5SalIzaHNURE5PYUdKWVFuTmFXRUo1WWpKd2JGa3pVWFpNVXpseFlqSktla3g2WnpBS1QwUlpOVTU2VVRGT1ZHdDNSbmRaUzB0M1dVSkNRVWRFZG5wQlFrWm5VVXBFUVdSM1kyMXNNbGxZVW14TlNVZEtRbWR2Y2tKblJVVkJaRm8xUVdkUlF3cENTSE5GWlZGQ00wRklWVUV6VkRCM1lYTmlTRVZVU21wSFVqUmpiVmRqTTBGeFNrdFljbXBsVUVzekwyZzBjSGxuUXpod04yODBRVUZCUjFSaWJXZDVDbkpCUVVGQ1FVMUJVbXBDUlVGcFFVVjVObTB4SzFkTmRWRkJWelJYV0ZGMmFHTTNRbTkwV2xOa1NsUlhjbUUzYkdod2MzaFNWMDF6TldkSloweExTeklLZUdseVJXcEZVRTFMV1ZNNGVsbDVaazhyVWpObVZrRjNjVVJKV2pCS2RVdHdaalZCVm1kcmQwTm5XVWxMYjFwSmVtb3dSVUYzVFVSYWQwRjNXa0ZKZHdwR01rMTNWM2hKUTB4a1RpOTBlV1ZqVVhwb1ExWmpjRFJ1WVdwQlNIQXlkakZGYTJ4UE5UTnZWSG92T1ZKa2NTOVJVMGwwTTBWMVprdEpabWhDYlRSbUNrRnFRVGh0V2tkNFozcFBlR1ZqUVRWeVExbEhXbXhPVERWRFJWQnVUSFpEVEhwNVJHZDVVVFZaY2pWRFRrTlhXakJRT1M5Rk4xVjJTeXRJZERnMGEwOEtURkJqUFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSJ9XX19","inclusionPromise":{"signedEntryTimestamp":"MEQCIEf0DL0CdIvZBoF9q0sYJeI2y8ywwtU6VeTrdG6UlOaSAiAOZKwhn7e01NJYxHVFGHkUUI2Z4/fCVhPyRNogRJh0iA=="},"inclusionProof":{"checkpoint":{"envelope":"rekor.sigstore.dev - 1193050959916656506\\n30122734\\neKxSpLhPmsuVutOHnq6yFj81/qweH0iJR9jwe3kbUQ8=\\n\\n— rekor.sigstore.dev wNI9ajBFAiAFQdwIoGspkAO/BRH3jFZsPasIPCJEZB0ZZwT3Ya4EHQIhAOm/Ijj82QDdv3wVuQ3VlZAlabXZZBfk3kBTKARAexwo\\n"},"hashes":["+VppOCmIDzrWmE4W7I6Pv53NnMBcNRsFqfU9GO6PphE=","6Tekh+8zwHFbwKAwUnSVJSoz9UWgb+AWo3qbGSnZyt4=","4LhcnAJ0ygHa6VRNrOQ7wlSEqblWMrge2eOucvvlQAM=","DjMVn62Doaj1ttosoz/6g6X7XYqePW+8eNfSdwf+h+Q=","bd+3uUcW5z3ydt2HXQBp6cK5RSFj9rcoGZjg7Rkhl/o=","Thk4DnFs8p+RMOdDsZImAGdMuh0KB03OxO+OpYtKtOs=","+fFi7qqMze4wmH1L/Vadkpxb54WtRbzY2g0stC/iROw=","ABBbOV/bjpmhTzmyEWHL4Oezw7wDoPRu35y4sS9Ot0c=","NQSiB4z2DRJ4dk02TN0P7h7fvfoXQQKsbP1iishlbCg=","bIflDKfskAxhbt6KyYK9T3bP4LJQ6HCYaeeuD+Q0TZU=","nkvQxCN5e9I9u5D2Ve1JxCTkA/zYtYibp+WWQja89H8=","CZcT4Ba5Aj2Qcv6bZsLT3eyenbBmjXzu7qTAH4oLQAc=","oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=","4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=","gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="],"logIndex":"30122733","rootHash":"eKxSpLhPmsuVutOHnq6yFj81/qweH0iJR9jwe3kbUQ8=","treeSize":"30122734"},"integratedTime":"1732724143","kindVersion":{"kind":"dsse","version":"0.0.1"},"logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"logIndex":"152026995"}]},"envelope":{"statement":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoicGVwNzQwX3NhbXBsZXByb2plY3QtMS4wLjAudGFyLmd6IiwiZGlnZXN0Ijp7InNoYTI1NiI6IjZjZGQ0YTFhMGE0OWFlZWY0NzI2NWU3YmY4ZWMxNjY3MjU3YjM5N2QzNGQ3MzFkYzdiN2FmMzQ5ZGVjYTFjZDgifX1dLCJwcmVkaWNhdGVUeXBlIjoiaHR0cHM6Ly9kb2NzLnB5cGkub3JnL2F0dGVzdGF0aW9ucy9wdWJsaXNoL3YxIiwicHJlZGljYXRlIjpudWxsfQ==","signature":"MEYCIQCRwrFliyDegOCACfEeZ0fhUkQVLGFrfWsl9gtCnx8LSAIhAMb69RveTe8fNErSagtR1NoV1+q9F9+shBHcECZ9SHL4"}}]}]}'
   FROM release_files
     WHERE release_id = (SELECT id FROM releases WHERE project_id = '4587cc12-e342-4880-9f61-ea4990fb81ea' AND version = '1.2.0')
     AND packagetype = 'bdist_wheel';
diff --git a/requirements/main.txt b/requirements/main.txt
index 50f3b8b3ba02..2c3879803115 100644
--- a/requirements/main.txt
+++ b/requirements/main.txt
@@ -1659,105 +1659,116 @@ pycurl==7.45.3 \
     #   -r requirements/main.in
     #   celery
     #   kombu
-pydantic[email]==2.9.2 \
-    --hash=sha256:d155cef71265d1e9807ed1c32b4c8deec042a44a50a4188b25ac67ecd81a9c0f \
-    --hash=sha256:f048cec7b26778210e28a0459867920654d48e5e62db0958433636cde4254f12
+pydantic[email]==2.10.2 \
+    --hash=sha256:2bc2d7f17232e0841cbba4641e65ba1eb6fafb3a08de3a091ff3ce14a197c4fa \
+    --hash=sha256:cfb96e45951117c3024e6b67b25cdc33a3cb7b2fa62e239f7af1378358a1d99e
     # via
     #   -r requirements/main.in
     #   id
     #   pypi-attestations
     #   sigstore
     #   sigstore-rekor-types
-pydantic-core==2.23.4 \
-    --hash=sha256:0a7df63886be5e270da67e0966cf4afbae86069501d35c8c1b3b6c168f42cb36 \
-    --hash=sha256:0cb3da3fd1b6a5d0279a01877713dbda118a2a4fc6f0d821a57da2e464793f05 \
-    --hash=sha256:0dbd8dbed2085ed23b5c04afa29d8fd2771674223135dc9bc937f3c09284d071 \
-    --hash=sha256:0dff76e0602ca7d4cdaacc1ac4c005e0ce0dcfe095d5b5259163a80d3a10d327 \
-    --hash=sha256:1278e0d324f6908e872730c9102b0112477a7f7cf88b308e4fc36ce1bdb6d58c \
-    --hash=sha256:128585782e5bfa515c590ccee4b727fb76925dd04a98864182b22e89a4e6ed36 \
-    --hash=sha256:1498bec4c05c9c787bde9125cfdcc63a41004ff167f495063191b863399b1a29 \
-    --hash=sha256:19442362866a753485ba5e4be408964644dd6a09123d9416c54cd49171f50744 \
-    --hash=sha256:1b84d168f6c48fabd1f2027a3d1bdfe62f92cade1fb273a5d68e621da0e44e6d \
-    --hash=sha256:1e90d2e3bd2c3863d48525d297cd143fe541be8bbf6f579504b9712cb6b643ec \
-    --hash=sha256:20152074317d9bed6b7a95ade3b7d6054845d70584216160860425f4fbd5ee9e \
-    --hash=sha256:216f9b2d7713eb98cb83c80b9c794de1f6b7e3145eef40400c62e86cee5f4e1e \
-    --hash=sha256:233710f069d251feb12a56da21e14cca67994eab08362207785cf8c598e74577 \
-    --hash=sha256:255a8ef062cbf6674450e668482456abac99a5583bbafb73f9ad469540a3a232 \
-    --hash=sha256:2584f7cf844ac4d970fba483a717dbe10c1c1c96a969bf65d61ffe94df1b2863 \
-    --hash=sha256:2971bb5ffe72cc0f555c13e19b23c85b654dd2a8f7ab493c262071377bfce9f6 \
-    --hash=sha256:29d2c342c4bc01b88402d60189f3df065fb0dda3654744d5a165a5288a657368 \
-    --hash=sha256:2e203fdf807ac7e12ab59ca2bfcabb38c7cf0b33c41efeb00f8e5da1d86af480 \
-    --hash=sha256:33e3d65a85a2a4a0dc3b092b938a4062b1a05f3a9abde65ea93b233bca0e03f2 \
-    --hash=sha256:374a5e5049eda9e0a44c696c7ade3ff355f06b1fe0bb945ea3cac2bc336478a2 \
-    --hash=sha256:37b0fe330e4a58d3c58b24d91d1eb102aeec675a3db4c292ec3928ecd892a9a6 \
-    --hash=sha256:3d5639516376dce1940ea36edf408c554475369f5da2abd45d44621cb616f769 \
-    --hash=sha256:42c6dcb030aefb668a2b7009c85b27f90e51e6a3b4d5c9bc4c57631292015b0d \
-    --hash=sha256:4a7cd62e831afe623fbb7aabbb4fe583212115b3ef38a9f6b71869ba644624a2 \
-    --hash=sha256:4ba762ed58e8d68657fc1281e9bb72e1c3e79cc5d464be146e260c541ec12d84 \
-    --hash=sha256:4fc714bdbfb534f94034efaa6eadd74e5b93c8fa6315565a222f7b6f42ca1166 \
-    --hash=sha256:4ffa2ebd4c8530079140dd2d7f794a9d9a73cbb8e9d59ffe24c63436efa8f271 \
-    --hash=sha256:5a1504ad17ba4210df3a045132a7baeeba5a200e930f57512ee02909fc5c4cb5 \
-    --hash=sha256:5c364564d17da23db1106787675fc7af45f2f7b58b4173bfdd105564e132e6fb \
-    --hash=sha256:5e11661ce0fd30a6790e8bcdf263b9ec5988e95e63cf901972107efc49218b13 \
-    --hash=sha256:5f54b118ce5de9ac21c363d9b3caa6c800341e8c47a508787e5868c6b79c9323 \
-    --hash=sha256:5f5ff8d839f4566a474a969508fe1c5e59c31c80d9e140566f9a37bba7b8d556 \
-    --hash=sha256:61817945f2fe7d166e75fbfb28004034b48e44878177fc54d81688e7b85a3665 \
-    --hash=sha256:624e278a7d29b6445e4e813af92af37820fafb6dcc55c012c834f9e26f9aaaef \
-    --hash=sha256:63e46b3169866bd62849936de036f901a9356e36376079b05efa83caeaa02ceb \
-    --hash=sha256:6531b7ca5f951d663c339002e91aaebda765ec7d61b7d1e3991051906ddde119 \
-    --hash=sha256:68665f4c17edcceecc112dfed5dbe6f92261fb9d6054b47d01bf6371a6196126 \
-    --hash=sha256:696dd8d674d6ce621ab9d45b205df149399e4bb9aa34102c970b721554828510 \
-    --hash=sha256:6f783e0ec4803c787bcea93e13e9932edab72068f68ecffdf86a99fd5918878b \
-    --hash=sha256:723314c1d51722ab28bfcd5240d858512ffd3116449c557a1336cbe3919beb87 \
-    --hash=sha256:74b9127ffea03643e998e0c5ad9bd3811d3dac8c676e47db17b0ee7c3c3bf35f \
-    --hash=sha256:7530e201d10d7d14abce4fb54cfe5b94a0aefc87da539d0346a484ead376c3cc \
-    --hash=sha256:77733e3892bb0a7fa797826361ce8a9184d25c8dffaec60b7ffe928153680ba8 \
-    --hash=sha256:78ddaaa81421a29574a682b3179d4cf9e6d405a09b99d93ddcf7e5239c742e21 \
-    --hash=sha256:7c9129eb40958b3d4500fa2467e6a83356b3b61bfff1b414c7361d9220f9ae8f \
-    --hash=sha256:7d32706badfe136888bdea71c0def994644e09fff0bfe47441deaed8e96fdbc6 \
-    --hash=sha256:81965a16b675b35e1d09dd14df53f190f9129c0202356ed44ab2728b1c905658 \
-    --hash=sha256:8394d940e5d400d04cad4f75c0598665cbb81aecefaca82ca85bd28264af7f9b \
-    --hash=sha256:86d2f57d3e1379a9525c5ab067b27dbb8a0642fb5d454e17a9ac434f9ce523e3 \
-    --hash=sha256:883a91b5dd7d26492ff2f04f40fbb652de40fcc0afe07e8129e8ae779c2110eb \
-    --hash=sha256:88ad334a15b32a791ea935af224b9de1bf99bcd62fabf745d5f3442199d86d59 \
-    --hash=sha256:9261d3ce84fa1d38ed649c3638feefeae23d32ba9182963e465d58d62203bd24 \
-    --hash=sha256:97df63000f4fea395b2824da80e169731088656d1818a11b95f3b173747b6cd9 \
-    --hash=sha256:98d134c954828488b153d88ba1f34e14259284f256180ce659e8d83e9c05eaa3 \
-    --hash=sha256:996a38a83508c54c78a5f41456b0103c30508fed9abcad0a59b876d7398f25fd \
-    --hash=sha256:9a5bce9d23aac8f0cf0836ecfc033896aa8443b501c58d0602dbfd5bd5b37753 \
-    --hash=sha256:9a6b5099eeec78827553827f4c6b8615978bb4b6a88e5d9b93eddf8bb6790f55 \
-    --hash=sha256:9d18368b137c6295db49ce7218b1a9ba15c5bc254c96d7c9f9e924a9bc7825ad \
-    --hash=sha256:a4fa4fc04dff799089689f4fd502ce7d59de529fc2f40a2c8836886c03e0175a \
-    --hash=sha256:a5c7ba8ffb6d6f8f2ab08743be203654bb1aaa8c9dcb09f82ddd34eadb695605 \
-    --hash=sha256:aea443fffa9fbe3af1a9ba721a87f926fe548d32cab71d188a6ede77d0ff244e \
-    --hash=sha256:b10bd51f823d891193d4717448fab065733958bdb6a6b351967bd349d48d5c9b \
-    --hash=sha256:ba1a0996f6c2773bd83e63f18914c1de3c9dd26d55f4ac302a7efe93fb8e7433 \
-    --hash=sha256:bb2802e667b7051a1bebbfe93684841cc9351004e2badbd6411bf357ab8d5ac8 \
-    --hash=sha256:cfdd16ab5e59fc31b5e906d1a3f666571abc367598e3e02c83403acabc092e07 \
-    --hash=sha256:d06b0c8da4f16d1d1e352134427cb194a0a6e19ad5db9161bf32b2113409e728 \
-    --hash=sha256:d0776dea117cf5272382634bd2a5c1b6eb16767c223c6a5317cd3e2a757c61a0 \
-    --hash=sha256:d18ca8148bebe1b0a382a27a8ee60350091a6ddaf475fa05ef50dc35b5df6327 \
-    --hash=sha256:d4488a93b071c04dc20f5cecc3631fc78b9789dd72483ba15d423b5b3689b555 \
-    --hash=sha256:d5f7a395a8cf1621939692dba2a6b6a830efa6b3cee787d82c7de1ad2930de64 \
-    --hash=sha256:d7a80d21d613eec45e3d41eb22f8f94ddc758a6c4720842dc74c0581f54993d6 \
-    --hash=sha256:d97683ddee4723ae8c95d1eddac7c192e8c552da0c73a925a89fa8649bf13eea \
-    --hash=sha256:dcedcd19a557e182628afa1d553c3895a9f825b936415d0dbd3cd0bbcfd29b4b \
-    --hash=sha256:de6d1d1b9e5101508cb37ab0d972357cac5235f5c6533d1071964c47139257df \
-    --hash=sha256:df49e7a0861a8c36d089c1ed57d308623d60416dab2647a4a17fe050ba85de0e \
-    --hash=sha256:df933278128ea1cd77772673c73954e53a1c95a4fdf41eef97c2b779271bd0bd \
-    --hash=sha256:e08277a400de01bc72436a0ccd02bdf596631411f592ad985dcee21445bd0068 \
-    --hash=sha256:e38e63e6f3d1cec5a27e0afe90a085af8b6806ee208b33030e65b6516353f1a3 \
-    --hash=sha256:e55541f756f9b3ee346b840103f32779c695a19826a4c442b7954550a0972040 \
-    --hash=sha256:ec4e55f79b1c4ffb2eecd8a0cfba9955a2588497d96851f4c8f99aa4a1d39b12 \
-    --hash=sha256:ed1a53de42fbe34853ba90513cea21673481cd81ed1be739f7f2efb931b24916 \
-    --hash=sha256:ed541d70698978a20eb63d8c5d72f2cc6d7079d9d90f6b50bad07826f1320f5f \
-    --hash=sha256:f09e2ff1f17c2b51f2bc76d1cc33da96298f0a036a137f5440ab3ec5360b624f \
-    --hash=sha256:f220b0eea5965dec25480b6333c788fb72ce5f9129e8759ef876a1d805d00801 \
-    --hash=sha256:f3e0da4ebaef65158d4dfd7d3678aad692f7666877df0002b8a522cdf088f231 \
-    --hash=sha256:f455ee30a9d61d3e1a15abd5068827773d6e4dc513e795f380cdd59932c782d5 \
-    --hash=sha256:f5ef8f42bec47f21d07668a043f077d507e5bf4e668d5c6dfe6aaba89de1a5b8 \
-    --hash=sha256:f69a8e0b033b747bb3e36a44e7732f0c99f7edd5cea723d45bc0d6e95377ffee \
-    --hash=sha256:ff02b6d461a6de369f07ec15e465a88895f3223eb75073ffea56b84d9331f607
+pydantic-core==2.27.1 \
+    --hash=sha256:00e6424f4b26fe82d44577b4c842d7df97c20be6439e8e685d0d715feceb9fb9 \
+    --hash=sha256:029d9757eb621cc6e1848fa0b0310310de7301057f623985698ed7ebb014391b \
+    --hash=sha256:02a3d637bd387c41d46b002f0e49c52642281edacd2740e5a42f7017feea3f2c \
+    --hash=sha256:0325336f348dbee6550d129b1627cb8f5351a9dc91aad141ffb96d4937bd9529 \
+    --hash=sha256:062f60e512fc7fff8b8a9d680ff0ddaaef0193dba9fa83e679c0c5f5fbd018bc \
+    --hash=sha256:0b3dfe500de26c52abe0477dde16192ac39c98f05bf2d80e76102d394bd13854 \
+    --hash=sha256:0e4216e64d203e39c62df627aa882f02a2438d18a5f21d7f721621f7a5d3611d \
+    --hash=sha256:121ceb0e822f79163dd4699e4c54f5ad38b157084d97b34de8b232bcaad70278 \
+    --hash=sha256:159cac0a3d096f79ab6a44d77a961917219707e2a130739c64d4dd46281f5c2a \
+    --hash=sha256:15aae984e46de8d376df515f00450d1522077254ef6b7ce189b38ecee7c9677c \
+    --hash=sha256:15cc53a3179ba0fcefe1e3ae50beb2784dede4003ad2dfd24f81bba4b23a454f \
+    --hash=sha256:161c27ccce13b6b0c8689418da3885d3220ed2eae2ea5e9b2f7f3d48f1d52c27 \
+    --hash=sha256:19910754e4cc9c63bc1c7f6d73aa1cfee82f42007e407c0f413695c2f7ed777f \
+    --hash=sha256:1ba5e3963344ff25fc8c40da90f44b0afca8cfd89d12964feb79ac1411a260ac \
+    --hash=sha256:1c00666a3bd2f84920a4e94434f5974d7bbc57e461318d6bb34ce9cdbbc1f6b2 \
+    --hash=sha256:1c39b07d90be6b48968ddc8c19e7585052088fd7ec8d568bb31ff64c70ae3c97 \
+    --hash=sha256:206b5cf6f0c513baffaeae7bd817717140770c74528f3e4c3e1cec7871ddd61a \
+    --hash=sha256:258c57abf1188926c774a4c94dd29237e77eda19462e5bb901d88adcab6af919 \
+    --hash=sha256:2cdf7d86886bc6982354862204ae3b2f7f96f21a3eb0ba5ca0ac42c7b38598b9 \
+    --hash=sha256:2d4567c850905d5eaaed2f7a404e61012a51caf288292e016360aa2b96ff38d4 \
+    --hash=sha256:35c14ac45fcfdf7167ca76cc80b2001205a8d5d16d80524e13508371fb8cdd9c \
+    --hash=sha256:38de0a70160dd97540335b7ad3a74571b24f1dc3ed33f815f0880682e6880131 \
+    --hash=sha256:3af385b0cee8df3746c3f406f38bcbfdc9041b5c2d5ce3e5fc6637256e60bbc5 \
+    --hash=sha256:3b748c44bb9f53031c8cbc99a8a061bc181c1000c60a30f55393b6e9c45cc5bd \
+    --hash=sha256:3bbd5d8cc692616d5ef6fbbbd50dbec142c7e6ad9beb66b78a96e9c16729b089 \
+    --hash=sha256:3ccaa88b24eebc0f849ce0a4d09e8a408ec5a94afff395eb69baf868f5183107 \
+    --hash=sha256:3fa80ac2bd5856580e242dbc202db873c60a01b20309c8319b5c5986fbe53ce6 \
+    --hash=sha256:4228b5b646caa73f119b1ae756216b59cc6e2267201c27d3912b592c5e323b60 \
+    --hash=sha256:42b0e23f119b2b456d07ca91b307ae167cc3f6c846a7b169fca5326e32fdc6cf \
+    --hash=sha256:45cf8588c066860b623cd11c4ba687f8d7175d5f7ef65f7129df8a394c502de5 \
+    --hash=sha256:45d9c5eb9273aa50999ad6adc6be5e0ecea7e09dbd0d31bd0c65a55a2592ca08 \
+    --hash=sha256:4603137322c18eaf2e06a4495f426aa8d8388940f3c457e7548145011bb68e05 \
+    --hash=sha256:46ccfe3032b3915586e469d4972973f893c0a2bb65669194a5bdea9bacc088c2 \
+    --hash=sha256:4fefee876e07a6e9aad7a8c8c9f85b0cdbe7df52b8a9552307b09050f7512c7e \
+    --hash=sha256:5556470f1a2157031e676f776c2bc20acd34c1990ca5f7e56f1ebf938b9ab57c \
+    --hash=sha256:57866a76e0b3823e0b56692d1a0bf722bffb324839bb5b7226a7dbd6c9a40b17 \
+    --hash=sha256:5897bec80a09b4084aee23f9b73a9477a46c3304ad1d2d07acca19723fb1de62 \
+    --hash=sha256:58ca98a950171f3151c603aeea9303ef6c235f692fe555e883591103da709b23 \
+    --hash=sha256:5ca038c7f6a0afd0b2448941b6ef9d5e1949e999f9e5517692eb6da58e9d44be \
+    --hash=sha256:5f6c8a66741c5f5447e047ab0ba7a1c61d1e95580d64bce852e3df1f895c4067 \
+    --hash=sha256:5f8c4718cd44ec1580e180cb739713ecda2bdee1341084c1467802a417fe0f02 \
+    --hash=sha256:5fde892e6c697ce3e30c61b239330fc5d569a71fefd4eb6512fc6caec9dd9e2f \
+    --hash=sha256:62a763352879b84aa31058fc931884055fd75089cccbd9d58bb6afd01141b235 \
+    --hash=sha256:62ba45e21cf6571d7f716d903b5b7b6d2617e2d5d67c0923dc47b9d41369f840 \
+    --hash=sha256:64c65f40b4cd8b0e049a8edde07e38b476da7e3aaebe63287c899d2cff253fa5 \
+    --hash=sha256:655d7dd86f26cb15ce8a431036f66ce0318648f8853d709b4167786ec2fa4807 \
+    --hash=sha256:66ff044fd0bb1768688aecbe28b6190f6e799349221fb0de0e6f4048eca14c16 \
+    --hash=sha256:672ebbe820bb37988c4d136eca2652ee114992d5d41c7e4858cdd90ea94ffe5c \
+    --hash=sha256:6b9af86e1d8e4cfc82c2022bfaa6f459381a50b94a29e95dcdda8442d6d83864 \
+    --hash=sha256:6e0bd57539da59a3e4671b90a502da9a28c72322a4f17866ba3ac63a82c4498e \
+    --hash=sha256:71a5e35c75c021aaf400ac048dacc855f000bdfed91614b4a726f7432f1f3d6a \
+    --hash=sha256:7597c07fbd11515f654d6ece3d0e4e5093edc30a436c63142d9a4b8e22f19c35 \
+    --hash=sha256:764be71193f87d460a03f1f7385a82e226639732214b402f9aa61f0d025f0737 \
+    --hash=sha256:7699b1df36a48169cdebda7ab5a2bac265204003f153b4bd17276153d997670a \
+    --hash=sha256:7ccebf51efc61634f6c2344da73e366c75e735960b5654b63d7e6f69a5885fa3 \
+    --hash=sha256:7f7059ca8d64fea7f238994c97d91f75965216bcbe5f695bb44f354893f11d52 \
+    --hash=sha256:8065914ff79f7eab1599bd80406681f0ad08f8e47c880f17b416c9f8f7a26d05 \
+    --hash=sha256:816f5aa087094099fff7edabb5e01cc370eb21aa1a1d44fe2d2aefdfb5599b31 \
+    --hash=sha256:81f2ec23ddc1b476ff96563f2e8d723830b06dceae348ce02914a37cb4e74b89 \
+    --hash=sha256:84286494f6c5d05243456e04223d5a9417d7f443c3b76065e75001beb26f88de \
+    --hash=sha256:8bf7b66ce12a2ac52d16f776b31d16d91033150266eb796967a7e4621707e4f6 \
+    --hash=sha256:8f1edcea27918d748c7e5e4d917297b2a0ab80cad10f86631e488b7cddf76a36 \
+    --hash=sha256:981fb88516bd1ae8b0cbbd2034678a39dedc98752f264ac9bc5839d3923fa04c \
+    --hash=sha256:98476c98b02c8e9b2eec76ac4156fd006628b1b2d0ef27e548ffa978393fd154 \
+    --hash=sha256:992cea5f4f3b29d6b4f7f1726ed8ee46c8331c6b4eed6db5b40134c6fe1768bb \
+    --hash=sha256:9a3b0793b1bbfd4146304e23d90045f2a9b5fd5823aa682665fbdaf2a6c28f3e \
+    --hash=sha256:9a42d6a8156ff78981f8aa56eb6394114e0dedb217cf8b729f438f643608cbcd \
+    --hash=sha256:9c10c309e18e443ddb108f0ef64e8729363adbfd92d6d57beec680f6261556f3 \
+    --hash=sha256:9cbd94fc661d2bab2bc702cddd2d3370bbdcc4cd0f8f57488a81bcce90c7a54f \
+    --hash=sha256:9fdcf339322a3fae5cbd504edcefddd5a50d9ee00d968696846f089b4432cf78 \
+    --hash=sha256:a0697803ed7d4af5e4c1adf1670af078f8fcab7a86350e969f454daf598c4960 \
+    --hash=sha256:a28af0695a45f7060e6f9b7092558a928a28553366519f64083c63a44f70e618 \
+    --hash=sha256:a2e02889071850bbfd36b56fd6bc98945e23670773bc7a76657e90e6b6603c08 \
+    --hash=sha256:a33cd6ad9017bbeaa9ed78a2e0752c5e250eafb9534f308e7a5f7849b0b1bfb4 \
+    --hash=sha256:a3cb37038123447cf0f3ea4c74751f6a9d7afef0eb71aa07bf5f652b5e6a132c \
+    --hash=sha256:a57847b090d7892f123726202b7daa20df6694cbd583b67a592e856bff603d6c \
+    --hash=sha256:a5a8e19d7c707c4cadb8c18f5f60c843052ae83c20fa7d44f41594c644a1d330 \
+    --hash=sha256:ac3b20653bdbe160febbea8aa6c079d3df19310d50ac314911ed8cc4eb7f8cb8 \
+    --hash=sha256:ac6c2c45c847bbf8f91930d88716a0fb924b51e0c6dad329b793d670ec5db792 \
+    --hash=sha256:acc07b2cfc5b835444b44a9956846b578d27beeacd4b52e45489e93276241025 \
+    --hash=sha256:aee66be87825cdf72ac64cb03ad4c15ffef4143dbf5c113f64a5ff4f81477bf9 \
+    --hash=sha256:af52d26579b308921b73b956153066481f064875140ccd1dfd4e77db89dbb12f \
+    --hash=sha256:b94d4ba43739bbe8b0ce4262bcc3b7b9f31459ad120fb595627eaeb7f9b9ca01 \
+    --hash=sha256:ba630d5e3db74c79300d9a5bdaaf6200172b107f263c98a0539eeecb857b2337 \
+    --hash=sha256:bed0f8a0eeea9fb72937ba118f9db0cb7e90773462af7962d382445f3005e5a4 \
+    --hash=sha256:bf99c8404f008750c846cb4ac4667b798a9f7de673ff719d705d9b2d6de49c5f \
+    --hash=sha256:c3027001c28434e7ca5a6e1e527487051136aa81803ac812be51802150d880dd \
+    --hash=sha256:c65af9088ac534313e1963443d0ec360bb2b9cba6c2909478d22c2e363d98a51 \
+    --hash=sha256:d0165ab2914379bd56908c02294ed8405c252250668ebcb438a55494c69f44ab \
+    --hash=sha256:d1b26e1dff225c31897696cab7d4f0a315d4c0d9e8666dbffdb28216f3b17fdc \
+    --hash=sha256:d950caa237bb1954f1b8c9227b5065ba6875ac9771bb8ec790d956a699b78676 \
+    --hash=sha256:dc61505e73298a84a2f317255fcc72b710b72980f3a1f670447a21efc88f8381 \
+    --hash=sha256:e173486019cc283dc9778315fa29a363579372fe67045e971e89b6365cc035ed \
+    --hash=sha256:e1f735dc43da318cad19b4173dd1ffce1d84aafd6c9b782b3abc04a0d5a6f5bb \
+    --hash=sha256:e9386266798d64eeb19dd3677051f5705bf873e98e15897ddb7d76f477131967 \
+    --hash=sha256:f216dbce0e60e4d03e0c4353c7023b202d95cbaeff12e5fd2e82ea0a66905073 \
+    --hash=sha256:f4e5658dbffe8843a0f12366a4c2d1c316dbe09bb4dfbdc9d2d9cd6031de8aae \
+    --hash=sha256:f5a823165e6d04ccea61a9f0576f345f8ce40ed533013580e087bd4d7442b52c \
+    --hash=sha256:f69ed81ab24d5a3bd93861c8c4436f54afdf8e8cc421562b0c7504cf3be58206 \
+    --hash=sha256:f82d068a2d6ecfc6e054726080af69a6764a10015467d7d7b9f66d6ed5afa23b
     # via pydantic
 pygments==2.18.0 \
     --hash=sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199 \
diff --git a/tests/_fixtures/pep740-sampleproject-1.0.0.tar.gz.provenance b/tests/_fixtures/pep740-sampleproject-1.0.0.tar.gz.provenance
new file mode 100644
index 000000000000..fd462d42d5f4
--- /dev/null
+++ b/tests/_fixtures/pep740-sampleproject-1.0.0.tar.gz.provenance
@@ -0,0 +1,67 @@
+{
+  "version": 1,
+  "attestation_bundles": [
+    {
+      "publisher": {
+        "kind": "GitLab",
+        "repository": "pep740-example/sampleproject",
+        "workflow_filepath": ".gitlab-ci.yml",
+        "environment": null
+      },
+      "attestations": [
+        {
+          "version": 1,
+          "verification_material": {
+            "certificate": "MIIFzjCCBVWgAwIBAgIURx4YEuI6Myhj4jhJP+tGhi6RH4swCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMTI3MTYxNTQyWhcNMjQxMTI3MTYyNTQyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWxmRAqBYCVpUzTruvIbOV/a5IbYhJR9bAih7W8ohK410IJBWCxRRbePpkEUTe2VBdNAzwKsIqEPYLUKx556e8KOCBHQwggRwMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUtjn/Wp4sE0yGAXgsjsypIeeiPgYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wXQYDVR0RAQH/BFMwUYZPaHR0cHM6Ly9naXRsYWIuY29tL3BlcDc0MC1leGFtcGxlL3NhbXBsZXByb2plY3QvLy5naXRsYWItY2kueW1sQHJlZnMvaGVhZHMvbWFpbjAgBgorBgEEAYO/MAEBBBJodHRwczovL2dpdGxhYi5jb20wIgYKKwYBBAGDvzABCAQUDBJodHRwczovL2dpdGxhYi5jb20wXwYKKwYBBAGDvzABCQRRDE9odHRwczovL2dpdGxhYi5jb20vcGVwNzQwLWV4YW1wbGUvc2FtcGxlcHJvamVjdC8vLmdpdGxhYi1jaS55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wAQoEKgwoMGI3MDZiYmYxYjUwZTcyNjZiMzM3NjI1Njg1NjZkNmVjMGY3NmQ2OTAdBgorBgEEAYO/MAELBA8MDWdpdGxhYi1ob3N0ZWQwPwYKKwYBBAGDvzABDAQxDC9odHRwczovL2dpdGxhYi5jb20vcGVwNzQwLWV4YW1wbGUvc2FtcGxlcHJvamVjdDA4BgorBgEEAYO/MAENBCoMKDBiNzA2YmJmMWI1MGU3MjY2YjMzNzYyNTY4NTY2ZDZlYzBmNzZkNjkwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21haW4wGAYKKwYBBAGDvzABDwQKDAg2NDg5NTczNjAxBgorBgEEAYO/MAEQBCMMIWh0dHBzOi8vZ2l0bGFiLmNvbS9wZXA3NDAtZXhhbXBsZTAYBgorBgEEAYO/MAERBAoMCDk4MTM0NDA5MF8GCisGAQQBg78wARIEUQxPaHR0cHM6Ly9naXRsYWIuY29tL3BlcDc0MC1leGFtcGxlL3NhbXBsZXByb2plY3QvLy5naXRsYWItY2kueW1sQHJlZnMvaGVhZHMvbWFpbjA4BgorBgEEAYO/MAETBCoMKDBiNzA2YmJmMWI1MGU3MjY2YjMzNzYyNTY4NTY2ZDZlYzBmNzZkNjkwFAYKKwYBBAGDvzABFAQGDARwdXNoMFEGCisGAQQBg78wARUEQwxBaHR0cHM6Ly9naXRsYWIuY29tL3BlcDc0MC1leGFtcGxlL3NhbXBsZXByb2plY3QvLS9qb2JzLzg0ODY5NzQ1NTkwFwYKKwYBBAGDvzABFgQJDAdwcml2YXRlMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTbmgyrAAABAMARjBEAiAEy6m1+WMuQAW4WXQvhc7BotZSdJTWra7lhpsxRWMs5gIgLKK2xirEjEPMKYS8zYyfO+R3fVAwqDIZ0JuKpf5AVgkwCgYIKoZIzj0EAwMDZwAwZAIwF2MwWxICLdN/tyecQzhCVcp4najAHp2v1EklO53oTz/9Rdq/QSIt3EufKIfhBm4fAjA8mZGxgzOxecA5rCYGZlNL5CEPnLvCLzyDgyQ5Yr5CNCWZ0P9/E7UvK+Ht84kOLPc=",
+            "transparency_entries": [
+              {
+                "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiZWJmOTFiZTUxMjkzNzkyYzYzODE0OTRkMzdjODZlM2RlNDZlZjUwYjFkNTU4ZTgzNmUyYWI5ODE4ODMzZjE1NSJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjQ1Y2NkMTA2NjUwOGY4MTNlNmQzZWMwMjRiY2RkZjM2Y2VlNmUxZDM2ODE1YTVjOTJmMzExY2I4NTk2OGEzNGMifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVZQ0lRQ1J3ckZsaXlEZWdPQ0FDZkVlWjBmaFVrUVZMR0ZyZldzbDlndENueDhMU0FJaEFNYjY5UnZlVGU4Zk5FclNhZ3RSMU5vVjErcTlGOStzaEJIY0VDWjlTSEw0IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VaNmFrTkRRbFpYWjBGM1NVSkJaMGxWVW5nMFdVVjFTVFpOZVdocU5HcG9TbEFyZEVkb2FUWlNTRFJ6ZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwUmVFMVVTVE5OVkZsNFRsUlJlVmRvWTA1TmFsRjRUVlJKTTAxVVdYbE9WRkY1VjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVlhlRzFTUVhGQ1dVTldjRlY2VkhKMWRrbGlUMVl2WVRWSllsbG9TbEk1WWtGcGFEY0tWemh2YUVzME1UQkpTa0pYUTNoU1VtSmxVSEJyUlZWVVpUSldRbVJPUVhwM1MzTkpjVVZRV1V4VlMzZzFOVFpsT0V0UFEwSklVWGRuWjFKM1RVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVjBhbTR2Q2xkd05ITkZNSGxIUVZobmMycHplWEJKWldWcFVHZFpkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMWhSV1VSV1VqQlNRVkZJTDBKR1RYZFZXVnBRWVVoU01HTklUVFpNZVRsdVlWaFNjMWxYU1hWWk1qbDBURE5DYkdORVl6Qk5RekZzWlVkR2RBcGpSM2hzVEROT2FHSllRbk5hV0VKNVlqSndiRmt6VVhaTWVUVnVZVmhTYzFsWFNYUlpNbXQxWlZjeGMxRklTbXhhYmsxMllVZFdhRnBJVFhaaVYwWndDbUpxUVdkQ1oyOXlRbWRGUlVGWlR5OU5RVVZDUWtKS2IyUklVbmRqZW05MlRESmtjR1JIZUdoWmFUVnFZakl3ZDBsbldVdExkMWxDUWtGSFJIWjZRVUlLUTBGUlZVUkNTbTlrU0ZKM1kzcHZka3d5WkhCa1IzaG9XV2sxYW1JeU1IZFlkMWxMUzNkWlFrSkJSMFIyZWtGQ1ExRlNVa1JGT1c5a1NGSjNZM3B2ZGdwTU1tUndaRWQ0YUZscE5XcGlNakIyWTBkV2QwNTZVWGRNVjFZMFdWY3hkMkpIVlhaak1rWjBZMGQ0YkdOSVNuWmhiVlpxWkVNNGRreHRaSEJrUjNob0NsbHBNV3BoVXpVMVlsZDRRV050Vm0xamVUbHZXbGRHYTJONU9YUlpWMngxVFVSblIwTnBjMGRCVVZGQ1p6YzRkMEZSYjBWTFozZHZUVWRKTTAxRVdta0tXVzFaZUZscVZYZGFWR041VG1wYWFVMTZUVE5PYWtreFRtcG5NVTVxV210T2JWWnFUVWRaTTA1dFVUSlBWRUZrUW1kdmNrSm5SVVZCV1U4dlRVRkZUQXBDUVRoTlJGZGtjR1JIZUdoWmFURnZZak5PTUZwWFVYZFFkMWxMUzNkWlFrSkJSMFIyZWtGQ1JFRlJlRVJET1c5a1NGSjNZM3B2ZGt3eVpIQmtSM2hvQ2xscE5XcGlNakIyWTBkV2QwNTZVWGRNVjFZMFdWY3hkMkpIVlhaak1rWjBZMGQ0YkdOSVNuWmhiVlpxWkVSQk5FSm5iM0pDWjBWRlFWbFBMMDFCUlU0S1FrTnZUVXRFUW1sT2VrRXlXVzFLYlUxWFNURk5SMVV6VFdwWk1sbHFUWHBPZWxsNVRsUlpORTVVV1RKYVJGcHNXWHBDYlU1NldtdE9hbXQzU0hkWlN3cExkMWxDUWtGSFJIWjZRVUpFWjFGU1JFRTVlVnBYV25wTU1taHNXVmRTZWt3eU1XaGhWelIzUjBGWlMwdDNXVUpDUVVkRWRucEJRa1IzVVV0RVFXY3lDazVFWnpWT1ZHTjZUbXBCZUVKbmIzSkNaMFZGUVZsUEwwMUJSVkZDUTAxTlNWZG9NR1JJUW5wUGFUaDJXakpzTUdKSFJtbE1iVTUyWWxNNWQxcFlRVE1LVGtSQmRGcFlhR2hpV0VKeldsUkJXVUpuYjNKQ1owVkZRVmxQTDAxQlJWSkNRVzlOUTBSck5FMVVUVEJPUkVFMVRVWTRSME5wYzBkQlVWRkNaemM0ZHdwQlVrbEZWVkY0VUdGSVVqQmpTRTAyVEhrNWJtRllVbk5aVjBsMVdUSTVkRXd6UW14alJHTXdUVU14YkdWSFJuUmpSM2hzVEROT2FHSllRbk5hV0VKNUNtSXljR3haTTFGMlRIazFibUZZVW5OWlYwbDBXVEpyZFdWWE1YTlJTRXBzV201TmRtRkhWbWhhU0UxMllsZEdjR0pxUVRSQ1oyOXlRbWRGUlVGWlR5OEtUVUZGVkVKRGIwMUxSRUpwVG5wQk1sbHRTbTFOVjBreFRVZFZNMDFxV1RKWmFrMTZUbnBaZVU1VVdUUk9WRmt5V2tSYWJGbDZRbTFPZWxwclRtcHJkd3BHUVZsTFMzZFpRa0pCUjBSMmVrRkNSa0ZSUjBSQlVuZGtXRTV2VFVaRlIwTnBjMGRCVVZGQ1p6YzRkMEZTVlVWUmQzaENZVWhTTUdOSVRUWk1lVGx1Q21GWVVuTlpWMGwxV1RJNWRFd3pRbXhqUkdNd1RVTXhiR1ZIUm5SalIzaHNURE5PYUdKWVFuTmFXRUo1WWpKd2JGa3pVWFpNVXpseFlqSktla3g2WnpBS1QwUlpOVTU2VVRGT1ZHdDNSbmRaUzB0M1dVSkNRVWRFZG5wQlFrWm5VVXBFUVdSM1kyMXNNbGxZVW14TlNVZEtRbWR2Y2tKblJVVkJaRm8xUVdkUlF3cENTSE5GWlZGQ00wRklWVUV6VkRCM1lYTmlTRVZVU21wSFVqUmpiVmRqTTBGeFNrdFljbXBsVUVzekwyZzBjSGxuUXpod04yODBRVUZCUjFSaWJXZDVDbkpCUVVGQ1FVMUJVbXBDUlVGcFFVVjVObTB4SzFkTmRWRkJWelJYV0ZGMmFHTTNRbTkwV2xOa1NsUlhjbUUzYkdod2MzaFNWMDF6TldkSloweExTeklLZUdseVJXcEZVRTFMV1ZNNGVsbDVaazhyVWpObVZrRjNjVVJKV2pCS2RVdHdaalZCVm1kcmQwTm5XVWxMYjFwSmVtb3dSVUYzVFVSYWQwRjNXa0ZKZHdwR01rMTNWM2hKUTB4a1RpOTBlV1ZqVVhwb1ExWmpjRFJ1WVdwQlNIQXlkakZGYTJ4UE5UTnZWSG92T1ZKa2NTOVJVMGwwTTBWMVprdEpabWhDYlRSbUNrRnFRVGh0V2tkNFozcFBlR1ZqUVRWeVExbEhXbXhPVERWRFJWQnVUSFpEVEhwNVJHZDVVVFZaY2pWRFRrTlhXakJRT1M5Rk4xVjJTeXRJZERnMGEwOEtURkJqUFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSJ9XX19",
+                "inclusionPromise": {
+                  "signedEntryTimestamp": "MEQCIEf0DL0CdIvZBoF9q0sYJeI2y8ywwtU6VeTrdG6UlOaSAiAOZKwhn7e01NJYxHVFGHkUUI2Z4/fCVhPyRNogRJh0iA=="
+                },
+                "inclusionProof": {
+                  "checkpoint": {
+                    "envelope": "rekor.sigstore.dev - 1193050959916656506\n30122734\neKxSpLhPmsuVutOHnq6yFj81/qweH0iJR9jwe3kbUQ8=\n\n— rekor.sigstore.dev wNI9ajBFAiAFQdwIoGspkAO/BRH3jFZsPasIPCJEZB0ZZwT3Ya4EHQIhAOm/Ijj82QDdv3wVuQ3VlZAlabXZZBfk3kBTKARAexwo\n"
+                  },
+                  "hashes": [
+                    "+VppOCmIDzrWmE4W7I6Pv53NnMBcNRsFqfU9GO6PphE=",
+                    "6Tekh+8zwHFbwKAwUnSVJSoz9UWgb+AWo3qbGSnZyt4=",
+                    "4LhcnAJ0ygHa6VRNrOQ7wlSEqblWMrge2eOucvvlQAM=",
+                    "DjMVn62Doaj1ttosoz/6g6X7XYqePW+8eNfSdwf+h+Q=",
+                    "bd+3uUcW5z3ydt2HXQBp6cK5RSFj9rcoGZjg7Rkhl/o=",
+                    "Thk4DnFs8p+RMOdDsZImAGdMuh0KB03OxO+OpYtKtOs=",
+                    "+fFi7qqMze4wmH1L/Vadkpxb54WtRbzY2g0stC/iROw=",
+                    "ABBbOV/bjpmhTzmyEWHL4Oezw7wDoPRu35y4sS9Ot0c=",
+                    "NQSiB4z2DRJ4dk02TN0P7h7fvfoXQQKsbP1iishlbCg=",
+                    "bIflDKfskAxhbt6KyYK9T3bP4LJQ6HCYaeeuD+Q0TZU=",
+                    "nkvQxCN5e9I9u5D2Ve1JxCTkA/zYtYibp+WWQja89H8=",
+                    "CZcT4Ba5Aj2Qcv6bZsLT3eyenbBmjXzu7qTAH4oLQAc=",
+                    "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=",
+                    "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=",
+                    "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="
+                  ],
+                  "logIndex": "30122733",
+                  "rootHash": "eKxSpLhPmsuVutOHnq6yFj81/qweH0iJR9jwe3kbUQ8=",
+                  "treeSize": "30122734"
+                },
+                "integratedTime": "1732724143",
+                "kindVersion": {
+                  "kind": "dsse",
+                  "version": "0.0.1"
+                },
+                "logId": {
+                  "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+                },
+                "logIndex": "152026995"
+              }
+            ]
+          },
+          "envelope": {
+            "statement": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoicGVwNzQwX3NhbXBsZXByb2plY3QtMS4wLjAudGFyLmd6IiwiZGlnZXN0Ijp7InNoYTI1NiI6IjZjZGQ0YTFhMGE0OWFlZWY0NzI2NWU3YmY4ZWMxNjY3MjU3YjM5N2QzNGQ3MzFkYzdiN2FmMzQ5ZGVjYTFjZDgifX1dLCJwcmVkaWNhdGVUeXBlIjoiaHR0cHM6Ly9kb2NzLnB5cGkub3JnL2F0dGVzdGF0aW9ucy9wdWJsaXNoL3YxIiwicHJlZGljYXRlIjpudWxsfQ==",
+            "signature": "MEYCIQCRwrFliyDegOCACfEeZ0fhUkQVLGFrfWsl9gtCnx8LSAIhAMb69RveTe8fNErSagtR1NoV1+q9F9+shBHcECZ9SHL4"
+          }
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/tests/_fixtures/sampleproject-4.0.0.tar.gz.provenance b/tests/_fixtures/sampleproject-4.0.0.tar.gz.provenance
new file mode 100644
index 000000000000..d541246ba727
--- /dev/null
+++ b/tests/_fixtures/sampleproject-4.0.0.tar.gz.provenance
@@ -0,0 +1,64 @@
+{
+  "version": 1,
+  "attestation_bundles": [
+    {
+      "publisher": {
+        "kind": "GitHub",
+        "repository": "pypa/sampleproject",
+        "workflow": "release.yml",
+        "environment": ""
+      },
+      "attestations": [
+        {
+          "version": 1,
+          "verification_material": {
+            "certificate": "MIIGoTCCBiigAwIBAgITFai+PDKak1xA1HLq0mskqhDV5zAKBggqhkjOPQQDAzA3MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxHjAcBgNVBAMTFXNpZ3N0b3JlLWludGVybWVkaWF0ZTAeFw0yNDExMDYyMjM3MDdaFw0yNDExMDYyMjQ3MDdaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARbx1Fse2Ln00On5aFaL+lHNGFYLaqeKDduplZDPJS+w2PjYfNPL0g/n4sDWEQFZfyIExEWKulZ2GKNzAc0+SmUo4IFSDCCBUQwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBT/uSEIXmQzuRkppWXrTKVkfZFJbzAfBgNVHSMEGDAWgBTf0+nPViQRlvmo2OkoVaLGLhhkPzBhBgNVHREBAf8EVzBVhlNodHRwczovL2dpdGh1Yi5jb20vcHlwYS9zYW1wbGVwcm9qZWN0Ly5naXRodWIvd29ya2Zsb3dzL3JlbGVhc2UueW1sQHJlZnMvaGVhZHMvbWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMBIGCisGAQQBg78wAQIEBHB1c2gwNgYKKwYBBAGDvzABAwQoNjIxZTQ5NzRjYTI1Y2U1MzE3NzNkZWY1ODZiYTNlZDhlNzM2YjNmYzAVBgorBgEEAYO/MAEEBAdSZWxlYXNlMCAGCisGAQQBg78wAQUEEnB5cGEvc2FtcGxlcHJvamVjdDAdBgorBgEEAYO/MAEGBA9yZWZzL2hlYWRzL21haW4wOwYKKwYBBAGDvzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMGMGCisGAQQBg78wAQkEVQxTaHR0cHM6Ly9naXRodWIuY29tL3B5cGEvc2FtcGxlcHJvamVjdC8uZ2l0aHViL3dvcmtmbG93cy9yZWxlYXNlLnltbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABCgQqDCg2MjFlNDk3NGNhMjVjZTUzMTc3M2RlZjU4NmJhM2VkOGU3MzZiM2ZjMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDA1BgorBgEEAYO/MAEMBCcMJWh0dHBzOi8vZ2l0aHViLmNvbS9weXBhL3NhbXBsZXByb2plY3QwOAYKKwYBBAGDvzABDQQqDCg2MjFlNDk3NGNhMjVjZTUzMTc3M2RlZjU4NmJhM2VkOGU3MzZiM2ZjMB8GCisGAQQBg78wAQ4EEQwPcmVmcy9oZWFkcy9tYWluMBgGCisGAQQBg78wAQ8ECgwIMTQ4OTk1OTYwJwYKKwYBBAGDvzABEAQZDBdodHRwczovL2dpdGh1Yi5jb20vcHlwYTAWBgorBgEEAYO/MAERBAgMBjY0NzAyNTBjBgorBgEEAYO/MAESBFUMU2h0dHBzOi8vZ2l0aHViLmNvbS9weXBhL3NhbXBsZXByb2plY3QvLmdpdGh1Yi93b3JrZmxvd3MvcmVsZWFzZS55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoNjIxZTQ5NzRjYTI1Y2U1MzE3NzNkZWY1ODZiYTNlZDhlNzM2YjNmYzAUBgorBgEEAYO/MAEUBAYMBHB1c2gwWQYKKwYBBAGDvzABFQRLDElodHRwczovL2dpdGh1Yi5jb20vcHlwYS9zYW1wbGVwcm9qZWN0L2FjdGlvbnMvcnVucy8xMTcxMzAzODk4MS9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTA5/X5AAABAMARzBFAiA6nYK0GxqVzJutrjrYA1bAIKHUjGrsHMLrOJTTEUiERAIhAJZotATnSwlKt7C3Zwhx3fcSrhGfOakTlM2w+8qmltcjMAoGCCqGSM49BAMDA2cAMGQCMB+ilsPgy4ynUG9GtqDEBqW8+ZqjX6LpuxQqjCr7s4ytyt2ppFdgjrGrG1DY4nSZtQIwblrgq9t9izAMTkJeqhQBs2OUiyIJZipceD5vAAE/Nfgd/9uK0MZAHFsLgalqOBl8",
+            "transparency_entries": [
+              {
+                "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiOTNlMWYzNjRjODYwZWQ3MzI1MWYzYjI2YTU0YTM5NzFiZmZmZWYwNGU5MGNhNDgyNGU2YjhlMDJhMWIxMTVjMiJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6Ijk1YTdkMGM3ZmVhZWQ1NDA5NDJlZGZlNzBhZjlkM2JiNjNiNjNlODgwZDJkN2ExYzYzZmQ4NDI0YTU2YjQ1YmMifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVVQ0lRRDFKQ0E4bFdSOW5hNDQrelkydHIxM3NFdU1DSXUrRkxTNmVEa3dFU1A1S2dJZ1FETkcrZUE1UGlMU3ZWZCswQUpuM05rMVYzQ3BSalJvejU5TC9NTVR4eU09IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VkdlZFTkRRbWxwWjBGM1NVSkJaMGxVUm1GcEsxQkVTMkZyTVhoQk1VaE1jVEJ0YzJ0eGFFUldOWHBCUzBKblozRm9hMnBQVUZGUlJFRjZRVE1LVFZKVmQwVjNXVVJXVVZGTFJYZDRlbUZYWkhwa1J6bDVXbE0xYTFwWVdYaElha0ZqUW1kT1ZrSkJUVlJHV0U1d1dqTk9NR0l6U214TVYyeDFaRWRXZVFwaVYxWnJZVmRHTUZwVVFXVkdkekI1VGtSRmVFMUVXWGxOYWswelRVUmtZVVozTUhsT1JFVjRUVVJaZVUxcVVUTk5SR1JoVFVGQmQxZFVRVlJDWjJOeENtaHJhazlRVVVsQ1FtZG5jV2hyYWs5UVVVMUNRbmRPUTBGQlVtSjRNVVp6WlRKTWJqQXdUMjQxWVVaaFRDdHNTRTVIUmxsTVlYRmxTMFJrZFhCc1drUUtVRXBUSzNjeVVHcFpaazVRVERCbkwyNDBjMFJYUlZGR1dtWjVTVVY0UlZkTGRXeGFNa2RMVG5wQll6QXJVMjFWYnpSSlJsTkVRME5DVlZGM1JHZFpSQXBXVWpCUVFWRklMMEpCVVVSQloyVkJUVUpOUjBFeFZXUktVVkZOVFVGdlIwTkRjMGRCVVZWR1FuZE5SRTFDTUVkQk1WVmtSR2RSVjBKQ1ZDOTFVMFZKQ2xodFVYcDFVbXR3Y0ZkWWNsUkxWbXRtV2taS1lucEJaa0puVGxaSVUwMUZSMFJCVjJkQ1ZHWXdLMjVRVm1sUlVteDJiVzh5VDJ0dlZtRk1SMHhvYUdzS1VIcENhRUpuVGxaSVVrVkNRV1k0UlZaNlFsWm9iRTV2WkVoU2QyTjZiM1pNTW1Sd1pFZG9NVmxwTldwaU1qQjJZMGhzZDFsVE9YcFpWekYzWWtkV2R3cGpiVGx4V2xkT01FeDVOVzVoV0ZKdlpGZEpkbVF5T1hsaE1scHpZak5rZWt3elNteGlSMVpvWXpKVmRXVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJDbUpYUm5CaWFrRTFRbWR2Y2tKblJVVkJXVTh2VFVGRlFrSkRkRzlrU0ZKM1kzcHZka3d6VW5aaE1sWjFURzFHYW1SSGJIWmliazExV2pKc01HRklWbWtLWkZoT2JHTnRUblppYmxKc1ltNVJkVmt5T1hSTlFrbEhRMmx6UjBGUlVVSm5OemgzUVZGSlJVSklRakZqTW1kM1RtZFpTMHQzV1VKQ1FVZEVkbnBCUWdwQmQxRnZUbXBKZUZwVVVUVk9lbEpxV1ZSSk1Wa3lWVEZOZWtVelRucE9hMXBYV1RGUFJGcHBXVlJPYkZwRWFHeE9lazB5V1dwT2JWbDZRVlpDWjI5eUNrSm5SVVZCV1U4dlRVRkZSVUpCWkZOYVYzaHNXVmhPYkUxRFFVZERhWE5IUVZGUlFtYzNPSGRCVVZWRlJXNUNOV05IUlhaak1rWjBZMGQ0YkdOSVNuWUtZVzFXYW1SRVFXUkNaMjl5UW1kRlJVRlpUeTlOUVVWSFFrRTVlVnBYV25wTU1taHNXVmRTZWt3eU1XaGhWelIzVDNkWlMwdDNXVUpDUVVkRWRucEJRZ3BEUVZGMFJFTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVk1iVVpxWkVkc2RtSnVUWFZhTW13d1lVaFdhV1JZVG14amJVNTJZbTVTYkdKdVVYVlpNamwwQ2sxSFRVZERhWE5IUVZGUlFtYzNPSGRCVVd0RlZsRjRWR0ZJVWpCalNFMDJUSGs1Ym1GWVVtOWtWMGwxV1RJNWRFd3pRalZqUjBWMll6SkdkR05IZUd3S1kwaEtkbUZ0Vm1wa1F6aDFXakpzTUdGSVZtbE1NMlIyWTIxMGJXSkhPVE5qZVRsNVdsZDRiRmxZVG14TWJteDBZa1ZDZVZwWFducE1NbWhzV1ZkU2VncE1NakZvWVZjMGQwOUJXVXRMZDFsQ1FrRkhSSFo2UVVKRFoxRnhSRU5uTWsxcVJteE9SR3N6VGtkT2FFMXFWbXBhVkZWNlRWUmpNMDB5VW14YWFsVTBDazV0U21oTk1sWnJUMGRWTTAxNldtbE5NbHBxVFVJd1IwTnBjMGRCVVZGQ1p6YzRkMEZSYzBWRWQzZE9XakpzTUdGSVZtbE1WMmgyWXpOU2JGcEVRVEVLUW1kdmNrSm5SVVZCV1U4dlRVRkZUVUpEWTAxS1YyZ3daRWhDZWs5cE9IWmFNbXd3WVVoV2FVeHRUblppVXpsM1pWaENhRXd6VG1oaVdFSnpXbGhDZVFwaU1uQnNXVE5SZDA5QldVdExkMWxDUWtGSFJIWjZRVUpFVVZGeFJFTm5NazFxUm14T1JHc3pUa2RPYUUxcVZtcGFWRlY2VFZSak0wMHlVbXhhYWxVMENrNXRTbWhOTWxaclQwZFZNMDE2V21sTk1scHFUVUk0UjBOcGMwZEJVVkZDWnpjNGQwRlJORVZGVVhkUVkyMVdiV041T1c5YVYwWnJZM2s1ZEZsWGJIVUtUVUpuUjBOcGMwZEJVVkZDWnpjNGQwRlJPRVZEWjNkSlRWUlJORTlVYXpGUFZGbDNTbmRaUzB0M1dVSkNRVWRFZG5wQlFrVkJVVnBFUW1SdlpFaFNkd3BqZW05MlRESmtjR1JIYURGWmFUVnFZakl3ZG1OSWJIZFpWRUZYUW1kdmNrSm5SVVZCV1U4dlRVRkZVa0pCWjAxQ2Fsa3dUbnBCZVU1VVFtcENaMjl5Q2tKblJVVkJXVTh2VFVGRlUwSkdWVTFWTW1nd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemwzWlZoQ2FFd3pUbWhpV0VKeldsaENlV0l5Y0d3S1dUTlJka3h0WkhCa1IyZ3hXV2s1TTJJelNuSmFiWGgyWkROTmRtTnRWbk5hVjBaNldsTTFOV0pYZUVGamJWWnRZM2s1YjFwWFJtdGplVGwwV1Zkc2RRcE5SR2RIUTJselIwRlJVVUpuTnpoM1FWSk5SVXRuZDI5T2FrbDRXbFJSTlU1NlVtcFpWRWt4V1RKVk1VMTZSVE5PZWs1cldsZFpNVTlFV21sWlZFNXNDbHBFYUd4T2VrMHlXV3BPYlZsNlFWVkNaMjl5UW1kRlJVRlpUeTlOUVVWVlFrRlpUVUpJUWpGak1tZDNWMUZaUzB0M1dVSkNRVWRFZG5wQlFrWlJVa3dLUkVWc2IyUklVbmRqZW05MlRESmtjR1JIYURGWmFUVnFZakl3ZG1OSWJIZFpVemw2V1ZjeGQySkhWbmRqYlRseFdsZE9NRXd5Um1wa1IyeDJZbTVOZGdwamJsWjFZM2s0ZUUxVVkzaE5la0Y2VDBSck5FMVRPV2hrU0ZKc1lsaENNR041T0hoTlFsbEhRMmx6UjBGUlVVSm5OemgzUVZKWlJVTkJkMGRqU0ZacENtSkhiR3BOU1VkTFFtZHZja0puUlVWQlpGbzFRV2RSUTBKSWQwVmxaMEkwUVVoWlFUTlVNSGRoYzJKSVJWUktha2RTTkdOdFYyTXpRWEZLUzFoeWFtVUtVRXN6TDJnMGNIbG5Remh3TjI4MFFVRkJSMVJCTlM5WU5VRkJRVUpCVFVGU2VrSkdRV2xCTm01WlN6QkhlSEZXZWtwMWRISnFjbGxCTVdKQlNVdElWUXBxUjNKelNFMU1jazlLVkZSRlZXbEZVa0ZKYUVGS1dtOTBRVlJ1VTNkc1MzUTNRek5hZDJoNE0yWmpVM0pvUjJaUFlXdFViRTB5ZHlzNGNXMXNkR05xQ2sxQmIwZERRM0ZIVTAwME9VSkJUVVJCTW1OQlRVZFJRMDFDSzJsc2MxQm5lVFI1YmxWSE9VZDBjVVJGUW5GWE9DdGFjV3BZTmt4d2RYaFJjV3BEY2pjS2N6UjVkSGwwTW5Cd1JtUm5hbkpIY2tjeFJGazBibE5hZEZGSmQySnNjbWR4T1hRNWFYcEJUVlJyU21WeGFGRkNjekpQVldsNVNVcGFhWEJqWlVRMWRncEJRVVV2VG1ablpDODVkVXN3VFZwQlNFWnpUR2RoYkhGUFFtdzRDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsifV19fQ==",
+                "inclusionPromise": {
+                  "signedEntryTimestamp": "MEQCIGzFZon9/joNsiQOL1uoIP/gtz7/A6eAB+50oX3M0CBaAiAZmLVxcgknlWls6R1FswJWCHY0vkwQ/jE5dSkcY43jWA=="
+                },
+                "inclusionProof": {
+                  "checkpoint": {
+                    "envelope": "rekor.sigstore.dev - 1193050959916656506\n25232879\nQrnMowJnGj9hZkL1UOvkg7w+KuG27PEDcsdaEqCtoDM=\n\n— rekor.sigstore.dev wNI9ajBFAiEAshgj30XTIU+L6UyYL0yzLXJbLFmxPEc8ZRmS1R3N1sQCIFCjFEqe9J+Et9sWzJp6SE3p7Eh/+97zON7mwX6unCem\n"
+                  },
+                  "hashes": [
+                    "Bc4heeKQhKCr6/ZtuEHmAyp8AzvP4N1ROusEacAmfFQ=",
+                    "ZTeyp2wk6H1Bgz3SZOqQWoQvCmkiltfFstDiy1WaR9Y=",
+                    "vnHPC5XIhbYQib86Hi6M4OaEOFGFMlOip8+5mxZd8cs=",
+                    "BEONTVFois+c47/YA7vzwZG7fbNLBkVLz1hUM/WMb1k=",
+                    "PWqRmPYAwa1fq6R1qSrYlOxCtiKnFZq9hnNt7XwCIA8=",
+                    "KHxYP0XNSf1yKjp+xY/5Kkckw0Yweyjx9Z6qn2+pnZM=",
+                    "8/b9kmTAbALhl4EaKIH4uMXhES9ILB0XQkuH44FltJY=",
+                    "mXfX9NDkaWje6HpniWis2CBELUGjv8LiW2jeMOclCs0=",
+                    "jRPOva2IEma7ZE7mPN3xHtEnXtMF/HNvrmbC5TKTy14=",
+                    "s8vUdxeRlxXWTCMdSLhiSzRiYM3eGsVvrm+5HWkTNBc=",
+                    "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=",
+                    "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="
+                  ],
+                  "logIndex": "25232877",
+                  "rootHash": "QrnMowJnGj9hZkL1UOvkg7w+KuG27PEDcsdaEqCtoDM=",
+                  "treeSize": "25232879"
+                },
+                "integratedTime": "1730932627",
+                "kindVersion": {
+                  "kind": "dsse",
+                  "version": "0.0.1"
+                },
+                "logId": {
+                  "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+                },
+                "logIndex": "147137139"
+              }
+            ]
+          },
+          "envelope": {
+            "statement": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoic2FtcGxlcHJvamVjdC00LjAuMC50YXIuZ3oiLCJkaWdlc3QiOnsic2hhMjU2IjoiMGFjZTc5ODBmODJjNTgxNWVkZTRjZDdiZjlmNjY5MzY4NGNlYzJhZTQ3YjliN2FkZTlhZGQ1MzNiODYyN2M2YiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL2RvY3MucHlwaS5vcmcvYXR0ZXN0YXRpb25zL3B1Ymxpc2gvdjEiLCJwcmVkaWNhdGUiOm51bGx9",
+            "signature": "MEUCIQD1JCA8lWR9na44+zY2tr13sEuMCIu+FLS6eDkwESP5KgIgQDNG+eA5PiLSvVd+0AJn3Nk1V3CpRjRoz59L/MMTxyM="
+          }
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/tests/conftest.py b/tests/conftest.py
index 9b2724b8930a..3ec3b72327b7 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -17,6 +17,7 @@
 
 from collections import defaultdict
 from contextlib import contextmanager
+from pathlib import Path
 from unittest import mock
 
 import alembic.command
@@ -30,7 +31,7 @@
 
 from jinja2 import Environment, FileSystemLoader
 from psycopg.errors import InvalidCatalogName
-from pypi_attestations import Attestation, Envelope, VerificationMaterial
+from pypi_attestations import Attestation, Envelope, Provenance, VerificationMaterial
 from pyramid.i18n import TranslationString
 from pyramid.static import ManifestCacheBuster
 from pyramid_jinja2 import IJinja2Environment
@@ -68,6 +69,9 @@
 from .common.db.accounts import EmailFactory, UserFactory
 from .common.db.ip_addresses import IpAddressFactory
 
+_HERE = Path(__file__).parent.resolve()
+_FIXTURES = _HERE / "_fixtures"
+
 
 @contextmanager
 def metrics_timing(*args, **kwargs):
@@ -824,3 +828,25 @@ def setex(self, key, value, _seconds):
 @pytest.fixture
 def mockredis():
     return _MockRedis()
+
+
+@pytest.fixture
+def gitlab_provenance() -> Provenance:
+    """
+    Claims extracted from
+    https://test.pypi.org/integrity/pep740-sampleproject/1.0.0/pep740_sampleproject-1.0.0.tar.gz/provenance
+    """
+    return Provenance.model_validate_json(
+        (_FIXTURES / "pep740-sampleproject-1.0.0.tar.gz.provenance").read_text()
+    )
+
+
+@pytest.fixture
+def github_provenance() -> Provenance:
+    """
+    Claims extracted from
+    https://pypi.org/integrity/sampleproject/4.0.0/sampleproject-4.0.0.tar.gz/provenance
+    """
+    return Provenance.model_validate_json(
+        (_FIXTURES / "sampleproject-4.0.0.tar.gz.provenance").read_text()
+    )
diff --git a/tests/unit/packaging/test_views.py b/tests/unit/packaging/test_views.py
index 66a80f5562b0..166dbb216eb9 100644
--- a/tests/unit/packaging/test_views.py
+++ b/tests/unit/packaging/test_views.py
@@ -232,8 +232,7 @@ def test_detail_rendered(self, db_request):
             ],
             "maintainers": sorted(users, key=lambda u: u.username.lower()),
             "license": None,
-            "get_publication_details": views.get_publication_details,
-            "format_url": views.format_url,
+            "PEP740AttestationViewer": views.PEP740AttestationViewer,
         }
 
     def test_detail_renders_files_natural_sort(self, db_request):
@@ -325,141 +324,131 @@ def test_long_singleline_license(self, db_request):
             "characters, it's really so lo..."
         )
 
-    @pytest.mark.parametrize(
-        ("base_url", "reference", "publisher", "expected"),
-        [
-            (
-                "https://github.com/pypi/warehouse",
-                "2ec275dc2a05cd8ed2f0a9a0adadfcff9096d982",
-                pretend.stub(kind="GitHub"),
-                (
-                    "https://github.com/pypi/warehouse/tree/"
-                    "2ec275dc2a05cd8ed2f0a9a0adadfcff9096d982"
-                ),
-            ),
-            (
-                "https://gitlab.com/sample/sample",
-                "refs/heads/main",
-                pretend.stub(kind="GitLab"),
-                "https://gitlab.com/sample/sample/-/tree/main",
-            ),
-            (
-                "https://example.com/sample/sample",
-                "refs/heads/main",
-                pretend.stub(kind="Unknown"),
-                "https://example.com/sample/sample/refs/heads/main",
-            ),
-        ],
-    )
-    def test_format_url(self, base_url, reference, publisher, expected):
-        assert views.format_url(base_url, reference, publisher) == expected
-
-    @pytest.mark.parametrize(
-        ("publisher_name", "claims"),
-        [
-            (
-                "GitLab",
-                {
-                    "1.3.6.1.4.1.57264.1.8": "https://gitlab.com",
-                    "1.3.6.1.4.1.57264.1.9": (
-                        "https://gitlab.com/facutuesca/gitlab-oidc-project//"
-                        ".gitlab-ci.yml@refs/heads/main"
-                    ),
-                    "1.3.6.1.4.1.57264.1.10": (
-                        "72f7c63b75eb55ea80864962f0e645c93414da34"
-                    ),
-                    "1.3.6.1.4.1.57264.1.11": "gitlab-hosted",
-                    "1.3.6.1.4.1.57264.1.12": (
-                        "https://gitlab.com/facutuesca/gitlab-oidc-project"
-                    ),
-                    "1.3.6.1.4.1.57264.1.13": (
-                        "72f7c63b75eb55ea80864962f0e645c93414da34"
-                    ),
-                    "1.3.6.1.4.1.57264.1.14": "refs/heads/main",
-                    "1.3.6.1.4.1.57264.1.15": "55235664",
-                    "1.3.6.1.4.1.57264.1.16": "https://gitlab.com/facutuesca",
-                    "1.3.6.1.4.1.57264.1.17": "12885801",
-                    "1.3.6.1.4.1.57264.1.18": (
-                        "https://gitlab.com/facutuesca/gitlab-oidc-project//"
-                        ".gitlab-ci.yml@refs/heads/main"
-                    ),
-                    "1.3.6.1.4.1.57264.1.19": (
-                        "72f7c63b75eb55ea80864962f0e645c93414da34"
-                    ),
-                    "1.3.6.1.4.1.57264.1.20": "push",
-                    "1.3.6.1.4.1.57264.1.21": (
-                        "https://gitlab.com/facutuesca/gitlab-oidc-project/-/jobs/"
-                        "8415754949"
-                    ),
-                    "1.3.6.1.4.1.57264.1.22": "private",
-                },
-            ),
-            (
-                "GitHub",
-                {
-                    "1.3.6.1.4.1.57264.1.8": (
-                        "https://token.actions.githubusercontent.com"
-                    ),
-                    "1.3.6.1.4.1.57264.1.9": (
-                        "https://github.com/trailofbits/pypi-attestations/"
-                        ".github/workflows/release.yml@refs/tags/v0.0.16"
-                    ),
-                    "1.3.6.1.4.1.57264.1.10": (
-                        "58c872e67c03c9c031ba71b1654ff542ff290cd7"
-                    ),
-                    "1.3.6.1.4.1.57264.1.11": "github-hosted",
-                    "1.3.6.1.4.1.57264.1.12": (
-                        "https://github.com/trailofbits/pypi-attestations"
-                    ),
-                    "1.3.6.1.4.1.57264.1.13": (
-                        "58c872e67c03c9c031ba71b1654ff542ff290cd7"
-                    ),
-                    "1.3.6.1.4.1.57264.1.14": "refs/tags/v0.0.16",
-                    "1.3.6.1.4.1.57264.1.15": "772247423",
-                    "1.3.6.1.4.1.57264.1.16": "https://github.com/trailofbits",
-                    "1.3.6.1.4.1.57264.1.17": "2314423",
-                    "1.3.6.1.4.1.57264.1.18": (
-                        "https://github.com/trailofbits/pypi-attestations/"
-                        ".github/workflows/release.yml@refs/tags/v0.0.16"
-                    ),
-                    "1.3.6.1.4.1.57264.1.19": (
-                        "58c872e67c03c9c031ba71b1654ff542ff290cd7"
-                    ),
-                    "1.3.6.1.4.1.57264.1.20": "release",
-                    "1.3.6.1.4.1.57264.1.21": (
-                        "https://github.com/trailofbits/pypi-attestations/actions/"
-                        "runs/11732568384/attempts/1"
-                    ),
-                    "1.3.6.1.4.1.57264.1.22": "public",
-                },
-            ),
-        ],
-    )
-    def test_get_publication_details(self, publisher_name, claims):
-        if publisher_name == "GitLab":
-            publisher = pretend.stub(
-                kind="GitLab",
-                workflow_filepath="subfolder/example.yml",
-            )
-        elif publisher_name == "GitHub":
-            publisher = pretend.stub(
-                kind="GitHub",
-                workflow="example.yml",
-            )
 
-        views.get_publication_details(
-            claims,
-            publisher,
+class TestPEP740AttestationViewer:
+
+    @pytest.fixture
+    def gitlab_attestation(self, gitlab_provenance):
+        return gitlab_provenance.attestation_bundles[0].attestations[0]
+
+    @pytest.fixture
+    def github_attestation(self, github_provenance):
+        return github_provenance.attestation_bundles[0].attestations[0]
+
+    def test_github_pep740(self, github_attestation):
+        """Test GitLab attestation properties and URL formatting."""
+        github_publisher = pretend.stub(
+            kind="GitHub",
+            workflow=".github/workflows/release.yml",
+        )
+
+        viewer = views.PEP740AttestationViewer(
+            publisher=github_publisher,
+            attestation=github_attestation,
+        )
+
+        assert viewer.statement_type == "https://in-toto.io/Statement/v1"
+        assert viewer.predicate_type == "https://docs.pypi.org/attestations/publish/v1"
+        assert viewer.subject_name == "sampleproject-4.0.0.tar.gz"
+        assert (
+            viewer.subject_digest
+            == "0ace7980f82c5815ede4cd7bf9f6693684cec2ae47b9b7ade9add533b8627c6b"
         )
+        assert viewer.transparency_entry["integratedTime"] == "1730932627"
+
+        assert viewer.repository_url == "https://github.com/pypa/sampleproject"
+        assert viewer.workflow_filename == ".github/workflows/release.yml"
+        assert viewer.workflow_url == (
+            "https://github.com/pypa/sampleproject/blob/"
+            "621e4974ca25ce531773def586ba3ed8e736b3fc/"
+            ".github/workflows/release.yml"
+        )
+        assert viewer.build_digest == "621e4974ca25ce531773def586ba3ed8e736b3fc"
+
+        assert viewer.issuer == "https://token.actions.githubusercontent.com"
+        assert viewer.environment == "github-hosted"
+
+        assert viewer.source == "https://github.com/pypa/sampleproject"
+        assert viewer.source_digest == "621e4974ca25ce531773def586ba3ed8e736b3fc"
+        assert viewer.source_reference == "refs/heads/main"
+        assert viewer.owner == "https://github.com/pypa"
 
-    def test_get_publication_details_unknown(self):
-        results = views.get_publication_details(
-            claims={},
-            publisher=pretend.stub(kind="unknown-publisher"),
+        assert viewer.trigger == "push"
+        assert viewer.access == "public"
+
+        assert viewer.permalink_with_digest == (
+            "https://github.com/pypa/sampleproject/tree/"
+            "621e4974ca25ce531773def586ba3ed8e736b3fc"
+        )
+        assert (
+            viewer.permalink_with_reference
+            == "https://github.com/pypa/sampleproject/tree/refs/heads/main"
         )
 
-        assert not results["workflow_filename"]
-        assert results["workflow_url"] == "/blob//"
+    def test_gitlab_pep740(self, gitlab_attestation):
+        """Test GitLab attestation properties and URL formatting."""
+        gitlab_publisher = pretend.stub(
+            kind="GitLab",
+            workflow_filepath=".gitlab-ci.yml",
+        )
+
+        viewer = views.PEP740AttestationViewer(
+            publisher=gitlab_publisher,
+            attestation=gitlab_attestation,
+        )
+
+        assert viewer.statement_type == "https://in-toto.io/Statement/v1"
+        assert viewer.predicate_type == "https://docs.pypi.org/attestations/publish/v1"
+        assert viewer.subject_name == "pep740_sampleproject-1.0.0.tar.gz"
+        assert (
+            viewer.subject_digest
+            == "6cdd4a1a0a49aeef47265e7bf8ec1667257b397d34d731dc7b7af349deca1cd8"
+        )
+        assert viewer.transparency_entry["integratedTime"] == "1732724143"
+
+        assert (
+            viewer.repository_url == "https://gitlab.com/pep740-example/sampleproject"
+        )
+        assert viewer.workflow_filename == ".gitlab-ci.yml"
+        assert viewer.workflow_url == (
+            "https://gitlab.com/pep740-example/sampleproject/blob/"
+            "0b706bbf1b50e7266b33762568566d6ec0f76d69//.gitlab-ci.yml"
+        )
+        assert viewer.build_digest == "0b706bbf1b50e7266b33762568566d6ec0f76d69"
+
+        assert viewer.issuer == "https://gitlab.com"
+        assert viewer.environment == "gitlab-hosted"
+
+        assert viewer.source == "https://gitlab.com/pep740-example/sampleproject"
+        assert viewer.source_digest == "0b706bbf1b50e7266b33762568566d6ec0f76d69"
+        assert viewer.source_reference == "refs/heads/main"
+        assert viewer.owner == "https://gitlab.com/pep740-example"
+
+        assert viewer.trigger == "push"
+        assert viewer.access == "private"
+
+        assert viewer.permalink_with_digest == (
+            "https://gitlab.com/pep740-example/sampleproject/-/tree/"
+            "0b706bbf1b50e7266b33762568566d6ec0f76d69"
+        )
+        assert (
+            viewer.permalink_with_reference
+            == "https://gitlab.com/pep740-example/sampleproject/-/tree/main"
+        )
+
+    def test_unknown_publisher(self, github_attestation):
+        viewer = views.PEP740AttestationViewer(
+            publisher=pretend.stub(
+                kind="Unknown",
+            ),
+            attestation=pretend.stub(certificate_claims={}),
+        )
+
+        assert viewer.workflow_filename == ""
+        assert (
+            viewer._format_url("https://example.com", "refs/heads/main")
+            == "https://example.com/refs/heads/main"
+        )
 
 
 class TestReportMalwareButton:
diff --git a/warehouse/packaging/views.py b/warehouse/packaging/views.py
index 8b359f954dbb..55f722c43c0b 100644
--- a/warehouse/packaging/views.py
+++ b/warehouse/packaging/views.py
@@ -13,7 +13,13 @@
 from typing import cast
 
 from natsort import natsorted
-from pypi_attestations import GitHubPublisher, GitLabPublisher, Publisher
+from pypi_attestations import (
+    Attestation,
+    GitHubPublisher,
+    GitLabPublisher,
+    Publisher,
+    TransparencyLogEntry,
+)
 from pyramid.httpexceptions import HTTPMovedPermanently, HTTPNotFound
 from pyramid.view import view_config
 from sqlalchemy.exc import NoResultFound
@@ -26,6 +32,135 @@
 from warehouse.packaging.models import Description, File, Project, Release, Role
 
 
+class PEP740AttestationViewer:
+
+    def __init__(self, publisher: Publisher, attestation: Attestation):
+        self.publisher = publisher
+        self.attestation = attestation
+        self.claims = self.attestation.certificate_claims
+
+    def _format_url(self, base_url: str, reference: str) -> str:
+        """Format a URL to create a permalink to a repository.
+
+        Reference can either be a hash or a named revision.
+        """
+        match self.publisher.kind:
+            case "GitHub":
+                return f"{base_url}/tree/{reference}"
+            case "GitLab":
+                reference = reference.removeprefix("refs/heads/")
+                return f"{base_url}/-/tree/{reference}"
+            case _:
+                # Best effort here
+                return f"{base_url}/{reference}"
+
+    # Statement properties
+    @property
+    def statement_type(self) -> str:
+        """The type of the attestation statement."""
+        return self.attestation.statement["_type"]
+
+    @property
+    def predicate_type(self) -> str:
+        """The type of the predicate in the attestation statement."""
+        return self.attestation.statement["predicateType"]
+
+    @property
+    def subject_name(self) -> str:
+        """The name of the subject in the attestation."""
+        return self.attestation.statement["subject"][0]["name"]
+
+    @property
+    def subject_digest(self) -> str:
+        """The SHA256 digest of the subject."""
+        return self.attestation.statement["subject"][0]["digest"]["sha256"]
+
+    @property
+    def transparency_entry(self) -> TransparencyLogEntry:
+        """The first transparency log entry from the verification material."""
+        return self.attestation.verification_material.transparency_entries[0]
+
+    # Certificate properties
+    @property
+    def repository_url(self) -> str:
+        """Source Repository URI."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.12", "")
+
+    @property
+    def workflow_filename(self) -> str:
+        """The filename of the workflow configuration."""
+        match self.publisher.kind:
+            case "GitHub":
+                return cast(GitHubPublisher, self.publisher).workflow
+            case "GitLab":
+                return cast(GitLabPublisher, self.publisher).workflow_filepath
+            case _:
+                return ""
+
+    @property
+    def workflow_url(self) -> str:
+        """Build Config URI with permalink to the exact version used."""
+        repo_url = self.repository_url
+        workflow_url = self.claims.get("1.3.6.1.4.1.57264.1.18", "")
+        workflow_file_path = workflow_url.split("@")[0].replace(repo_url + "/", "")
+        return f"{repo_url}/blob/{self.build_digest}/{workflow_file_path}"
+
+    @property
+    def build_digest(self) -> str:
+        """Build Config Digest."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.19", "")
+
+    @property
+    def issuer(self) -> str:
+        """Issuer of the attestation."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.8", "")
+
+    @property
+    def environment(self) -> str:
+        """Runner Environment."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.11", "")
+
+    @property
+    def source(self) -> str:
+        """Source Repository URI."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.12", "")
+
+    @property
+    def source_digest(self) -> str:
+        """Source Repository Digest."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.13", "")
+
+    @property
+    def source_reference(self) -> str:
+        """Source Repository Reference."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.14", "")
+
+    @property
+    def owner(self) -> str:
+        """Source Repository Owner URI."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.16", "")
+
+    @property
+    def trigger(self) -> str:
+        """Build Trigger."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.20", "")
+
+    @property
+    def access(self) -> str:
+        """Source Repository Visibility At Signing."""
+        return self.claims.get("1.3.6.1.4.1.57264.1.22", "")
+
+    @property
+    def permalink_with_digest(self) -> str:
+        """Construct a permalink using the source digest."""
+        return self._format_url(self.source, self.source_digest)
+
+    @property
+    def permalink_with_reference(self) -> str:
+        """Construct a permalink using the source reference."""
+        return self._format_url(self.source, self.source_reference)
+
+
 @view_config(
     route_name="packaging.project",
     context=Project,
@@ -59,68 +194,6 @@ def project_detail(project, request):
     return release_detail(release, request)
 
 
-def format_url(base_url: str, reference: str, publisher: Publisher):
-    """Format a URL to create a permalink to a repository.
-
-    Reference can either be a hash or a named revision.
-    """
-    match publisher.kind:
-        case "GitHub":
-            return f"{base_url}/tree/{reference}"
-        case "GitLab":
-            reference = reference.removeprefix("refs/heads/")
-            return f"{base_url}/-/tree/{reference}"
-        case _:
-            # Best effort here
-            return f"{base_url}/{reference}"
-
-
-def get_publication_details(claims: dict[str, str], publisher: Publisher):
-    """Helper function for Jinja to format the claims present in the attestation."""
-    match publisher.kind:
-        case "GitHub":
-            workflow_filename = cast(GitHubPublisher, publisher).workflow
-        case "GitLab":
-            workflow_filename = cast(GitLabPublisher, publisher).workflow_filepath
-        case _:
-            workflow_filename = ""
-
-    # Source Repository URI
-    repo_url = claims.get("1.3.6.1.4.1.57264.1.12", "")
-    # Build Config URI
-    workflow_url = claims.get("1.3.6.1.4.1.57264.1.18", "")
-    # Build Config Digest
-    build_hash = claims.get("1.3.6.1.4.1.57264.1.19", "")
-
-    # The claim `workflow_url` does not return a valid link to the repository,
-    # but we can use it to retrieve the path towards the workflow file.
-    workflow_file_path = workflow_url.split("@")[0].replace(repo_url + "/", "")
-
-    workflow_permalink = f"{repo_url}/blob/{build_hash}/{workflow_file_path}"
-
-    return {
-        "workflow_url": workflow_permalink,
-        "workflow_filename": workflow_filename,
-        "build_hash": build_hash,
-        # Issuer
-        "issuer": claims.get("1.3.6.1.4.1.57264.1.8"),
-        # Runner Environment
-        "environment": claims.get("1.3.6.1.4.1.57264.1.11"),
-        # Source Repository URI
-        "source": claims.get("1.3.6.1.4.1.57264.1.12"),
-        # Source Repository Digest
-        "source_digest": claims.get("1.3.6.1.4.1.57264.1.13"),
-        # Source Repository Ref
-        "source_ref": claims.get("1.3.6.1.4.1.57264.1.14"),
-        # Source Repository Owner URI
-        "owner": claims.get("1.3.6.1.4.1.57264.1.16"),
-        # Build Trigger
-        "trigger": claims.get("1.3.6.1.4.1.57264.1.20"),
-        # Source Repository Visibility At Signing
-        "access": claims.get("1.3.6.1.4.1.57264.1.22"),
-    }
-
-
 @view_config(
     route_name="packaging.release",
     context=Release,
@@ -214,8 +287,7 @@ def release_detail(release, request):
         "maintainers": maintainers,
         "license": license,
         # Additional function to format the attestations
-        "get_publication_details": get_publication_details,
-        "format_url": format_url,
+        "PEP740AttestationViewer": PEP740AttestationViewer,
     }
 
 
diff --git a/warehouse/templates/includes/file-details.html b/warehouse/templates/includes/file-details.html
index 074e8b7f4f43..db2d7a174064 100644
--- a/warehouse/templates/includes/file-details.html
+++ b/warehouse/templates/includes/file-details.html
@@ -125,40 +125,38 @@ <h3>Provenance</h3>
           </small>
           <ul>
           {% for attestation in bundle.attestations %}
+          {% set viewer = PEP740AttestationViewer(bundle.publisher, attestation) %}
           <li>
-              {% set statement = attestation.statement %}
               Statement:
               <ul>
-                <li>Statement type: <a href="{{ statement._type }}"><code>{{ statement._type }}</code></a></li>
-                <li>Predicate type: <a href="{{ statement.predicateType }}"><code>{{ statement.predicateType }}</code></a></li>
-                <li>Subject name: <code>{{ statement.subject[0].name }}</code></li>
-                <li>Subject digest: <code>{{ statement.subject[0].digest.sha256 }}</code></li>
-                {% set tlog_entry = attestation.verification_material.transparency_entries[0] %}
-                <li>Sigstore transparency entry: <a href="https://search.sigstore.dev/?logIndex={{ tlog_entry.logIndex }}">{{ tlog_entry.logIndex }}</a> </li>
-                <li>Sigstore integration time: {{ humanize(tlog_entry.integratedTime | int | ctime, time="true") }} </li>
+                <li>Statement type: <a href="{{ viewer.statement_type }}"><code>{{ viewer.statement_type }}</code></a></li>
+                <li>Predicate type: <a href="{{ viewer.predicate_type }}"><code>{{ viewer.predicate_type }}</code></a></li>
+                <li>Subject name: <code>{{ viewer.subject_name }}</code></li>
+                <li>Subject digest: <code>{{ viewer.subject_digest }}</code></li>
+                <li>Sigstore transparency entry: <a href="https://search.sigstore.dev/?logIndex={{ viewer.transparency_entry.logIndex }}">{{ viewer.transparency_entry.logIndex }}</a> </li>
+                <li>Sigstore integration time: {{ humanize(viewer.transparency_entry.integratedTime | int | ctime, time="true") }} </li>
               </ul>
-              {% set claims = get_publication_details(attestation.certificate_claims, bundle.publisher) %}
               Source repository:
               <ul>
-                <li>Permalink: <a href="{{ format_url(claims.source, claims.source_digest, bundle.publisher) }}">
-                    <code>{{ bundle.publisher.repository }}@{{ claims.source_digest }}</code>
+                <li>Permalink: <a href="{{ viewer.permalink_with_digest }}">
+                    <code>{{ bundle.publisher.repository }}@{{ viewer.source_digest }}</code>
                 </a></li>
-                <li>Branch / Tag: <a href="{{ format_url(claims.source, claims.source_ref, bundle.publisher) }} ">
-                    <code>{{ claims.source_ref }}</code>
+                <li>Branch / Tag: <a href="{{ viewer.permalink_with_reference }}">
+                    <code>{{ viewer.source_reference }}</code>
                 </a></li>
-                <li>Owner: <a href="{{ claims.owner }}">{{ claims.owner }}</a></li>
-                <li>Access: <code>{{ claims.access }}</code></li>
+                <li>Owner: <a href="{{ viewer.owner }}">{{ viewer.owner }}</a></li>
+                <li>Access: <code>{{ viewer.access }}</code></li>
               </ul>
               Publication detail:
               <ul>
-                <li>Token Issuer: <code>{{ claims.issuer }}</code></li>
-                <li>Runner Environment: <code>{{ claims.environment }}</code></li>
+                <li>Token Issuer: <code>{{ viewer.issuer }}</code></li>
+                <li>Runner Environment: <code>{{ viewer.environment }}</code></li>
                 <li>Publication workflow:
-                  <a href="{{ claims.workflow_url }}">
-                    <code>{{ claims.workflow_filename }}@{{ claims.build_hash }}</code>
+                  <a href="{{ viewer.workflow_url }}">
+                    <code>{{ viewer.workflow_filename }}@{{ viewer.build_digest }}</code>
                   </a>
                 </li>
-                <li>Trigger Event: <code>{{ claims.trigger }}</code></li>
+                <li>Trigger Event: <code>{{ viewer.trigger }}</code></li>
               </ul>
           </li>
           {% endfor %}

From edc91fe960c73037376b4f25c22b87ba8885768e Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Mon, 2 Dec 2024 17:30:00 +0100
Subject: [PATCH 09/12] Update translations

---
 warehouse/locale/messages.pot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/warehouse/locale/messages.pot b/warehouse/locale/messages.pot
index cc86ff8dfe39..95ef523d0983 100644
--- a/warehouse/locale/messages.pot
+++ b/warehouse/locale/messages.pot
@@ -757,7 +757,7 @@ msgstr ""
 msgid "Provide an Inspector link to specific lines of code."
 msgstr ""
 
-#: warehouse/packaging/views.py:280
+#: warehouse/packaging/views.py:352
 msgid "Your report has been recorded. Thank you for your help."
 msgstr ""
 

From cb23952fca93a3465878e10083d036ad7e88f177 Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Mon, 2 Dec 2024 17:33:15 +0100
Subject: [PATCH 10/12] Update comments

---
 tests/conftest.py                  | 4 ++--
 tests/unit/packaging/test_views.py | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/tests/conftest.py b/tests/conftest.py
index 3ec3b72327b7..a5a41f41e695 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -833,7 +833,7 @@ def mockredis():
 @pytest.fixture
 def gitlab_provenance() -> Provenance:
     """
-    Claims extracted from
+    Provenance from
     https://test.pypi.org/integrity/pep740-sampleproject/1.0.0/pep740_sampleproject-1.0.0.tar.gz/provenance
     """
     return Provenance.model_validate_json(
@@ -844,7 +844,7 @@ def gitlab_provenance() -> Provenance:
 @pytest.fixture
 def github_provenance() -> Provenance:
     """
-    Claims extracted from
+    Provenance from
     https://pypi.org/integrity/sampleproject/4.0.0/sampleproject-4.0.0.tar.gz/provenance
     """
     return Provenance.model_validate_json(
diff --git a/tests/unit/packaging/test_views.py b/tests/unit/packaging/test_views.py
index 166dbb216eb9..f914c3e97b1b 100644
--- a/tests/unit/packaging/test_views.py
+++ b/tests/unit/packaging/test_views.py
@@ -336,7 +336,6 @@ def github_attestation(self, github_provenance):
         return github_provenance.attestation_bundles[0].attestations[0]
 
     def test_github_pep740(self, github_attestation):
-        """Test GitLab attestation properties and URL formatting."""
         github_publisher = pretend.stub(
             kind="GitHub",
             workflow=".github/workflows/release.yml",
@@ -386,7 +385,6 @@ def test_github_pep740(self, github_attestation):
         )
 
     def test_gitlab_pep740(self, gitlab_attestation):
-        """Test GitLab attestation properties and URL formatting."""
         gitlab_publisher = pretend.stub(
             kind="GitLab",
             workflow_filepath=".gitlab-ci.yml",

From 554607ff8f273adbc2836ca37b72d88ecd67df9f Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Tue, 3 Dec 2024 11:42:12 +0100
Subject: [PATCH 11/12] Update dependencies

---
 requirements/main.txt | 851 +++++++++++++++++++++---------------------
 1 file changed, 430 insertions(+), 421 deletions(-)

diff --git a/requirements/main.txt b/requirements/main.txt
index 2c3879803115..c3f196ada86a 100644
--- a/requirements/main.txt
+++ b/requirements/main.txt
@@ -74,34 +74,32 @@ babel==2.16.0 \
     --hash=sha256:368b5b98b37c06b7daf6696391c3240c938b37767d4584413e8438c5c435fa8b \
     --hash=sha256:d1f3554ca26605fe173f3de0c65f750f5a42f924499bf134de6423582298e316
     # via -r requirements/main.in
-bcrypt==4.2.0 \
-    --hash=sha256:096a15d26ed6ce37a14c1ac1e48119660f21b24cba457f160a4b830f3fe6b5cb \
-    --hash=sha256:0da52759f7f30e83f1e30a888d9163a81353ef224d82dc58eb5bb52efcabc399 \
-    --hash=sha256:1bb429fedbe0249465cdd85a58e8376f31bb315e484f16e68ca4c786dcc04291 \
-    --hash=sha256:1d84cf6d877918620b687b8fd1bf7781d11e8a0998f576c7aa939776b512b98d \
-    --hash=sha256:1ee38e858bf5d0287c39b7a1fc59eec64bbf880c7d504d3a06a96c16e14058e7 \
-    --hash=sha256:1ff39b78a52cf03fdf902635e4c81e544714861ba3f0efc56558979dd4f09170 \
-    --hash=sha256:27fe0f57bb5573104b5a6de5e4153c60814c711b29364c10a75a54bb6d7ff48d \
-    --hash=sha256:3413bd60460f76097ee2e0a493ccebe4a7601918219c02f503984f0a7ee0aebe \
-    --hash=sha256:3698393a1b1f1fd5714524193849d0c6d524d33523acca37cd28f02899285060 \
-    --hash=sha256:373db9abe198e8e2c70d12b479464e0d5092cc122b20ec504097b5f2297ed184 \
-    --hash=sha256:39e1d30c7233cfc54f5c3f2c825156fe044efdd3e0b9d309512cc514a263ec2a \
-    --hash=sha256:3bbbfb2734f0e4f37c5136130405332640a1e46e6b23e000eeff2ba8d005da68 \
-    --hash=sha256:3d3a6d28cb2305b43feac298774b997e372e56c7c7afd90a12b3dc49b189151c \
-    --hash=sha256:5a1e8aa9b28ae28020a3ac4b053117fb51c57a010b9f969603ed885f23841458 \
-    --hash=sha256:61ed14326ee023917ecd093ee6ef422a72f3aec6f07e21ea5f10622b735538a9 \
-    --hash=sha256:655ea221910bcac76ea08aaa76df427ef8625f92e55a8ee44fbf7753dbabb328 \
-    --hash=sha256:762a2c5fb35f89606a9fde5e51392dad0cd1ab7ae64149a8b935fe8d79dd5ed7 \
-    --hash=sha256:77800b7147c9dc905db1cba26abe31e504d8247ac73580b4aa179f98e6608f34 \
-    --hash=sha256:8ac68872c82f1add6a20bd489870c71b00ebacd2e9134a8aa3f98a0052ab4b0e \
-    --hash=sha256:8d7bb9c42801035e61c109c345a28ed7e84426ae4865511eb82e913df18f58c2 \
-    --hash=sha256:8f6ede91359e5df88d1f5c1ef47428a4420136f3ce97763e31b86dd8280fbdf5 \
-    --hash=sha256:9c1c4ad86351339c5f320ca372dfba6cb6beb25e8efc659bedd918d921956bae \
-    --hash=sha256:c02d944ca89d9b1922ceb8a46460dd17df1ba37ab66feac4870f6862a1533c00 \
-    --hash=sha256:c52aac18ea1f4a4f65963ea4f9530c306b56ccd0c6f8c8da0c06976e34a6e841 \
-    --hash=sha256:cb2a8ec2bc07d3553ccebf0746bbf3d19426d1c6d1adbd4fa48925f66af7b9e8 \
-    --hash=sha256:cf69eaf5185fd58f268f805b505ce31f9b9fc2d64b376642164e9244540c1221 \
-    --hash=sha256:f4f4acf526fcd1c34e7ce851147deedd4e26e6402369304220250598b26448db
+bcrypt==4.2.1 \
+    --hash=sha256:041fa0155c9004eb98a232d54da05c0b41d4b8e66b6fc3cb71b4b3f6144ba837 \
+    --hash=sha256:04e56e3fe8308a88b77e0afd20bec516f74aecf391cdd6e374f15cbed32783d6 \
+    --hash=sha256:1340411a0894b7d3ef562fb233e4b6ed58add185228650942bdc885362f32c17 \
+    --hash=sha256:533e7f3bcf2f07caee7ad98124fab7499cb3333ba2274f7a36cf1daee7409d99 \
+    --hash=sha256:6765386e3ab87f569b276988742039baab087b2cdb01e809d74e74503c2faafe \
+    --hash=sha256:687cf30e6681eeda39548a93ce9bfbb300e48b4d445a43db4298d2474d2a1e54 \
+    --hash=sha256:76132c176a6d9953cdc83c296aeaed65e1a708485fd55abf163e0d9f8f16ce0e \
+    --hash=sha256:76d3e352b32f4eeb34703370e370997065d28a561e4a18afe4fef07249cb4396 \
+    --hash=sha256:807261df60a8b1ccd13e6599c779014a362ae4e795f5c59747f60208daddd96d \
+    --hash=sha256:89df2aea2c43be1e1fa066df5f86c8ce822ab70a30e4c210968669565c0f4685 \
+    --hash=sha256:8ad2f4528cbf0febe80e5a3a57d7a74e6635e41af1ea5675282a33d769fba413 \
+    --hash=sha256:8c458cd103e6c5d1d85cf600e546a639f234964d0228909d8f8dbeebff82d526 \
+    --hash=sha256:8dbd0747208912b1e4ce730c6725cb56c07ac734b3629b60d4398f082ea718ad \
+    --hash=sha256:909faa1027900f2252a9ca5dfebd25fc0ef1417943824783d1c8418dd7d6df4a \
+    --hash=sha256:aaa2e285be097050dba798d537b6efd9b698aa88eef52ec98d23dcd6d7cf6fea \
+    --hash=sha256:adadd36274510a01f33e6dc08f5824b97c9580583bd4487c564fc4617b328005 \
+    --hash=sha256:b1ee315739bc8387aa36ff127afc99120ee452924e0df517a8f3e4c0187a0f5f \
+    --hash=sha256:b588af02b89d9fad33e5f98f7838bf590d6d692df7153647724a7f20c186f6bf \
+    --hash=sha256:b7703ede632dc945ed1172d6f24e9f30f27b1b1a067f32f68bf169c5f08d0425 \
+    --hash=sha256:c6f5fa3775966cca251848d4d5393ab016b3afed251163c1436fefdec3b02c84 \
+    --hash=sha256:cde78d385d5e93ece5479a0a87f73cd6fa26b171c786a884f955e165032b262c \
+    --hash=sha256:cfdf3d7530c790432046c40cda41dfee8c83e29482e6a604f8930b9930e94139 \
+    --hash=sha256:e158009a54c4c8bc91d5e0da80920d048f918c61a581f0a63e4e93bb556d362f \
+    --hash=sha256:e84e0e6f8e40a242b11bce56c313edc2be121cec3e0ec2d76fce01f6af33c07c \
+    --hash=sha256:f85b1ffa09240c89aa2e1ae9f3b1c687104f7b2b9d2098da4e923f1b7082d331
     # via -r requirements/main.in
 betterproto==2.0.0b6 \
     --hash=sha256:720ae92697000f6fcf049c69267d957f0871654c8b0d7458906607685daee784 \
@@ -111,16 +109,16 @@ billiard==4.2.1 \
     --hash=sha256:12b641b0c539073fc8d3f5b8b7be998956665c4233c7c1fcd66a7e677c4fb36f \
     --hash=sha256:40b59a4ac8806ba2c2369ea98d876bc6108b051c227baffd928c644d15d8f3cb
     # via celery
-boto3==1.35.43 \
-    --hash=sha256:0197f460632804577aa78b2f6daf7b823bffa9d4d67a5cebb179efff0fe9631b \
-    --hash=sha256:e6a50a0599f75b21de0de1a551a0564793d25b304fa623e4052e527b268de734
+boto3==1.35.73 \
+    --hash=sha256:473438feafe77d29fbea532a91a65de0d8751a4fa5822127218710a205e28e7a \
+    --hash=sha256:ccb1a365d3084de53b58f8dfc056462f49b16931c139f4c8ac5f0bca8cb8fe81
     # via
     #   -r requirements/main.in
     #   celery
     #   kombu
-botocore==1.35.43 \
-    --hash=sha256:04539b85ade060601a3023cacb538fc17aad8c059a5a2e18fe4bc5d0d91fbd72 \
-    --hash=sha256:7cfdee9117617da97daaf259dd8484bcdc259c59eb7d1ce7db9ecf8506b7d36c
+botocore==1.35.73 \
+    --hash=sha256:8a6a0f5ad119e38d850571df8c625dbad66aec1b20c15f84cdcb95258f9f1edb \
+    --hash=sha256:b2e3ecdd1769f011f72c4c0d0094570ba125f4ca327f24269e4d68eb5d9878b9
     # via
     #   boto3
     #   s3transfer
@@ -398,76 +396,72 @@ click-repl==0.3.0 \
     --hash=sha256:17849c23dba3d667247dc4defe1757fff98694e90fe37474f3feebb69ced26a9 \
     --hash=sha256:fb7e06deb8da8de86180a33a9da97ac316751c094c6899382da7feeeeb51b812
     # via celery
-cmarkgfm==2024.1.14 \
-    --hash=sha256:02ba52518469ce85448e99beb20b1808c51f5a6cfee12554e5e810bfe774b791 \
-    --hash=sha256:07b83ae8de9a397629b4dbe4f190e8edc87b2b94548fbc644ed006a5cc94d959 \
-    --hash=sha256:0c66d0fecfdee9f2ffe34f640e346c653a951bddba79d192629c60958933aa51 \
-    --hash=sha256:0f7845837b0c4dbb3a1a7bbfffed264f011f86ea1cd0ce7823b533bcce0e1fe3 \
-    --hash=sha256:1444f396fc18115065c66bb6f8a523167fa3bd153423d6fea272c4b486b473cf \
-    --hash=sha256:17b61950e32b6f1d6f93a28beaa5870a2b30e44ce846529ff301c986b817f036 \
-    --hash=sha256:1f530595c5fbd92c248576ce43771bd07289c1d42623422d669e20ddb545d41b \
-    --hash=sha256:1f8205bed32be4226f8e344d4e4be001a57929059c3303107485dacc145df5a8 \
-    --hash=sha256:2196871b8f42dea9d85e1a3c1bcb5e05758946874441ec3f7226d80881284e32 \
-    --hash=sha256:26d39c10b816392a3b54a9a7ba7ce894c40fee2813ac71554c424d6762c28ee6 \
-    --hash=sha256:283de0cf88c784f71e8416cf40fffc133d6ffd9686dbf094c4b5c522e1283343 \
-    --hash=sha256:29b95d267ee1c61fd41d1f8634052a77b554517b18e8ffcdf0181e5e93a7af88 \
-    --hash=sha256:2bc2dc101dd6b27aaa264f4c3e8eb444b850b06c60dc4cd278ea743fb085c35b \
-    --hash=sha256:3340c8867ee9a3d2590eb020f22cdc4e101d3d4d9f4a8cc95964f45666ed58f0 \
-    --hash=sha256:3cdc34d749601ff74209580fb7c80b3cbf1112d2832af52c14387cb04831ff2b \
-    --hash=sha256:4310b7d5cc534c27454406963319a16c7f3f05ff75b7cd24a1091884c04248ad \
-    --hash=sha256:43db622d57e81dce30dcbea3a0198588080559473e5bafb68e10959dbf0a3d0f \
-    --hash=sha256:4808af8c8c2c0a39dca8cc27406416d8254aec635f409dc5beb5cb5ed3af564a \
-    --hash=sha256:491d72e0dcc21ff9f3c9a905f785d4268170964500db498dc5b0f2f390fb340b \
-    --hash=sha256:494daf9790dd1a5440bbe3f5c70e01afbeeb3b7565d373b05b3bfa311a0ac3e3 \
-    --hash=sha256:4ecb19b2fb24fe055bbaf0d38e8262642f27123b4339f1f10e7fabb726e57ee8 \
-    --hash=sha256:4ff20857ccded325e11323540d0506fc1bd9ceea9746f81f08fe3d7e52f0a6bc \
-    --hash=sha256:53ccf3d184080f8626264f49866df4ead90685f4d5a3d5d01ffba7f50fd15512 \
-    --hash=sha256:56d68fcf5e71879c327f0889b1127ce58e85e1ac44a624f24933430d726381f3 \
-    --hash=sha256:56ec68a68164bf2ac0fd448d7fcb90d360a42072a6abd62be3e0d222240b7304 \
-    --hash=sha256:57545dfbd9f26fd3b07909d1bac3dacba4cb493fe872da2f4237b4c3597d7a3a \
-    --hash=sha256:5a922846197ac9452cca8aaa9c4b5e56b215299d067e704df9c56c8d87463335 \
-    --hash=sha256:5aa2e85a1e0f3929015d5fe023bd3664d8c744d3f898bdd05df99ed905782376 \
-    --hash=sha256:6565d5659d80d119733a407af70e5de7c04e0822fabb91db83688e0e280cc174 \
-    --hash=sha256:6d14d928ad46974098979358ca456a056b8df91d5e6fa6e9294bd1173dfdfa10 \
-    --hash=sha256:70db301d140d1f0cabe58770aad8506a4bd7fa0e5b0fae78c8f9a80712d14857 \
-    --hash=sha256:7973812317ef672c5a1c59065294c4b280aaffb7fe1071b8c661de82021d4f1b \
-    --hash=sha256:7ccd6689108673be5bb19f3a3b02cf897fab9b04290a0548e4c6deec5a1fec9a \
-    --hash=sha256:7d3f497cbbaeb540a741a6516673045abcc11b41029bc3dbc95b3b5ea2cc2182 \
-    --hash=sha256:7de3d8bfc64168419a6d1edb223616ac6f54b67e20e4b6b70f3ae659fd3f3f31 \
-    --hash=sha256:7eff0e618704c49ab3f77680a0722aced6c99d2fe590b8f8d655fa29ed17270e \
-    --hash=sha256:82b62dbc7f546c43d99964914133b7e4d7ef7ce4f411cd0acc95b382853aa47f \
-    --hash=sha256:890a235fc0cf5c821ed4dd81a5405a526e9cc616761345aee54840a575b7f969 \
-    --hash=sha256:8b8fd26ff27b9895f48459b8e556b9d6c4d255ac3735b3b2f8b14b9787ff6b89 \
-    --hash=sha256:93364f7ec9de71285f0a27552f9cfa30aa4d311d37c820daa65dc27ab211a746 \
-    --hash=sha256:9659715d79cbc5c030d36709fe443a47b5c6dbb77bd05e5531feedbe5ad00ac5 \
-    --hash=sha256:966bd27336736b2950551348b1bfc71863ea26b76b245e9966ee80cc9cde04ee \
-    --hash=sha256:a208c1726e12ba385125cef2c6d375c41c5dea4cc2673a77af712b1dbf074e90 \
-    --hash=sha256:a3fe7e5357233649030f22dd816354e51c99f90857cff904a173bbd602733aca \
-    --hash=sha256:a4b20a59dc14a074bae0bd04306e504512c1883b0c9b6e0e0c5b217797571363 \
-    --hash=sha256:a8c929836caf96c4fb7fd5e7f9efe6fbb6aa57f9dfae543f74f10b55d5a92b56 \
-    --hash=sha256:a9bd82bac3673a0848fa09512ae61059943462ce824944faaeadc727068d9e19 \
-    --hash=sha256:b0b5a3be0b76f2802f8f16c40d33f74ff68c0bca8860bd4b5252395181077534 \
-    --hash=sha256:b676300ff04629c07c02687e5dc017fb7d1edf38a5dc1ab2ec28078a71195ce6 \
-    --hash=sha256:b79662ab458c910c9785abacb8315d6f46487659d44398bd894f577bb6b9d04e \
-    --hash=sha256:b8d68eb075d2eb48e864d9c031b0117900e25a3c1c7ab8ce4f80c25b6ae7f346 \
-    --hash=sha256:bba56ccec5b980c9da003ac7449c0cbe8045e4e046d4ce51273a47d3a9b84b1a \
-    --hash=sha256:bc6fb79ef6f93dd497fd2b85be032636bb955a762c42f52ed65fefe32525fc2b \
-    --hash=sha256:bcd059584161491a2848e55ec73c28f17d8e89faec9ad860afa05246a6ee695f \
-    --hash=sha256:bee28a3cc0abae18a46119ff1cde0db991f5ebe235d24c95bbaa672a63b5d695 \
-    --hash=sha256:c552ef80fe8c29d647c86ab49b8f66aa7626e7de9009e4005bd2120698667fa2 \
-    --hash=sha256:c71d6b44ffdd9a03e246a35c8a2b2454eb2a319fcfe5736ff62660259f9f4683 \
-    --hash=sha256:ca9e5388c88f907c9ef1cf588947ea00a1c60f3462fe1f213b591bbd27ceb8c1 \
-    --hash=sha256:ce0f76ea3d47d206913db8f7933076191be4d8871019095a4880885531586ab5 \
-    --hash=sha256:d399545833ff3f25f8f6d9b559be5878987f3e34cfc4fe79cefc1d33fd3da852 \
-    --hash=sha256:d55795968751e1a8ddd2172c1d03d0107b9dd20445dbcd23dc9e0a80d95a0c5b \
-    --hash=sha256:ded64f663955f852d8965b40ab47718461df6d42d12719264b09a23d33b8d38f \
-    --hash=sha256:e51707471196d199f03aff1c5e12860d12a44e7bf29302e7bb485074f8e62ff0 \
-    --hash=sha256:e601ed6c9a44c5f86b392afef2f66711da07924825a4ff695eec9a3cfc905732 \
-    --hash=sha256:eb595be70d86d1497826f80e3e04b46001b2b94bccc099619daea693923a88b3 \
-    --hash=sha256:ec6eb4929bd231d7e5c0cf1154581be0a13b8d2b7aee2c30410066f363c765b9 \
-    --hash=sha256:f223e606b57eebfc81e95839cf22cbe5eaec0da9ecd42326cc46568e0029188c \
-    --hash=sha256:fdecbdad66b7738c711db33471d510c6279a01196920c43294d8071e51192807 \
-    --hash=sha256:ff0bc7dbb86d1a6877b771ed715dbe0ab071872e8c6f5beb782528b70ac7eedc
+cmarkgfm==2024.11.20 \
+    --hash=sha256:0451df5f02cccc4e76a369e23457cba20e60a99f734ddb126bc3c772018d22dc \
+    --hash=sha256:0635abbf989281b161a9b22fb510165f60d19e57992d39e24f4fb856e498212e \
+    --hash=sha256:067bf44b49c23c589eb60ce772f2582259d9818e86a5936b0cd89fd203ff3f21 \
+    --hash=sha256:0a5e72657a92957fde6d502952113632d946328362585529b7662697421baebc \
+    --hash=sha256:106aa08dd7b9e55ca481422f705e6067db98cf725e40f7154ad6ba56468a601c \
+    --hash=sha256:13ac2f8f62b22228fa16ed0a027d0af924a86e67f4e047bc59406f8494e7643c \
+    --hash=sha256:169f3bdc8c54ac5d9994b8f47817cf383a8ff960a2a7aa7527fdb180ec2317ce \
+    --hash=sha256:175ed1f9b76310821140f97c201da4384814cb38875374b83efcd7987651a9e4 \
+    --hash=sha256:1792cfb4e2f76237753436000cf4433296c869ecabbd714b3c6c27f5b72c49f3 \
+    --hash=sha256:191ee4ad8073a8a2c2e9d723c7046e0d7f87cca8686ca96f1e7d6e2735a9ebf8 \
+    --hash=sha256:19c5ddef9349c0965931ecabed30d3611dbd88beddefa91565283bd54aa0041c \
+    --hash=sha256:1c3d66866247eb72bd494db638ab8247f8452fa871ed6e254e5adfc0e2c15cd0 \
+    --hash=sha256:1cf12f8354c5120198c9a5171e546034de7e24a413118921e244b46036321caf \
+    --hash=sha256:1e27c7cbc727109d5af94262f29754ac87ae73e15da1ecefda953a3101ad899f \
+    --hash=sha256:207d77cc794a1b30ed00e763ee664abc2fe647b0a141067c0962b775bdbc56ce \
+    --hash=sha256:211fad7b509cb1247b6d20a6ec14b0777793b922254b2e28357528001be09f0b \
+    --hash=sha256:22205f2aa5f7eba8770f8881143b760c5c93904d775f6a8dbe6e30123800d27f \
+    --hash=sha256:258429ff6608bf8d7d7ad774f651c70ebb11efb9f9f024f55a6ce26249437d52 \
+    --hash=sha256:2826e9518134ee7d548e1944462cfedf7e7cdf86ffda906d1251c221fae43baf \
+    --hash=sha256:3354d5497820e18eccf0552224cb2cba2cb27ab378ed99371523e2726027c04c \
+    --hash=sha256:35e280f76a73a71c7e4a494b267137741fcd837667bf77a5b30e68b30ab2d3b1 \
+    --hash=sha256:3ad48791fdb16372423a43e82774121a5dd85af0ab0532d2c19f56bf46e73f18 \
+    --hash=sha256:3d9dea0e0a0e9ad436ab11430333b6fa294de0daa00ff675ddac5757a7c628ec \
+    --hash=sha256:4bc2c0ca1ba3c113f6bd178cfa10e62c257c2ed04d3ef684e2ee8b05342f51bc \
+    --hash=sha256:4d9073952e578255e27a1f6cb359071813bad301ec4d4f4b8233a9a23e5fa7ab \
+    --hash=sha256:4f987178288a598ddfa8c6fc19dbcc6eb796b7a211266ff4bd1e8cae436fbfd3 \
+    --hash=sha256:5d23226dc67534c6adf5739b7a5150fbcc2c5b9e0d48f8a0bdcfc5636980e19b \
+    --hash=sha256:5dd01cf61975a8a57213cdef5ed870e936032f13fe93d60ddf659ffb9cf73c6a \
+    --hash=sha256:5fbb3e12d0dbb9f508ea2217e9eef03caea0ce7a7460a9692ecfd85a675727ed \
+    --hash=sha256:61c699e399c7878f5eeef11e51c67d06eb8c4d09d0beb7675b1d6b393c1c5fb9 \
+    --hash=sha256:6d9e8ae37fe7568bf259dcbcb07b95ee3bc3f744bec87162a1391e806c15d9ae \
+    --hash=sha256:7766026926ed06552ddda4f3584b67fa5890dad3aa3a124e35356b33e2874cfd \
+    --hash=sha256:78edaff25d16dc6257d21397f257f43a7fcc8375585c6d51f46896dabacf9b6a \
+    --hash=sha256:7f314c53959f5ad57828d30b101cfe2f25b3b2e26e83ef5d67027309754daaf8 \
+    --hash=sha256:810d1b5157cb17d32660d4032970eb4a140265e2cc09004b97d314e59300e5aa \
+    --hash=sha256:8434aa7e4f12fb5cccf0846f29db5cbdb77f8a41c79cef14f67d4903b288618a \
+    --hash=sha256:90b3449bcbf8ab763ca693453ae29e85cf3bbd60b5580ea79e2ae056102b8cdd \
+    --hash=sha256:9347e1f06924bcf207d0b25cb91e51be7eccfa9e91f03528db2a27bfea364365 \
+    --hash=sha256:9488d4b1049c111300678ff874fde0ddf0f8aaf7ce532d39f942a250e39b56a5 \
+    --hash=sha256:9a846edb229fbb405aa728863723d02ffefd967f43f036fe0c698a67e0069b6f \
+    --hash=sha256:9d74c8bba226751161b7f163fb3e71ee82453759e016df934927ab44aac532eb \
+    --hash=sha256:9feb163ddb3d17ee0fc763961af9560487c5d3b158a1b74b00480cccf3631df7 \
+    --hash=sha256:a01e9d2b6621fba9c833f384d998e6afe0ad858b9e3e22dc71e2aa6caad1e9f3 \
+    --hash=sha256:ab2543f2d1070d2dbae37b7098ad3507bedc37f5252883ea879f884dbb7b7610 \
+    --hash=sha256:b06c24c2ea5a33eb63b8beeae04869b45ffd015fbd609b4266f11c015f2a7a38 \
+    --hash=sha256:b1cbe16aa6c6831f5837829f272c68e6550566699f2d1305c9d3469dd4867851 \
+    --hash=sha256:b81b1585d6386829a6dd2d972554eb35e38184bd5fa672a18ddb796ab6a977de \
+    --hash=sha256:bc07268f5b42ac37b36a8091ddc7b6a7a88c436718d7ac88f5ea0785f2bdc1ec \
+    --hash=sha256:bd613fb86c9beb4da614701421931bd534d203006d78dd4537918ade96028e60 \
+    --hash=sha256:c0eb231d0fa3190ec807f577d60a5bea256fd17968c61c4379c4c1acfd6f61df \
+    --hash=sha256:c1371b5a58139e54fc04db84cafed3b80731e2f89de9dee699f5f24c7691857d \
+    --hash=sha256:c937e632ff969c7a53e5dd1390d9e12d86be627deb93e292e249a9289237301d \
+    --hash=sha256:ccec2ae525e4435601e75be9d184d4df153bf5b7fc2605a0e1ac256f5c600b5b \
+    --hash=sha256:d3eee488ee1bd0ce251d8d5cb853d68234035b2839600319694ca85e585791f0 \
+    --hash=sha256:d58e4a83bc813585f251e3151f55e09915c3c1728da87b47defa0e8c84c85a7c \
+    --hash=sha256:d71ac6281034e0f9babe1e4aa370e1249ce8f253ad85ff60daadea8ef5da4b00 \
+    --hash=sha256:dc2247e96d7f946b25a03a5ee030b2c32fb3ef06d4194dddb6374b8ec7c4489a \
+    --hash=sha256:dd414cffe2f57ce652cfb1510637760cc761194518b0a712ceceb929a1a512d4 \
+    --hash=sha256:e134ef56690a2ea9d24947d12fa6f96bdab4288d481af704e845c4fd3de845b8 \
+    --hash=sha256:e3ae9dfebf1a9f39bbd3ae7c6150133f603601138b753497ec2deb5ff96c2cb6 \
+    --hash=sha256:e4b79ba349fb18bf0e6e07b388658591e5aea0aca0d68eeac68c9a43ab1a511d \
+    --hash=sha256:eab503e922bd2959c7e6148c69478dd44894201358370876028dd24aea776e24 \
+    --hash=sha256:f37cb4aed1595620166ef35146fc062e60208324e2787f6b72d65e6c814525d6 \
+    --hash=sha256:fc74387e90d518156d493b52af63faab2d95710e5f582df8dd50952cbf601194 \
+    --hash=sha256:ffbb3847e4d71de84e23abd30ff23fb3ce81f9096eb7bdc6569499c8b7a098b8
     # via readme-renderer
 cryptography==43.0.3 \
     --hash=sha256:0c580952eef9bf68c4747774cde7ec1d85a6e61de97281f2dba83c7d2c806362 \
@@ -520,9 +514,9 @@ deprecated==1.2.15 \
     --hash=sha256:353bc4a8ac4bfc96800ddab349d89c25dec1079f65fd53acdcc1e0b975b21320 \
     --hash=sha256:683e561a90de76239796e6b6feac66b99030d2dd3fcf61ef996330f14bbb9b0d
     # via limits
-disposable-email-domains==0.0.108 \
-    --hash=sha256:4427cb11962dbfc5bb5afddbb6381fb7072eb7abf941bae4c37e414b544ae3c3 \
-    --hash=sha256:57a3ae6cfb03ef29f93c6aa069137f57b60cbcb8295d9f82b0158e357b32c799
+disposable-email-domains==0.0.110 \
+    --hash=sha256:bf0edb8dcd9f150a836a141362cc9b37e1c54f075ea82cc5b2c9f58b12eb14d7 \
+    --hash=sha256:c67df03fdc8cab867c74b578def8b2ae725276165a231f5fd2b28b1df0b9c5b9
     # via -r requirements/main.in
 dnspython==2.7.0 \
     --hash=sha256:b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86 \
@@ -703,68 +697,68 @@ greenlet==3.1.1 \
     --hash=sha256:f406b22b7c9a9b4f8aa9d2ab13d6ae0ac3e85c9a809bd590ad53fed2bf70dc79 \
     --hash=sha256:f6ff3b14f2df4c41660a7dec01045a045653998784bf8cfcb5a525bdffffbc8f
     # via sqlalchemy
-grpcio==1.68.0 \
-    --hash=sha256:0d230852ba97654453d290e98d6aa61cb48fa5fafb474fb4c4298d8721809354 \
-    --hash=sha256:0efbbd849867e0e569af09e165363ade75cf84f5229b2698d53cf22c7a4f9e21 \
-    --hash=sha256:14331e5c27ed3545360464a139ed279aa09db088f6e9502e95ad4bfa852bb116 \
-    --hash=sha256:15327ab81131ef9b94cb9f45b5bd98803a179c7c61205c8c0ac9aff9d6c4e82a \
-    --hash=sha256:15377bce516b1c861c35e18eaa1c280692bf563264836cece693c0f169b48829 \
-    --hash=sha256:15fa1fe25d365a13bc6d52fcac0e3ee1f9baebdde2c9b3b2425f8a4979fccea1 \
-    --hash=sha256:18668e36e7f4045820f069997834e94e8275910b1f03e078a6020bd464cb2363 \
-    --hash=sha256:2af76ab7c427aaa26aa9187c3e3c42f38d3771f91a20f99657d992afada2294a \
-    --hash=sha256:2bddd04a790b69f7a7385f6a112f46ea0b34c4746f361ebafe9ca0be567c78e9 \
-    --hash=sha256:32a9cb4686eb2e89d97022ecb9e1606d132f85c444354c17a7dbde4a455e4a3b \
-    --hash=sha256:3ac7f10850fd0487fcce169c3c55509101c3bde2a3b454869639df2176b60a03 \
-    --hash=sha256:3b2b559beb2d433129441783e5f42e3be40a9e1a89ec906efabf26591c5cd415 \
-    --hash=sha256:4028b8e9a3bff6f377698587d642e24bd221810c06579a18420a17688e421af7 \
-    --hash=sha256:44bcbebb24363d587472089b89e2ea0ab2e2b4df0e4856ba4c0b087c82412121 \
-    --hash=sha256:46a2d74d4dd8993151c6cd585594c082abe74112c8e4175ddda4106f2ceb022f \
-    --hash=sha256:4df81d78fd1646bf94ced4fb4cd0a7fe2e91608089c522ef17bc7db26e64effd \
-    --hash=sha256:4e300e6978df0b65cc2d100c54e097c10dfc7018b9bd890bbbf08022d47f766d \
-    --hash=sha256:4f1931c7aa85be0fa6cea6af388e576f3bf6baee9e5d481c586980c774debcb4 \
-    --hash=sha256:50992f214264e207e07222703c17d9cfdcc2c46ed5a1ea86843d440148ebbe10 \
-    --hash=sha256:55d3b52fd41ec5772a953612db4e70ae741a6d6ed640c4c89a64f017a1ac02b5 \
-    --hash=sha256:5a180328e92b9a0050958ced34dddcb86fec5a8b332f5a229e353dafc16cd332 \
-    --hash=sha256:619b5d0f29f4f5351440e9343224c3e19912c21aeda44e0c49d0d147a8d01544 \
-    --hash=sha256:6b2f98165ea2790ea159393a2246b56f580d24d7da0d0342c18a085299c40a75 \
-    --hash=sha256:6f9c7ad1a23e1047f827385f4713b5b8c6c7d325705be1dd3e31fb00dcb2f665 \
-    --hash=sha256:79f81b7fbfb136247b70465bd836fa1733043fdee539cd6031cb499e9608a110 \
-    --hash=sha256:7e0a3e72c0e9a1acab77bef14a73a416630b7fd2cbd893c0a873edc47c42c8cd \
-    --hash=sha256:7e7483d39b4a4fddb9906671e9ea21aaad4f031cdfc349fec76bdfa1e404543a \
-    --hash=sha256:88fb2925789cfe6daa20900260ef0a1d0a61283dfb2d2fffe6194396a354c618 \
-    --hash=sha256:8af6137cc4ae8e421690d276e7627cfc726d4293f6607acf9ea7260bd8fc3d7d \
-    --hash=sha256:8b0ff09c81e3aded7a183bc6473639b46b6caa9c1901d6f5e2cba24b95e59e30 \
-    --hash=sha256:8c73f9fbbaee1a132487e31585aa83987ddf626426d703ebcb9a528cf231c9b1 \
-    --hash=sha256:99f06232b5c9138593ae6f2e355054318717d32a9c09cdc5a2885540835067a1 \
-    --hash=sha256:9fe1b141cda52f2ca73e17d2d3c6a9f3f3a0c255c216b50ce616e9dca7e3441d \
-    --hash=sha256:a17278d977746472698460c63abf333e1d806bd41f2224f90dbe9460101c9796 \
-    --hash=sha256:a59f5822f9459bed098ffbceb2713abbf7c6fd13f2b9243461da5c338d0cd6c3 \
-    --hash=sha256:a6213d2f7a22c3c30a479fb5e249b6b7e648e17f364598ff64d08a5136fe488b \
-    --hash=sha256:a831dcc343440969aaa812004685ed322cdb526cd197112d0db303b0da1e8659 \
-    --hash=sha256:afbf45a62ba85a720491bfe9b2642f8761ff348006f5ef67e4622621f116b04a \
-    --hash=sha256:b0cf343c6f4f6aa44863e13ec9ddfe299e0be68f87d68e777328bff785897b05 \
-    --hash=sha256:c03d89df516128febc5a7e760d675b478ba25802447624edf7aa13b1e7b11e2a \
-    --hash=sha256:c1245651f3c9ea92a2db4f95d37b7597db6b246d5892bca6ee8c0e90d76fb73c \
-    --hash=sha256:cc5f0a4f5904b8c25729a0498886b797feb817d1fd3812554ffa39551112c161 \
-    --hash=sha256:dba037ff8d284c8e7ea9a510c8ae0f5b016004f13c3648f72411c464b67ff2fb \
-    --hash=sha256:def1a60a111d24376e4b753db39705adbe9483ef4ca4761f825639d884d5da78 \
-    --hash=sha256:e0d2f68eaa0a755edd9a47d40e50dba6df2bceda66960dee1218da81a2834d27 \
-    --hash=sha256:e0d30f3fee9372796f54d3100b31ee70972eaadcc87314be369360248a3dcffe \
-    --hash=sha256:e18589e747c1e70b60fab6767ff99b2d0c359ea1db8a2cb524477f93cdbedf5b \
-    --hash=sha256:e1e7ed311afb351ff0d0e583a66fcb39675be112d61e7cfd6c8269884a98afbc \
-    --hash=sha256:e46541de8425a4d6829ac6c5d9b16c03c292105fe9ebf78cb1c31e8d242f9155 \
-    --hash=sha256:e694b5928b7b33ca2d3b4d5f9bf8b5888906f181daff6b406f4938f3a997a490 \
-    --hash=sha256:f60fa2adf281fd73ae3a50677572521edca34ba373a45b457b5ebe87c2d01e1d \
-    --hash=sha256:f84890b205692ea813653ece4ac9afa2139eae136e419231b0eec7c39fdbe4c2 \
-    --hash=sha256:f8f695d9576ce836eab27ba7401c60acaf9ef6cf2f70dfe5462055ba3df02cc3 \
-    --hash=sha256:fc05759ffbd7875e0ff2bd877be1438dfe97c9312bbc558c8284a9afa1d0f40e \
-    --hash=sha256:fd2c2d47969daa0e27eadaf15c13b5e92605c5e5953d23c06d0b5239a2f176d3
+grpcio==1.68.1 \
+    --hash=sha256:025f790c056815b3bf53da850dd70ebb849fd755a4b1ac822cb65cd631e37d43 \
+    --hash=sha256:04cfd68bf4f38f5bb959ee2361a7546916bd9a50f78617a346b3aeb2b42e2161 \
+    --hash=sha256:0feb02205a27caca128627bd1df4ee7212db051019a9afa76f4bb6a1a80ca95e \
+    --hash=sha256:1098f03dedc3b9810810568060dea4ac0822b4062f537b0f53aa015269be0a76 \
+    --hash=sha256:12941d533f3cd45d46f202e3667be8ebf6bcb3573629c7ec12c3e211d99cfccf \
+    --hash=sha256:255b1635b0ed81e9f91da4fcc8d43b7ea5520090b9a9ad9340d147066d1d3613 \
+    --hash=sha256:298ee7f80e26f9483f0b6f94cc0a046caf54400a11b644713bb5b3d8eb387600 \
+    --hash=sha256:2c4cec6177bf325eb6faa6bd834d2ff6aa8bb3b29012cceb4937b86f8b74323c \
+    --hash=sha256:2cc1fd04af8399971bcd4f43bd98c22d01029ea2e56e69c34daf2bf8470e47f5 \
+    --hash=sha256:334ab917792904245a028f10e803fcd5b6f36a7b2173a820c0b5b076555825e1 \
+    --hash=sha256:3522c77d7e6606d6665ec8d50e867f13f946a4e00c7df46768f1c85089eae515 \
+    --hash=sha256:37ea3be171f3cf3e7b7e412a98b77685eba9d4fd67421f4a34686a63a65d99f9 \
+    --hash=sha256:390eee4225a661c5cd133c09f5da1ee3c84498dc265fd292a6912b65c421c78c \
+    --hash=sha256:3aed6544e4d523cd6b3119b0916cef3d15ef2da51e088211e4d1eb91a6c7f4f1 \
+    --hash=sha256:3ceb56c4285754e33bb3c2fa777d055e96e6932351a3082ce3559be47f8024f0 \
+    --hash=sha256:44a8502dd5de653ae6a73e2de50a401d84184f0331d0ac3daeb044e66d5c5054 \
+    --hash=sha256:4b177f5547f1b995826ef529d2eef89cca2f830dd8b2c99ffd5fde4da734ba73 \
+    --hash=sha256:4efac5481c696d5cb124ff1c119a78bddbfdd13fc499e3bc0ca81e95fc573684 \
+    --hash=sha256:52fbf85aa71263380d330f4fce9f013c0798242e31ede05fcee7fbe40ccfc20d \
+    --hash=sha256:55857c71641064f01ff0541a1776bfe04a59db5558e82897d35a7793e525774c \
+    --hash=sha256:66a24f3d45c33550703f0abb8b656515b0ab777970fa275693a2f6dc8e35f1c1 \
+    --hash=sha256:6ab2d912ca39c51f46baf2a0d92aa265aa96b2443266fc50d234fa88bf877d8e \
+    --hash=sha256:77d65165fc35cff6e954e7fd4229e05ec76102d4406d4576528d3a3635fc6172 \
+    --hash=sha256:7dfc914cc31c906297b30463dde0b9be48e36939575eaf2a0a22a8096e69afe5 \
+    --hash=sha256:7f20ebec257af55694d8f993e162ddf0d36bd82d4e57f74b31c67b3c6d63d8b2 \
+    --hash=sha256:80af6f1e69c5e68a2be529990684abdd31ed6622e988bf18850075c81bb1ad6e \
+    --hash=sha256:83bbf5807dc3ee94ce1de2dfe8a356e1d74101e4b9d7aa8c720cc4818a34aded \
+    --hash=sha256:8720c25cd9ac25dd04ee02b69256d0ce35bf8a0f29e20577427355272230965a \
+    --hash=sha256:8829924fffb25386995a31998ccbbeaa7367223e647e0122043dfc485a87c666 \
+    --hash=sha256:8a3869a6661ec8f81d93f4597da50336718bde9eb13267a699ac7e0a1d6d0bea \
+    --hash=sha256:8cb620037a2fd9eeee97b4531880e439ebfcd6d7d78f2e7dcc3726428ab5ef63 \
+    --hash=sha256:919d7f18f63bcad3a0f81146188e90274fde800a94e35d42ffe9eadf6a9a6330 \
+    --hash=sha256:95c87ce2a97434dffe7327a4071839ab8e8bffd0054cc74cbe971fba98aedd60 \
+    --hash=sha256:963cc8d7d79b12c56008aabd8b457f400952dbea8997dd185f155e2f228db079 \
+    --hash=sha256:96f473cdacfdd506008a5d7579c9f6a7ff245a9ade92c3c0265eb76cc591914f \
+    --hash=sha256:9d1fae6bbf0816415b81db1e82fb3bf56f7857273c84dcbe68cbe046e58e1ccd \
+    --hash=sha256:a0c8ddabef9c8f41617f213e527254c41e8b96ea9d387c632af878d05db9229c \
+    --hash=sha256:a1b988b40f2fd9de5c820f3a701a43339d8dcf2cb2f1ca137e2c02671cc83ac1 \
+    --hash=sha256:a47faedc9ea2e7a3b6569795c040aae5895a19dde0c728a48d3c5d7995fda385 \
+    --hash=sha256:a8040f85dcb9830d8bbb033ae66d272614cec6faceee88d37a88a9bd1a7a704e \
+    --hash=sha256:b33bd114fa5a83f03ec6b7b262ef9f5cac549d4126f1dc702078767b10c46ed9 \
+    --hash=sha256:c08079b4934b0bf0a8847f42c197b1d12cba6495a3d43febd7e99ecd1cdc8d54 \
+    --hash=sha256:c28848761a6520c5c6071d2904a18d339a796ebe6b800adc8b3f474c5ce3c3ad \
+    --hash=sha256:cb400138e73969eb5e0535d1d06cae6a6f7a15f2cc74add320e2130b8179211a \
+    --hash=sha256:cbb5780e2e740b6b4f2d208e90453591036ff80c02cc605fea1af8e6fc6b1bbe \
+    --hash=sha256:ccf2ebd2de2d6661e2520dae293298a3803a98ebfc099275f113ce1f6c2a80f1 \
+    --hash=sha256:d35740e3f45f60f3c37b1e6f2f4702c23867b9ce21c6410254c9c682237da68d \
+    --hash=sha256:d99abcd61760ebb34bdff37e5a3ba333c5cc09feda8c1ad42547bea0416ada78 \
+    --hash=sha256:ddda1aa22495d8acd9dfbafff2866438d12faec4d024ebc2e656784d96328ad0 \
+    --hash=sha256:dffd29a2961f3263a16d73945b57cd44a8fd0b235740cb14056f0612329b345e \
+    --hash=sha256:e4842e4872ae4ae0f5497bf60a0498fa778c192cc7a9e87877abd2814aca9475 \
+    --hash=sha256:e8dbe3e00771bfe3d04feed8210fc6617006d06d9a2679b74605b9fed3e8362c \
+    --hash=sha256:ee2e743e51cb964b4975de572aa8fb95b633f496f9fcb5e257893df3be854746 \
+    --hash=sha256:eeb38ff04ab6e5756a2aef6ad8d94e89bb4a51ef96e20f45c44ba190fa0bcaad \
+    --hash=sha256:f8261fa2a5f679abeb2a0a93ad056d765cdca1c47745eda3f2d87f874ff4b8c9
     # via
     #   google-api-core
     #   grpcio-status
-grpcio-status==1.68.0 \
-    --hash=sha256:0a71b15d989f02df803b4ba85c5bf1f43aeaa58ac021e5f9974b8cadc41f784d \
-    --hash=sha256:8369823de22ab6a2cddb3804669c149ae7a71819e127c2dca7c2322028d52bea
+grpcio-status==1.68.1 \
+    --hash=sha256:66f3d8847f665acfd56221333d66f7ad8927903d87242a482996bdb45e8d28fd \
+    --hash=sha256:e1378d036c81a1610d7b4c7a146cd663dd13fcc915cf4d7d053929dba5bbb6e1
     # via google-api-core
 grpclib==0.4.7 \
     --hash=sha256:2988ef57c02b22b7a2e8e961792c41ccf97efc2ace91ae7a5b0de03c363823c3
@@ -900,10 +894,6 @@ idna==3.10 \
     #   email-validator
     #   requests
     #   tldextract
-importlib-resources==6.4.5 \
-    --hash=sha256:980862a1d16c9e147a59603677fa2aa5fd82b87f223b6cb870695bcfce830065 \
-    --hash=sha256:ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717
-    # via limits
 isodate==0.7.2 \
     --hash=sha256:28009937d8031054830160fce6d409ed342816b543597cece116d966c6d99e15 \
     --hash=sha256:4cd1aa0f43ca76f4a6c6c0292a85f40b35ec2e43e315b59f06e6d32171a953e6
@@ -988,9 +978,9 @@ lazy-object-proxy==1.10.0 \
     --hash=sha256:edb45bb8278574710e68a6b021599a10ce730d156e5b254941754a9cc0b17d03 \
     --hash=sha256:fec03caabbc6b59ea4a638bee5fce7117be8e99a4103d9d5ad77f15d6f81020c
     # via openapi-spec-validator
-limits==3.13.0 \
-    --hash=sha256:6571b0c567bfa175a35fed9f8a954c0c92f1c3200804282f1b8f1de4ad98a953 \
-    --hash=sha256:9767f7233da4255e9904b79908a728e8ec0984c0b086058b4cbbd309aea553f6
+limits==3.14.1 \
+    --hash=sha256:051aca02da56e6932599a25cb8e70543959294f5d587d57bcd7e38df234e697b \
+    --hash=sha256:cad16a9b3cf3924e27da48e78bdab33ef312ecb7194fdb50e509cc8111c8d0bb
     # via -r requirements/main.in
 linehaul==1.0.2 \
     --hash=sha256:4545fee3b54df22c697d204da8668e8fd975afcb28cbb5654865e43491c70ff0 \
@@ -1393,23 +1383,31 @@ natsort==8.4.0 \
     --hash=sha256:45312c4a0e5507593da193dedd04abb1469253b601ecaf63445ad80f0a1ea581 \
     --hash=sha256:4732914fb471f56b5cce04d7bae6f164a592c7712e1c85f9ef585e197299521c
     # via -r requirements/main.in
-nh3==0.2.18 \
-    --hash=sha256:0411beb0589eacb6734f28d5497ca2ed379eafab8ad8c84b31bb5c34072b7164 \
-    --hash=sha256:14c5a72e9fe82aea5fe3072116ad4661af5cf8e8ff8fc5ad3450f123e4925e86 \
-    --hash=sha256:19aaba96e0f795bd0a6c56291495ff59364f4300d4a39b29a0abc9cb3774a84b \
-    --hash=sha256:34c03fa78e328c691f982b7c03d4423bdfd7da69cd707fe572f544cf74ac23ad \
-    --hash=sha256:36c95d4b70530b320b365659bb5034341316e6a9b30f0b25fa9c9eff4c27a204 \
-    --hash=sha256:3a157ab149e591bb638a55c8c6bcb8cdb559c8b12c13a8affaba6cedfe51713a \
-    --hash=sha256:42c64511469005058cd17cc1537578eac40ae9f7200bedcfd1fc1a05f4f8c200 \
-    --hash=sha256:5f36b271dae35c465ef5e9090e1fdaba4a60a56f0bb0ba03e0932a66f28b9189 \
-    --hash=sha256:6955369e4d9f48f41e3f238a9e60f9410645db7e07435e62c6a9ea6135a4907f \
-    --hash=sha256:7b7c2a3c9eb1a827d42539aa64091640bd275b81e097cd1d8d82ef91ffa2e811 \
-    --hash=sha256:8ce0f819d2f1933953fca255db2471ad58184a60508f03e6285e5114b6254844 \
-    --hash=sha256:94a166927e53972a9698af9542ace4e38b9de50c34352b962f4d9a7d4c927af4 \
-    --hash=sha256:a7f1b5b2c15866f2db413a3649a8fe4fd7b428ae58be2c0f6bca5eefd53ca2be \
-    --hash=sha256:c8b3a1cebcba9b3669ed1a84cc65bf005728d2f0bc1ed2a6594a992e817f3a50 \
-    --hash=sha256:de3ceed6e661954871d6cd78b410213bdcb136f79aafe22aa7182e028b8c7307 \
-    --hash=sha256:f0eca9ca8628dbb4e916ae2491d72957fdd35f7a5d326b7032a345f111ac07fe
+nh3==0.2.19 \
+    --hash=sha256:00810cd5275f5c3f44b9eb0e521d1a841ee2f8023622de39ffc7d88bd533d8e0 \
+    --hash=sha256:0b6820fc64f2ff7ef3e7253a093c946a87865c877b3889149a6d21d322ed8dbd \
+    --hash=sha256:11270b16c1b012677e3e2dd166c1aa273388776bf99a3e3677179db5097ee16a \
+    --hash=sha256:2b926f179eb4bce72b651bfdf76f8aa05d167b2b72bc2f3657fd319f40232adc \
+    --hash=sha256:2eb021804e9df1761abeb844bb86648d77aa118a663c82f50ea04110d87ed707 \
+    --hash=sha256:3805161c4e12088bd74752ba69630e915bc30fe666034f47217a2f16b16efc37 \
+    --hash=sha256:5d4f5e2189861b352b73acb803b5f4bb409c2f36275d22717e27d4e0c217ae55 \
+    --hash=sha256:75c7cafb840f24430b009f7368945cb5ca88b2b54bb384ebfba495f16bc9c121 \
+    --hash=sha256:790056b54c068ff8dceb443eaefb696b84beff58cca6c07afd754d17692a4804 \
+    --hash=sha256:7e98621856b0a911c21faa5eef8f8ea3e691526c2433f9afc2be713cb6fbdb48 \
+    --hash=sha256:833b3b5f1783ce95834a13030300cea00cbdfd64ea29260d01af9c4821da0aa9 \
+    --hash=sha256:a7b928862daddb29805a1010a0282f77f4b8b238a37b5f76bc6c0d16d930fd22 \
+    --hash=sha256:ac536a4b5c073fdadd8f5f4889adabe1cbdae55305366fb870723c96ca7f49c3 \
+    --hash=sha256:b8eb7affc590e542fa7981ef508cd1644f62176bcd10d4429890fc629b47f0bc \
+    --hash=sha256:c2e3f0d18cc101132fe10ab7ef5c4f41411297e639e23b64b5e888ccaad63f41 \
+    --hash=sha256:d0adf00e2b2026fa10a42537b60d161e516f206781c7515e4e97e09f72a8c5d0 \
+    --hash=sha256:d53a4577b6123ca1d7e8483fad3e13cb7eda28913d516bd0a648c1a473aa21a9 \
+    --hash=sha256:d8325d51e47cb5b11f649d55e626d56c76041ba508cd59e0cb1cf687cc7612f1 \
+    --hash=sha256:df8eac98fec80bd6f5fd0ae27a65de14f1e1a65a76d8e2237eb695f9cd1121d9 \
+    --hash=sha256:e3dedd7858a21312f7675841529941035a2ac91057db13402c8fe907aa19205a \
+    --hash=sha256:ec9c8bf86e397cb88c560361f60fdce478b5edb8b93f04ead419b72fbe937ea6 \
+    --hash=sha256:ed06ed78f6b69d57463b46a04f68f270605301e69d80756a8adf7519002de57d \
+    --hash=sha256:fc483dd8d20f8f8c010783a25a84db3bebeadced92d24d34b40d687f8043ac69 \
+    --hash=sha256:fdb20740d24ab9f2a1341458a00a11205294e97e905de060eeab1ceca020c09c
     # via
     #   -r requirements/main.in
     #   readme-renderer
@@ -1427,9 +1425,9 @@ openapi-spec-validator==0.7.1 \
     --hash=sha256:3c81825043f24ccbcd2f4b149b11e8231abce5ba84f37065e14ec947d8f4e959 \
     --hash=sha256:8577b85a8268685da6f8aa30990b83b7960d4d1117e901d451b5d572605e5ec7
     # via openapi-core
-opensearch-py==2.7.1 \
-    --hash=sha256:5417650eba98a1c7648e502207cebf3a12beab623ffe0ebbf55f9b1b4b6e44e9 \
-    --hash=sha256:67ab76e9373669bc71da417096df59827c08369ac3795d5438c9a8be21cbd759
+opensearch-py==2.8.0 \
+    --hash=sha256:52c60fdb5d4dcf6cce3ee746c13b194529b0161e0f41268b98ab8f1624abe2fa \
+    --hash=sha256:6598df0bc7a003294edd0ba88a331e0793acbb8c910c43edf398791e3b2eccda
     # via -r requirements/main.in
 orjson==3.10.12 \
     --hash=sha256:0000758ae7c7853e0a4a6063f534c61656ebff644391e1f81698c1b2d2fc8cd2 \
@@ -1578,18 +1576,18 @@ proto-plus==1.25.0 \
     --hash=sha256:c91fc4a65074ade8e458e95ef8bac34d4008daa7cce4a12d6707066fca648961 \
     --hash=sha256:fbb17f57f7bd05a68b7707e745e26528b0b3c34e378db91eef93912c54982d91
     # via google-api-core
-protobuf==5.28.3 \
-    --hash=sha256:0c4eec6f987338617072592b97943fdbe30d019c56126493111cf24344c1cc24 \
-    --hash=sha256:135658402f71bbd49500322c0f736145731b16fc79dc8f367ab544a17eab4535 \
-    --hash=sha256:27b246b3723692bf1068d5734ddaf2fccc2cdd6e0c9b47fe099244d80200593b \
-    --hash=sha256:3e6101d095dfd119513cde7259aa703d16c6bbdfae2554dfe5cfdbe94e32d548 \
-    --hash=sha256:3fa2de6b8b29d12c61911505d893afe7320ce7ccba4df913e2971461fa36d584 \
-    --hash=sha256:64badbc49180a5e401f373f9ce7ab1d18b63f7dd4a9cdc43c92b9f0b481cef7b \
-    --hash=sha256:70585a70fc2dd4818c51287ceef5bdba6387f88a578c86d47bb34669b5552c36 \
-    --hash=sha256:712319fbdddb46f21abb66cd33cb9e491a5763b2febd8f228251add221981135 \
-    --hash=sha256:91fba8f445723fcf400fdbe9ca796b19d3b1242cd873907979b9ed71e4afe868 \
-    --hash=sha256:a3f6857551e53ce35e60b403b8a27b0295f7d6eb63d10484f12bc6879c715687 \
-    --hash=sha256:cee1757663fa32a1ee673434fcf3bf24dd54763c79690201208bafec62f19eed
+protobuf==5.29.0 \
+    --hash=sha256:0cd67a1e5c2d88930aa767f702773b2d054e29957432d7c6a18f8be02a07719a \
+    --hash=sha256:0d10091d6d03537c3f902279fcf11e95372bdd36a79556311da0487455791b20 \
+    --hash=sha256:17d128eebbd5d8aee80300aed7a43a48a25170af3337f6f1333d1fac2c6839ac \
+    --hash=sha256:34a90cf30c908f47f40ebea7811f743d360e202b6f10d40c02529ebd84afc069 \
+    --hash=sha256:445a0c02483869ed8513a585d80020d012c6dc60075f96fa0563a724987b1001 \
+    --hash=sha256:6c3009e22717c6cc9e6594bb11ef9f15f669b19957ad4087214d69e08a213368 \
+    --hash=sha256:85286a47caf63b34fa92fdc1fd98b649a8895db595cfa746c5286eeae890a0b1 \
+    --hash=sha256:88c4af76a73183e21061881360240c0cdd3c39d263b4e8fb570aaf83348d608f \
+    --hash=sha256:c931c61d0cc143a2e756b1e7f8197a508de5365efd40f83c907a9febf36e6b43 \
+    --hash=sha256:e467f81fdd12ded9655cea3e9b83dc319d93b394ce810b556fb0f421d8613e86 \
+    --hash=sha256:ea7fb379b257911c8c020688d455e8f74efd2f734b72dc1ea4b4d7e9fd1326f2
     # via
     #   google-api-core
     #   googleapis-common-protos
@@ -1776,9 +1774,9 @@ pygments==2.18.0 \
     # via
     #   readme-renderer
     #   rich
-pyjwt[crypto]==2.10.0 \
-    --hash=sha256:543b77207db656de204372350926bed5a86201c4cbff159f623f79c7bb487a15 \
-    --hash=sha256:7628a7eb7938959ac1b26e819a1df0fd3259505627b575e4bad6d08f76db695c
+pyjwt[crypto]==2.10.1 \
+    --hash=sha256:3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953 \
+    --hash=sha256:dcdd193e30abefd5debf142f9adfcdd2b58004e644f25406ffaebd50bd98dacb
     # via
     #   -r requirements/main.in
     #   pyjwt
@@ -1799,9 +1797,9 @@ pynacl==1.5.0 \
     --hash=sha256:a422368fc821589c228f4c49438a368831cb5bbc0eab5ebe1d7fac9dded6567b \
     --hash=sha256:e46dae94e34b085175f8abb3b0aaa7da40767865ac82c928eeb9e57e1ea8a543
     # via pymacaroons
-pyopenssl==24.2.1 \
-    --hash=sha256:4247f0dbe3748d560dcbb2ff3ea01af0f9a1a001ef5f7c4c647956ed8cbf0e95 \
-    --hash=sha256:967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d
+pyopenssl==24.3.0 \
+    --hash=sha256:49f7a019577d834746bc55c5fce6ecbcec0f2b4ec5ce1cf43a9a173b8138bb36 \
+    --hash=sha256:e474f5a473cd7f92221cc04976e48f4d11502804657a08a989fb3be5514c904a
     # via
     #   sigstore
     #   webauthn
@@ -2001,97 +1999,108 @@ rich==13.9.4 \
     --hash=sha256:439594978a49a09530cff7ebc4b5c7103ef57baf48d5ea3184f21d9a2befa098 \
     --hash=sha256:6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
     # via sigstore
-rpds-py==0.21.0 \
-    --hash=sha256:031819f906bb146561af051c7cef4ba2003d28cff07efacef59da973ff7969ba \
-    --hash=sha256:0626238a43152918f9e72ede9a3b6ccc9e299adc8ade0d67c5e142d564c9a83d \
-    --hash=sha256:085ed25baac88953d4283e5b5bd094b155075bb40d07c29c4f073e10623f9f2e \
-    --hash=sha256:0a9e0759e7be10109645a9fddaaad0619d58c9bf30a3f248a2ea57a7c417173a \
-    --hash=sha256:0c025820b78817db6a76413fff6866790786c38f95ea3f3d3c93dbb73b632202 \
-    --hash=sha256:1ff2eba7f6c0cb523d7e9cff0903f2fe1feff8f0b2ceb6bd71c0e20a4dcee271 \
-    --hash=sha256:20cc1ed0bcc86d8e1a7e968cce15be45178fd16e2ff656a243145e0b439bd250 \
-    --hash=sha256:241e6c125568493f553c3d0fdbb38c74babf54b45cef86439d4cd97ff8feb34d \
-    --hash=sha256:2c51d99c30091f72a3c5d126fad26236c3f75716b8b5e5cf8effb18889ced928 \
-    --hash=sha256:2d6129137f43f7fa02d41542ffff4871d4aefa724a5fe38e2c31a4e0fd343fb0 \
-    --hash=sha256:30b912c965b2aa76ba5168fd610087bad7fcde47f0a8367ee8f1876086ee6d1d \
-    --hash=sha256:30bdc973f10d28e0337f71d202ff29345320f8bc49a31c90e6c257e1ccef4333 \
-    --hash=sha256:320c808df533695326610a1b6a0a6e98f033e49de55d7dc36a13c8a30cfa756e \
-    --hash=sha256:32eb88c30b6a4f0605508023b7141d043a79b14acb3b969aa0b4f99b25bc7d4a \
-    --hash=sha256:3b766a9f57663396e4f34f5140b3595b233a7b146e94777b97a8413a1da1be18 \
-    --hash=sha256:3b929c2bb6e29ab31f12a1117c39f7e6d6450419ab7464a4ea9b0b417174f044 \
-    --hash=sha256:3e30a69a706e8ea20444b98a49f386c17b26f860aa9245329bab0851ed100677 \
-    --hash=sha256:3e53861b29a13d5b70116ea4230b5f0f3547b2c222c5daa090eb7c9c82d7f664 \
-    --hash=sha256:40c91c6e34cf016fa8e6b59d75e3dbe354830777fcfd74c58b279dceb7975b75 \
-    --hash=sha256:4991ca61656e3160cdaca4851151fd3f4a92e9eba5c7a530ab030d6aee96ec89 \
-    --hash=sha256:4ab2c2a26d2f69cdf833174f4d9d86118edc781ad9a8fa13970b527bf8236027 \
-    --hash=sha256:4e8921a259f54bfbc755c5bbd60c82bb2339ae0324163f32868f63f0ebb873d9 \
-    --hash=sha256:4eb2de8a147ffe0626bfdc275fc6563aa7bf4b6db59cf0d44f0ccd6ca625a24e \
-    --hash=sha256:5145282a7cd2ac16ea0dc46b82167754d5e103a05614b724457cffe614f25bd8 \
-    --hash=sha256:520ed8b99b0bf86a176271f6fe23024323862ac674b1ce5b02a72bfeff3fff44 \
-    --hash=sha256:52c041802a6efa625ea18027a0723676a778869481d16803481ef6cc02ea8cb3 \
-    --hash=sha256:5555db3e618a77034954b9dc547eae94166391a98eb867905ec8fcbce1308d95 \
-    --hash=sha256:58a0e345be4b18e6b8501d3b0aa540dad90caeed814c515e5206bb2ec26736fd \
-    --hash=sha256:590ef88db231c9c1eece44dcfefd7515d8bf0d986d64d0caf06a81998a9e8cab \
-    --hash=sha256:5afb5efde74c54724e1a01118c6e5c15e54e642c42a1ba588ab1f03544ac8c7a \
-    --hash=sha256:688c93b77e468d72579351a84b95f976bd7b3e84aa6686be6497045ba84be560 \
-    --hash=sha256:6b4ef7725386dc0762857097f6b7266a6cdd62bfd209664da6712cb26acef035 \
-    --hash=sha256:6bc0e697d4d79ab1aacbf20ee5f0df80359ecf55db33ff41481cf3e24f206919 \
-    --hash=sha256:6dcc4949be728ede49e6244eabd04064336012b37f5c2200e8ec8eb2988b209c \
-    --hash=sha256:6f54e7106f0001244a5f4cf810ba8d3f9c542e2730821b16e969d6887b664266 \
-    --hash=sha256:808f1ac7cf3b44f81c9475475ceb221f982ef548e44e024ad5f9e7060649540e \
-    --hash=sha256:8404b3717da03cbf773a1d275d01fec84ea007754ed380f63dfc24fb76ce4592 \
-    --hash=sha256:878f6fea96621fda5303a2867887686d7a198d9e0f8a40be100a63f5d60c88c9 \
-    --hash=sha256:8a7ff941004d74d55a47f916afc38494bd1cfd4b53c482b77c03147c91ac0ac3 \
-    --hash=sha256:95a5bad1ac8a5c77b4e658671642e4af3707f095d2b78a1fdd08af0dfb647624 \
-    --hash=sha256:97ef67d9bbc3e15584c2f3c74bcf064af36336c10d2e21a2131e123ce0f924c9 \
-    --hash=sha256:98486337f7b4f3c324ab402e83453e25bb844f44418c066623db88e4c56b7c7b \
-    --hash=sha256:98e4fe5db40db87ce1c65031463a760ec7906ab230ad2249b4572c2fc3ef1f9f \
-    --hash=sha256:998a8080c4495e4f72132f3d66ff91f5997d799e86cec6ee05342f8f3cda7dca \
-    --hash=sha256:9afe42102b40007f588666bc7de82451e10c6788f6f70984629db193849dced1 \
-    --hash=sha256:9e20da3957bdf7824afdd4b6eeb29510e83e026473e04952dca565170cd1ecc8 \
-    --hash=sha256:a017f813f24b9df929674d0332a374d40d7f0162b326562daae8066b502d0590 \
-    --hash=sha256:a429b99337062877d7875e4ff1a51fe788424d522bd64a8c0a20ef3021fdb6ed \
-    --hash=sha256:a58ce66847711c4aa2ecfcfaff04cb0327f907fead8945ffc47d9407f41ff952 \
-    --hash=sha256:a78d8b634c9df7f8d175451cfeac3810a702ccb85f98ec95797fa98b942cea11 \
-    --hash=sha256:a89a8ce9e4e75aeb7fa5d8ad0f3fecdee813802592f4f46a15754dcb2fd6b061 \
-    --hash=sha256:a8eeec67590e94189f434c6d11c426892e396ae59e4801d17a93ac96b8c02a6c \
-    --hash=sha256:aaeb25ccfb9b9014a10eaf70904ebf3f79faaa8e60e99e19eef9f478651b9b74 \
-    --hash=sha256:ad116dda078d0bc4886cb7840e19811562acdc7a8e296ea6ec37e70326c1b41c \
-    --hash=sha256:af04ac89c738e0f0f1b913918024c3eab6e3ace989518ea838807177d38a2e94 \
-    --hash=sha256:af4a644bf890f56e41e74be7d34e9511e4954894d544ec6b8efe1e21a1a8da6c \
-    --hash=sha256:b21747f79f360e790525e6f6438c7569ddbfb1b3197b9e65043f25c3c9b489d8 \
-    --hash=sha256:b229ce052ddf1a01c67d68166c19cb004fb3612424921b81c46e7ea7ccf7c3bf \
-    --hash=sha256:b4de1da871b5c0fd5537b26a6fc6814c3cc05cabe0c941db6e9044ffbb12f04a \
-    --hash=sha256:b80b4690bbff51a034bfde9c9f6bf9357f0a8c61f548942b80f7b66356508bf5 \
-    --hash=sha256:b876f2bc27ab5954e2fd88890c071bd0ed18b9c50f6ec3de3c50a5ece612f7a6 \
-    --hash=sha256:b8f107395f2f1d151181880b69a2869c69e87ec079c49c0016ab96860b6acbe5 \
-    --hash=sha256:b9b76e2afd585803c53c5b29e992ecd183f68285b62fe2668383a18e74abe7a3 \
-    --hash=sha256:c2b2f71c6ad6c2e4fc9ed9401080badd1469fa9889657ec3abea42a3d6b2e1ed \
-    --hash=sha256:c3761f62fcfccf0864cc4665b6e7c3f0c626f0380b41b8bd1ce322103fa3ef87 \
-    --hash=sha256:c38dbf31c57032667dd5a2f0568ccde66e868e8f78d5a0d27dcc56d70f3fcd3b \
-    --hash=sha256:ca9989d5d9b1b300bc18e1801c67b9f6d2c66b8fd9621b36072ed1df2c977f72 \
-    --hash=sha256:cbd7504a10b0955ea287114f003b7ad62330c9e65ba012c6223dba646f6ffd05 \
-    --hash=sha256:d167e4dbbdac48bd58893c7e446684ad5d425b407f9336e04ab52e8b9194e2ed \
-    --hash=sha256:d2132377f9deef0c4db89e65e8bb28644ff75a18df5293e132a8d67748397b9f \
-    --hash=sha256:da52d62a96e61c1c444f3998c434e8b263c384f6d68aca8274d2e08d1906325c \
-    --hash=sha256:daa8efac2a1273eed2354397a51216ae1e198ecbce9036fba4e7610b308b6153 \
-    --hash=sha256:dc5695c321e518d9f03b7ea6abb5ea3af4567766f9852ad1560f501b17588c7b \
-    --hash=sha256:de552f4a1916e520f2703ec474d2b4d3f86d41f353e7680b597512ffe7eac5d0 \
-    --hash=sha256:de609a6f1b682f70bb7163da745ee815d8f230d97276db049ab447767466a09d \
-    --hash=sha256:e12bb09678f38b7597b8346983d2323a6482dcd59e423d9448108c1be37cac9d \
-    --hash=sha256:e168afe6bf6ab7ab46c8c375606298784ecbe3ba31c0980b7dcbb9631dcba97e \
-    --hash=sha256:e78868e98f34f34a88e23ee9ccaeeec460e4eaf6db16d51d7a9b883e5e785a5e \
-    --hash=sha256:e860f065cc4ea6f256d6f411aba4b1251255366e48e972f8a347cf88077b24fd \
-    --hash=sha256:ea3a6ac4d74820c98fcc9da4a57847ad2cc36475a8bd9683f32ab6d47a2bd682 \
-    --hash=sha256:ebf64e281a06c904a7636781d2e973d1f0926a5b8b480ac658dc0f556e7779f4 \
-    --hash=sha256:ed6378c9d66d0de903763e7706383d60c33829581f0adff47b6535f1802fa6db \
-    --hash=sha256:ee1e4fc267b437bb89990b2f2abf6c25765b89b72dd4a11e21934df449e0c976 \
-    --hash=sha256:ee4eafd77cc98d355a0d02f263efc0d3ae3ce4a7c24740010a8b4012bbb24937 \
-    --hash=sha256:efec946f331349dfc4ae9d0e034c263ddde19414fe5128580f512619abed05f1 \
-    --hash=sha256:f414da5c51bf350e4b7960644617c130140423882305f7574b6cf65a3081cecb \
-    --hash=sha256:f71009b0d5e94c0e86533c0b27ed7cacc1239cb51c178fd239c3cfefefb0400a \
-    --hash=sha256:f983e4c2f603c95dde63df633eec42955508eefd8d0f0e6d236d31a044c882d7 \
-    --hash=sha256:faa5e8496c530f9c71f2b4e1c49758b06e5f4055e17144906245c99fa6d45356 \
-    --hash=sha256:fed5dfefdf384d6fe975cc026886aece4f292feaf69d0eeb716cfd3c5a4dd8be
+rpds-py==0.22.0 \
+    --hash=sha256:034964ea0ea09645bdde13038b38abb14be0aa747f20fcfab6181207dd9e0483 \
+    --hash=sha256:0686f2c16eafdc2c6b4ce6e86e5b3092e87db09ae64be2787616444eb35b9756 \
+    --hash=sha256:0903ffdb5b9007e503203b6285e4ff0faf96d875c19f1d103b475acf7d9f7311 \
+    --hash=sha256:1212cb231f2002934cd8d71a0d718fdd9d9a2dd671e0feef8501038df3508026 \
+    --hash=sha256:1357c3092702078b7782b6ebd5ba9b22c1a291c34fbf9d8f1a48237466ac7758 \
+    --hash=sha256:1a6cc4eb1e86364331928acafb2bb41d8ab735ca3caf2d6019b9f6dac3f4f65d \
+    --hash=sha256:208ce1d8e3af138d1d9b21d7206356b7f29b96675e0113aea652cf024e4ddfdc \
+    --hash=sha256:2498ff422823be087b48bc82710deb87ac34f6b7c8034ee39920647647de1e60 \
+    --hash=sha256:24c28df05bd284879d0fac850ba697077d2a33b7ebcaea6318d6b6cdfdc86ddc \
+    --hash=sha256:2a57300cc8b034c5707085249efd09f19116bb80278d0ec925d7f3710165c510 \
+    --hash=sha256:2d2fc3ab021be3e0b5aec6d4164f2689d231b8bfc5185cc454314746aa4aee72 \
+    --hash=sha256:2f513758e7cda8bc262e80299a8e3395d7ef7f4ae705be62632f229bc6c33208 \
+    --hash=sha256:306da3dfa174b489a3fc63b0872e2226a5ddf94c59875a770d72aff945d5ed96 \
+    --hash=sha256:326e42f2b49462e05f8527a1311ce98f9f97c484b3e443ec0ea4638bed3aebcf \
+    --hash=sha256:32a0e24cab2daae0503b06666d516e90a080c1a95aff0406b9f03c6489177c4b \
+    --hash=sha256:32de71c393f126d8203e9815557c7ff4d72ed1ad3aa3f52f6c7938413176750a \
+    --hash=sha256:341a07a4b55126bfae68c9bf24220a73d456111e5eb3dcbdab9fd16de2341224 \
+    --hash=sha256:38cacf1f378571450576f2c8ce87da6f3fddc59d744de5c12b37acc23285b1e1 \
+    --hash=sha256:3b94b074dcce39976db22ea75c7aea8b22d95e6d3b62f76e20e1179a278521d8 \
+    --hash=sha256:3dc7c64b56b82428894f056e9ff6e8ee917ff74fc26b65211a33602c2372e928 \
+    --hash=sha256:3f7a048ec1ebc991331d709be4884dc318c9eaafa66dcde8be0933ac0e702149 \
+    --hash=sha256:41f65a97bf2c4b161c9f8f89bc37058346bec9b36e373c8ad00a16c957bff625 \
+    --hash=sha256:48c95997af9314f4034fe5ba2d837399e786586e220835a578d28fe8161e6ae5 \
+    --hash=sha256:49e084d47a66027ac72844f9f52f13d347a9a1f05d4f84381b420e47f836a7fd \
+    --hash=sha256:4b5d17d8f5b885ce50e0cda85f99c0719e365e98b587338535fa566a48375afb \
+    --hash=sha256:4c0321bc03a1c513eca1837e3bba948b975bcf3a172aebc197ab3573207f137a \
+    --hash=sha256:4e7c9aa2353eb0b0d845323857197daa036c2ff8624df990b0d886d22a8f665e \
+    --hash=sha256:4fc4824e38c1e91a73bc820e7caacaf19d0acd557465aceef0420ca59489b390 \
+    --hash=sha256:54d8f94dec5765a9edc19610fecf0fdf9cab36cbb9def1213188215f735a6f98 \
+    --hash=sha256:574c5c94213bc9990805bfd7e4ba3826d3c098516cbc19f0d0ef0433ad93fa06 \
+    --hash=sha256:59e63da174ff287db05ef7c21d75974a5bac727ed60452aeb3a14278477842a8 \
+    --hash=sha256:5ae7927cd2b869ca4dc645169d8af5494a29c99afd0ea0f24dd00c811ab1d8b8 \
+    --hash=sha256:5f21e1278c9456cd601832375c778ca44614d3433996488221a56572c223f04a \
+    --hash=sha256:5fdf91a7c07f40e47b193f2acae0ed9da35d09325d7c3c3279f722b7cbf3d264 \
+    --hash=sha256:62ab12fe03ffc49978d29de9c31bbb216610157f7e5ca8e172fed6642aead3be \
+    --hash=sha256:632d2fdddd9fbe3ac8896a119fd18a71fc95ca9c4cbe5223096c142d8c4a2b1d \
+    --hash=sha256:64a0c965a1e299c9b280006bdb15c276c427c45360aed676305dc36bcaa4d13c \
+    --hash=sha256:67e013a17a3db4d98cc228fd5aeb36a51b0f5cf7330b9102a552060f1fe4e560 \
+    --hash=sha256:6b639a19e1791b646d27f15d17530a51722cc728d43b2dff3aeb904f92d91bac \
+    --hash=sha256:6b6e4bcfc32f831bfe3d6d8a5acedfbfd5e252a03c83fa24813b277a3a8a13ca \
+    --hash=sha256:7539dbb8f705e13629ba6f23388976aad809e387f32a6e5c0712e4e8d9bfcce7 \
+    --hash=sha256:758098b38c344d9a7f279baf0689261777e601f620078ef5afdc9bd3339965c3 \
+    --hash=sha256:762206ba3bf1d6c8c9e0055871d3c0d5b074b7c3120193e6c067e7866f106ab1 \
+    --hash=sha256:771c9a3851beaa617d8c8115d65f834a2b52490f42ee2b88b13f1fc5529e9e0c \
+    --hash=sha256:81e7a27365b02fe70a77f1365376879917235b3fec551d19b4c91b51d0bc1d07 \
+    --hash=sha256:8338db3c76833d02dc21c3e2c42534091341d26e4f7ba32c6032bb558a02e07b \
+    --hash=sha256:8426f97117b914b9bfb2a7bd46edc148e8defda728a55a5df3a564abe70cd7a4 \
+    --hash=sha256:842855bbb113a19c393c6de5aa6ed9a26c6b13c2fead5e49114d39f0d08b94d8 \
+    --hash=sha256:87453d491369cd8018016d2714a13e8461975161703c18ee31eecf087a8ae5d4 \
+    --hash=sha256:875fe8dffb43c20f68379ee098b035a7038d7903c795d46715f66575a7050b19 \
+    --hash=sha256:8ad4dfda52e64af3202ceb2143a62deba97894b71c64a4405ee80f6b3ea77285 \
+    --hash=sha256:8c48fc7458fe3a74dcdf56ba3534ff41bd421f69436df09ff3497fdaac18b431 \
+    --hash=sha256:8cbb040fec8eddd5a6a75e737fd73c9ce37e51f94bacdd0b178d0174a4758395 \
+    --hash=sha256:92d28a608127b357da47c99e0d0e0655ca2060286540fe9f2a25a2e8ac666e05 \
+    --hash=sha256:931bf3d0705b2834fed29354f35170fa022fe22a95542b61b7c66aca5f8a224f \
+    --hash=sha256:93bbd66f46dddc41e8c656130c97c0fb515e0fa44e1eebb2592769dbbd41b2f5 \
+    --hash=sha256:9ad4640a409bc2b7d22b7921e7660f0db96c5c8c69fbb2e8f3261d4f71d33983 \
+    --hash=sha256:a4366f264fa60d3c109f0b27af0cd9eb8d46746bd70bd3d9d425f035b6c7e286 \
+    --hash=sha256:a73ed43d64209e853bba567a543170267a5cd64f359540b0ca2d597e329ba172 \
+    --hash=sha256:a810a57ce5e8ecf8eac6ec4dab534ff80c34e5a2c31db60e992009cd20f58e0f \
+    --hash=sha256:b4660943030406aaa40ec9f51960dd88049903d9536bc3c8ebb5cc4e1f119bbe \
+    --hash=sha256:b8906f537978da3f7f0bd1ba37b69f6a877bb43312023b086582707d2835bf2f \
+    --hash=sha256:b91bfef5daa2a5a4fe62f8d317fc91a626073639f951f851bd2cb252d01bc6c5 \
+    --hash=sha256:ba1fc34d0b2f6fd53377a4c954116251eba6d076bf64f903311f4a7d27d10acd \
+    --hash=sha256:ba235e00e0878ba1080b0f2a761f143b2a2d1c354f3d8e507fbf2f3de401bf18 \
+    --hash=sha256:bb11809b0de643a292a82f728c494a2bbef0e30a7c42d37464abbd6bef7ca7b1 \
+    --hash=sha256:c17b43fe9c6da16885e3fe28922bcd1a029e61631fb771c7d501019b40bcc904 \
+    --hash=sha256:c1c21030ed494deb10226f90e2dbd84a012d59810c409832714a3dd576527be2 \
+    --hash=sha256:c398a5a8e258dfdc5ea2aa4e5aa2ca3207f654a8eb268693dd1a76939074a588 \
+    --hash=sha256:c637188b930175c256f13adbfc427b83ec7e64476d1ec9d6608f312bb84e06c3 \
+    --hash=sha256:c7b4450093c0c909299770226fb0285be47b0a57545bae25b5c4e51566b0e587 \
+    --hash=sha256:c8fd7a16f7a047e06c747cfcf2acef3ac316132df1c6077445b29ee6f3f3a70b \
+    --hash=sha256:ca505fd3767a09a139737f3278bc8a485cb64043062da89bcba27e2f2ea78d33 \
+    --hash=sha256:d1522025cda9e57329aade769f56e5793b2a5da7759a21914ee10e67e17e601e \
+    --hash=sha256:d276280649305c1da6cdd84585d48ae1f0efa67434d8b10d2df95228e59a05bb \
+    --hash=sha256:d33622dc63c295788eed09dbb1d11bed178909d3267b02d873116ee6be368244 \
+    --hash=sha256:d4f2af3107fe4dc40c0d1a2409863f5249c6796398a1d83c1d99a0b3fa6cfb8d \
+    --hash=sha256:d5469b347445d1c31105f33e7bfc9a8ba213d48e42641a610dda65bf9e3c83f5 \
+    --hash=sha256:d80fd710b3307a3c63809048b72c536689b9b0b31a2518339c3f1a4d29c73d7a \
+    --hash=sha256:d9bb9242b38a664f307b3b897f093896f7ed51ef4fe25a0502e5a368de9151ea \
+    --hash=sha256:d9ceca96df54cb1675a0b7f52f1c6d5d1df62c5b40741ba211780f1b05a282a2 \
+    --hash=sha256:dc2c00acdf68f1f69a476b770af311a7dc3955b7de228b04a40bcc51ac4d743b \
+    --hash=sha256:dfdabdf8519c93908b2bf0f87c3f86f9e88bab279fb4acfd0907519ca5a1739f \
+    --hash=sha256:e04919ffa9a728c446b27b6b625fa1d00ece221bdb9d633e978a7e0353a12c0e \
+    --hash=sha256:e0abcce5e874474d3eab5ad53be03dae2abe651d248bdeaabe83708e82969e78 \
+    --hash=sha256:e1c04fb380bc8efaae2fdf17ed6cd5d223da78a8b0b18a610f53d4c5d6e31dfd \
+    --hash=sha256:e23dcdd4b2ff9c6b3317ea7921b210d39592f8ca1cdea58ada25b202c65c0a69 \
+    --hash=sha256:e34a3e665d38d0749072e6565400c8ce9abae976e338919a0dfbfb0e1ba43068 \
+    --hash=sha256:e6da2e0500742e0f157f005924a0589f2e2dcbfdd6cd0cc0abce367433e989be \
+    --hash=sha256:e9aa4af6b879bb75a3c7766fbf49d77f4097dd12b548ecbbd8b3f85caa833281 \
+    --hash=sha256:e9bbdba9e75b1a9ee1dd1335034dad998ef1acc08492226c6fd50aa773bdfa7d \
+    --hash=sha256:e9d4293b21c69ee4f9e1a99ac4f772951d345611c614a0cfae2ec6b565279bc9 \
+    --hash=sha256:eadd2417e83a77ce3ae4a0efd08cb0ebdfd317b6406d11020354a53ad458ec84 \
+    --hash=sha256:ed0102146574e5e9f079b2e1a06e6b5b12a691f9c74a65b93b7f3d4feda566c6 \
+    --hash=sha256:f0fb8efc9e579acf1e556fd86277fecec320c21ca9b5d39db96433ad8c45bc4a \
+    --hash=sha256:f4e9946c8c7def17e4fcb5eddb14c4eb6ebc7f6f309075e6c8d23b133c104607 \
+    --hash=sha256:f7649c8b8e4bd1ccc5fcbd51a855d57a617deeba19c66e3d04b1abecc61036b2 \
+    --hash=sha256:f980a0640599a74f27fd9d50c84c293f1cb7afc2046c5c6d3efaf8ec7cdbc326 \
+    --hash=sha256:f9dc2113e0cf0dd637751ca736186fca63664939ceb9f9f67e93ade88c69c0c9 \
+    --hash=sha256:fde778947304e55fc732bc8ea5c6063e74244ac1808471cb498983a210aaf62c \
+    --hash=sha256:fe23687924b25a2dee52fab15976fd6577ed8518072bcda9ff2e2b88ab1f168b
     # via
     #   jsonschema
     #   referencing
@@ -2111,9 +2120,9 @@ sentry-sdk==2.19.0 \
     --hash=sha256:7b0b3b709dee051337244a09a30dbf6e95afe0d34a1f8b430d45e0982a7c125b \
     --hash=sha256:ee4a4d2ae8bfe3cac012dcf3e4607975904c137e1738116549fc3dbbb6ff0e36
     # via -r requirements/main.in
-sigstore==3.5.1 \
-    --hash=sha256:88f73c8edf1662ff9b86ef6fe0870bb6af4ac99ff808b84995e6a41957b7b3d2 \
-    --hash=sha256:e7023aef4e574120712c16c6bb151f4caee55791c4677fe30c92ef4e50800204
+sigstore==3.5.3 \
+    --hash=sha256:2547bca442201bdf07f7de2c654a0dbe5051b90fac3f8580bf1875d11b5ad498 \
+    --hash=sha256:5f91e101a51bbf442a37f7c1aeea8d4501c9565680c04e06f35be5b53bc02c55
     # via pypi-attestations
 sigstore-protobuf-specs==0.3.2 \
     --hash=sha256:50c99fa6747a3a9c5c562a43602cf76df0b199af28f0e9d4319b6775630425ea \
@@ -2259,10 +2268,15 @@ tzdata==2024.2 \
     # via
     #   celery
     #   kombu
-ua-parser==0.18.0 \
-    --hash=sha256:9d94ac3a80bcb0166823956a779186c746b50ea4c9fd9bf30fdb758553c38950 \
-    --hash=sha256:db51f1b59bfaa82ed9e2a1d99a54d3e4153dddf99ac1435d51828165422e624e
-    # via -r requirements/main.in
+ua-parser==1.0.0 \
+    --hash=sha256:5b31133606a781f56692caa11a9671a9f330c22604b3c4957a7ba18c152212d0 \
+    --hash=sha256:a9740f53f4fbb72b7a03d304cae32a2785cafc55e8207efb74877bba17c35324
+    # via
+    #   -r requirements/main.in
+    #   ua-parser-builtins
+ua-parser-builtins==0.18.0 \
+    --hash=sha256:51cbc3d6ab9c533fc12fc7cededbef503c8d04e465d0aff20d869e15320b5ca9
+    # via ua-parser
 urllib3==2.2.3 \
     --hash=sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac \
     --hash=sha256:e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9
@@ -2274,9 +2288,9 @@ urllib3==2.2.3 \
     #   opensearch-py
     #   requests
     #   sentry-sdk
-venusian==3.1.0 \
-    --hash=sha256:d1fb1e49927f42573f6c9b7c4fcf61c892af8fdcaa2314daa01d9a560b23488d \
-    --hash=sha256:eb72cdca6f3139a15dc80f9c95d3c10f8a54a0ba881eeef8e2ec5b42d3ee3a95
+venusian==3.1.1 \
+    --hash=sha256:0845808a985976acbceaa1fbb871c7fac4fb28ae75453232970e9c2c2866dbf4 \
+    --hash=sha256:534fb3b355669283eb3954581931e5d1d071fce61d029d58f3219a5e3a6f0c41
     # via
     #   pyramid
     #   pyramid-rpc
@@ -2315,77 +2329,72 @@ wired==0.4 \
     --hash=sha256:2c8007863e9bfbc119da58a6d7d615a5a747986c5ce698916e44e19d88e905ff \
     --hash=sha256:cc8d9705c0f70234a3dab41ab9e6fcd35351042699a13551e43390f281535771
     # via pyramid-services
-wrapt==1.16.0 \
-    --hash=sha256:0d2691979e93d06a95a26257adb7bfd0c93818e89b1406f5a28f36e0d8c1e1fc \
-    --hash=sha256:14d7dc606219cdd7405133c713f2c218d4252f2a469003f8c46bb92d5d095d81 \
-    --hash=sha256:1a5db485fe2de4403f13fafdc231b0dbae5eca4359232d2efc79025527375b09 \
-    --hash=sha256:1acd723ee2a8826f3d53910255643e33673e1d11db84ce5880675954183ec47e \
-    --hash=sha256:1ca9b6085e4f866bd584fb135a041bfc32cab916e69f714a7d1d397f8c4891ca \
-    --hash=sha256:1dd50a2696ff89f57bd8847647a1c363b687d3d796dc30d4dd4a9d1689a706f0 \
-    --hash=sha256:2076fad65c6736184e77d7d4729b63a6d1ae0b70da4868adeec40989858eb3fb \
-    --hash=sha256:2a88e6010048489cda82b1326889ec075a8c856c2e6a256072b28eaee3ccf487 \
-    --hash=sha256:3ebf019be5c09d400cf7b024aa52b1f3aeebeff51550d007e92c3c1c4afc2a40 \
-    --hash=sha256:418abb18146475c310d7a6dc71143d6f7adec5b004ac9ce08dc7a34e2babdc5c \
-    --hash=sha256:43aa59eadec7890d9958748db829df269f0368521ba6dc68cc172d5d03ed8060 \
-    --hash=sha256:44a2754372e32ab315734c6c73b24351d06e77ffff6ae27d2ecf14cf3d229202 \
-    --hash=sha256:490b0ee15c1a55be9c1bd8609b8cecd60e325f0575fc98f50058eae366e01f41 \
-    --hash=sha256:49aac49dc4782cb04f58986e81ea0b4768e4ff197b57324dcbd7699c5dfb40b9 \
-    --hash=sha256:5eb404d89131ec9b4f748fa5cfb5346802e5ee8836f57d516576e61f304f3b7b \
-    --hash=sha256:5f15814a33e42b04e3de432e573aa557f9f0f56458745c2074952f564c50e664 \
-    --hash=sha256:5f370f952971e7d17c7d1ead40e49f32345a7f7a5373571ef44d800d06b1899d \
-    --hash=sha256:66027d667efe95cc4fa945af59f92c5a02c6f5bb6012bff9e60542c74c75c362 \
-    --hash=sha256:66dfbaa7cfa3eb707bbfcd46dab2bc6207b005cbc9caa2199bcbc81d95071a00 \
-    --hash=sha256:685f568fa5e627e93f3b52fda002c7ed2fa1800b50ce51f6ed1d572d8ab3e7fc \
-    --hash=sha256:6906c4100a8fcbf2fa735f6059214bb13b97f75b1a61777fcf6432121ef12ef1 \
-    --hash=sha256:6a42cd0cfa8ffc1915aef79cb4284f6383d8a3e9dcca70c445dcfdd639d51267 \
-    --hash=sha256:6dcfcffe73710be01d90cae08c3e548d90932d37b39ef83969ae135d36ef3956 \
-    --hash=sha256:6f6eac2360f2d543cc875a0e5efd413b6cbd483cb3ad7ebf888884a6e0d2e966 \
-    --hash=sha256:72554a23c78a8e7aa02abbd699d129eead8b147a23c56e08d08dfc29cfdddca1 \
-    --hash=sha256:73870c364c11f03ed072dda68ff7aea6d2a3a5c3fe250d917a429c7432e15228 \
-    --hash=sha256:73aa7d98215d39b8455f103de64391cb79dfcad601701a3aa0dddacf74911d72 \
-    --hash=sha256:75ea7d0ee2a15733684badb16de6794894ed9c55aa5e9903260922f0482e687d \
-    --hash=sha256:7bd2d7ff69a2cac767fbf7a2b206add2e9a210e57947dd7ce03e25d03d2de292 \
-    --hash=sha256:807cc8543a477ab7422f1120a217054f958a66ef7314f76dd9e77d3f02cdccd0 \
-    --hash=sha256:8e9723528b9f787dc59168369e42ae1c3b0d3fadb2f1a71de14531d321ee05b0 \
-    --hash=sha256:9090c9e676d5236a6948330e83cb89969f433b1943a558968f659ead07cb3b36 \
-    --hash=sha256:9153ed35fc5e4fa3b2fe97bddaa7cbec0ed22412b85bcdaf54aeba92ea37428c \
-    --hash=sha256:9159485323798c8dc530a224bd3ffcf76659319ccc7bbd52e01e73bd0241a0c5 \
-    --hash=sha256:941988b89b4fd6b41c3f0bfb20e92bd23746579736b7343283297c4c8cbae68f \
-    --hash=sha256:94265b00870aa407bd0cbcfd536f17ecde43b94fb8d228560a1e9d3041462d73 \
-    --hash=sha256:98b5e1f498a8ca1858a1cdbffb023bfd954da4e3fa2c0cb5853d40014557248b \
-    --hash=sha256:9b201ae332c3637a42f02d1045e1d0cccfdc41f1f2f801dafbaa7e9b4797bfc2 \
-    --hash=sha256:a0ea261ce52b5952bf669684a251a66df239ec6d441ccb59ec7afa882265d593 \
-    --hash=sha256:a33a747400b94b6d6b8a165e4480264a64a78c8a4c734b62136062e9a248dd39 \
-    --hash=sha256:a452f9ca3e3267cd4d0fcf2edd0d035b1934ac2bd7e0e57ac91ad6b95c0c6389 \
-    --hash=sha256:a86373cf37cd7764f2201b76496aba58a52e76dedfaa698ef9e9688bfd9e41cf \
-    --hash=sha256:ac83a914ebaf589b69f7d0a1277602ff494e21f4c2f743313414378f8f50a4cf \
-    --hash=sha256:aefbc4cb0a54f91af643660a0a150ce2c090d3652cf4052a5397fb2de549cd89 \
-    --hash=sha256:b3646eefa23daeba62643a58aac816945cadc0afaf21800a1421eeba5f6cfb9c \
-    --hash=sha256:b47cfad9e9bbbed2339081f4e346c93ecd7ab504299403320bf85f7f85c7d46c \
-    --hash=sha256:b935ae30c6e7400022b50f8d359c03ed233d45b725cfdd299462f41ee5ffba6f \
-    --hash=sha256:bb2dee3874a500de01c93d5c71415fcaef1d858370d405824783e7a8ef5db440 \
-    --hash=sha256:bc57efac2da352a51cc4658878a68d2b1b67dbe9d33c36cb826ca449d80a8465 \
-    --hash=sha256:bf5703fdeb350e36885f2875d853ce13172ae281c56e509f4e6eca049bdfb136 \
-    --hash=sha256:c31f72b1b6624c9d863fc095da460802f43a7c6868c5dda140f51da24fd47d7b \
-    --hash=sha256:c5cd603b575ebceca7da5a3a251e69561bec509e0b46e4993e1cac402b7247b8 \
-    --hash=sha256:d2efee35b4b0a347e0d99d28e884dfd82797852d62fcd7ebdeee26f3ceb72cf3 \
-    --hash=sha256:d462f28826f4657968ae51d2181a074dfe03c200d6131690b7d65d55b0f360f8 \
-    --hash=sha256:d5e49454f19ef621089e204f862388d29e6e8d8b162efce05208913dde5b9ad6 \
-    --hash=sha256:da4813f751142436b075ed7aa012a8778aa43a99f7b36afe9b742d3ed8bdc95e \
-    --hash=sha256:db2e408d983b0e61e238cf579c09ef7020560441906ca990fe8412153e3b291f \
-    --hash=sha256:db98ad84a55eb09b3c32a96c576476777e87c520a34e2519d3e59c44710c002c \
-    --hash=sha256:dbed418ba5c3dce92619656802cc5355cb679e58d0d89b50f116e4a9d5a9603e \
-    --hash=sha256:dcdba5c86e368442528f7060039eda390cc4091bfd1dca41e8046af7c910dda8 \
-    --hash=sha256:decbfa2f618fa8ed81c95ee18a387ff973143c656ef800c9f24fb7e9c16054e2 \
-    --hash=sha256:e4fdb9275308292e880dcbeb12546df7f3e0f96c6b41197e0cf37d2826359020 \
-    --hash=sha256:eb1b046be06b0fce7249f1d025cd359b4b80fc1c3e24ad9eca33e0dcdb2e4a35 \
-    --hash=sha256:eb6e651000a19c96f452c85132811d25e9264d836951022d6e81df2fff38337d \
-    --hash=sha256:ed867c42c268f876097248e05b6117a65bcd1e63b779e916fe2e33cd6fd0d3c3 \
-    --hash=sha256:edfad1d29c73f9b863ebe7082ae9321374ccb10879eeabc84ba3b69f2579d537 \
-    --hash=sha256:f2058f813d4f2b5e3a9eb2eb3faf8f1d99b81c3e51aeda4b168406443e8ba809 \
-    --hash=sha256:f6b2d0c6703c988d334f297aa5df18c45e97b0af3679bb75059e0e0bd8b1069d \
-    --hash=sha256:f8212564d49c50eb4565e502814f694e240c55551a5f1bc841d4fcaabb0a9b8a \
-    --hash=sha256:ffa565331890b90056c01db69c0fe634a776f8019c143a5ae265f9c6bc4bd6d4
+wrapt==1.17.0 \
+    --hash=sha256:0229b247b0fc7dee0d36176cbb79dbaf2a9eb7ecc50ec3121f40ef443155fb1d \
+    --hash=sha256:0698d3a86f68abc894d537887b9bbf84d29bcfbc759e23f4644be27acf6da301 \
+    --hash=sha256:0a0a1a1ec28b641f2a3a2c35cbe86c00051c04fffcfcc577ffcdd707df3f8635 \
+    --hash=sha256:0b48554952f0f387984da81ccfa73b62e52817a4386d070c75e4db7d43a28c4a \
+    --hash=sha256:0f2a28eb35cf99d5f5bd12f5dd44a0f41d206db226535b37b0c60e9da162c3ed \
+    --hash=sha256:140ea00c87fafc42739bd74a94a5a9003f8e72c27c47cd4f61d8e05e6dec8721 \
+    --hash=sha256:16187aa2317c731170a88ef35e8937ae0f533c402872c1ee5e6d079fcf320801 \
+    --hash=sha256:17fcf043d0b4724858f25b8826c36e08f9fb2e475410bece0ec44a22d533da9b \
+    --hash=sha256:18b956061b8db634120b58f668592a772e87e2e78bc1f6a906cfcaa0cc7991c1 \
+    --hash=sha256:2399408ac33ffd5b200480ee858baa58d77dd30e0dd0cab6a8a9547135f30a88 \
+    --hash=sha256:2a0c23b8319848426f305f9cb0c98a6e32ee68a36264f45948ccf8e7d2b941f8 \
+    --hash=sha256:2dfb7cff84e72e7bf975b06b4989477873dcf160b2fd89959c629535df53d4e0 \
+    --hash=sha256:2f495b6754358979379f84534f8dd7a43ff8cff2558dcdea4a148a6e713a758f \
+    --hash=sha256:33539c6f5b96cf0b1105a0ff4cf5db9332e773bb521cc804a90e58dc49b10578 \
+    --hash=sha256:3c34f6896a01b84bab196f7119770fd8466c8ae3dfa73c59c0bb281e7b588ce7 \
+    --hash=sha256:498fec8da10e3e62edd1e7368f4b24aa362ac0ad931e678332d1b209aec93045 \
+    --hash=sha256:4d63f4d446e10ad19ed01188d6c1e1bb134cde8c18b0aa2acfd973d41fcc5ada \
+    --hash=sha256:4e4b4385363de9052dac1a67bfb535c376f3d19c238b5f36bddc95efae15e12d \
+    --hash=sha256:4e547b447073fc0dbfcbff15154c1be8823d10dab4ad401bdb1575e3fdedff1b \
+    --hash=sha256:4f643df3d4419ea3f856c5c3f40fec1d65ea2e89ec812c83f7767c8730f9827a \
+    --hash=sha256:4f763a29ee6a20c529496a20a7bcb16a73de27f5da6a843249c7047daf135977 \
+    --hash=sha256:5ae271862b2142f4bc687bdbfcc942e2473a89999a54231aa1c2c676e28f29ea \
+    --hash=sha256:5d8fd17635b262448ab8f99230fe4dac991af1dabdbb92f7a70a6afac8a7e346 \
+    --hash=sha256:69c40d4655e078ede067a7095544bcec5a963566e17503e75a3a3e0fe2803b13 \
+    --hash=sha256:69d093792dc34a9c4c8a70e4973a3361c7a7578e9cd86961b2bbf38ca71e4e22 \
+    --hash=sha256:6a9653131bda68a1f029c52157fd81e11f07d485df55410401f745007bd6d339 \
+    --hash=sha256:6ff02a91c4fc9b6a94e1c9c20f62ea06a7e375f42fe57587f004d1078ac86ca9 \
+    --hash=sha256:714c12485aa52efbc0fc0ade1e9ab3a70343db82627f90f2ecbc898fdf0bb181 \
+    --hash=sha256:7264cbb4a18dc4acfd73b63e4bcfec9c9802614572025bdd44d0721983fc1d9c \
+    --hash=sha256:73a96fd11d2b2e77d623a7f26e004cc31f131a365add1ce1ce9a19e55a1eef90 \
+    --hash=sha256:74bf625b1b4caaa7bad51d9003f8b07a468a704e0644a700e936c357c17dd45a \
+    --hash=sha256:81b1289e99cf4bad07c23393ab447e5e96db0ab50974a280f7954b071d41b489 \
+    --hash=sha256:8425cfce27b8b20c9b89d77fb50e368d8306a90bf2b6eef2cdf5cd5083adf83f \
+    --hash=sha256:875d240fdbdbe9e11f9831901fb8719da0bd4e6131f83aa9f69b96d18fae7504 \
+    --hash=sha256:879591c2b5ab0a7184258274c42a126b74a2c3d5a329df16d69f9cee07bba6ea \
+    --hash=sha256:89fc28495896097622c3fc238915c79365dd0ede02f9a82ce436b13bd0ab7569 \
+    --hash=sha256:8a5e7cc39a45fc430af1aefc4d77ee6bad72c5bcdb1322cfde852c15192b8bd4 \
+    --hash=sha256:8f8909cdb9f1b237786c09a810e24ee5e15ef17019f7cecb207ce205b9b5fcce \
+    --hash=sha256:914f66f3b6fc7b915d46c1cc424bc2441841083de01b90f9e81109c9759e43ab \
+    --hash=sha256:92a3d214d5e53cb1db8b015f30d544bc9d3f7179a05feb8f16df713cecc2620a \
+    --hash=sha256:948a9bd0fb2c5120457b07e59c8d7210cbc8703243225dbd78f4dfc13c8d2d1f \
+    --hash=sha256:9c900108df470060174108012de06d45f514aa4ec21a191e7ab42988ff42a86c \
+    --hash=sha256:9f2939cd4a2a52ca32bc0b359015718472d7f6de870760342e7ba295be9ebaf9 \
+    --hash=sha256:a4192b45dff127c7d69b3bdfb4d3e47b64179a0b9900b6351859f3001397dabf \
+    --hash=sha256:a8fc931382e56627ec4acb01e09ce66e5c03c384ca52606111cee50d931a342d \
+    --hash=sha256:ad47b095f0bdc5585bced35bd088cbfe4177236c7df9984b3cc46b391cc60627 \
+    --hash=sha256:b1ca5f060e205f72bec57faae5bd817a1560fcfc4af03f414b08fa29106b7e2d \
+    --hash=sha256:ba1739fb38441a27a676f4de4123d3e858e494fac05868b7a281c0a383c098f4 \
+    --hash=sha256:baa7ef4e0886a6f482e00d1d5bcd37c201b383f1d314643dfb0367169f94f04c \
+    --hash=sha256:bb90765dd91aed05b53cd7a87bd7f5c188fcd95960914bae0d32c5e7f899719d \
+    --hash=sha256:bc7f729a72b16ee21795a943f85c6244971724819819a41ddbaeb691b2dd85ad \
+    --hash=sha256:bdf62d25234290db1837875d4dceb2151e4ea7f9fff2ed41c0fde23ed542eb5b \
+    --hash=sha256:c30970bdee1cad6a8da2044febd824ef6dc4cc0b19e39af3085c763fdec7de33 \
+    --hash=sha256:d2c63b93548eda58abf5188e505ffed0229bf675f7c3090f8e36ad55b8cbc371 \
+    --hash=sha256:d751300b94e35b6016d4b1e7d0e7bbc3b5e1751e2405ef908316c2a9024008a1 \
+    --hash=sha256:da427d311782324a376cacb47c1a4adc43f99fd9d996ffc1b3e8529c4074d393 \
+    --hash=sha256:daba396199399ccabafbfc509037ac635a6bc18510ad1add8fd16d4739cdd106 \
+    --hash=sha256:e185ec6060e301a7e5f8461c86fb3640a7beb1a0f0208ffde7a65ec4074931df \
+    --hash=sha256:e4a557d97f12813dc5e18dad9fa765ae44ddd56a672bb5de4825527c847d6379 \
+    --hash=sha256:e5ed16d95fd142e9c72b6c10b06514ad30e846a0d0917ab406186541fe68b451 \
+    --hash=sha256:e711fc1acc7468463bc084d1b68561e40d1eaa135d8c509a65dd534403d83d7b \
+    --hash=sha256:f28b29dc158ca5d6ac396c8e0a2ef45c4e97bb7e65522bfc04c989e6fe814575 \
+    --hash=sha256:f335579a1b485c834849e9075191c9898e0731af45705c2ebf70e0cd5d58beed \
+    --hash=sha256:fce6fee67c318fdfb7f285c29a82d84782ae2579c0e1b385b7f36c6e8074fffb \
+    --hash=sha256:fd136bb85f4568fffca995bd3c8d52080b1e5b225dbf1c2b17b66b4c5fa02838
     # via deprecated
 wtforms[email]==3.2.1 \
     --hash=sha256:583bad77ba1dd7286463f21e11aa3043ca4869d03575921d1a1698d0715e0fd4 \
@@ -2399,44 +2408,44 @@ zope-deprecation==5.0 \
     # via
     #   pyramid
     #   pyramid-jinja2
-zope-interface==7.1.1 \
-    --hash=sha256:0de23bcb93401994ea00bc5c677ef06d420340ac0a4e9c10d80e047b9ce5af3f \
-    --hash=sha256:179ad46ece518c9084cb272e4a69d266b659f7f8f48e51706746c2d8a426433e \
-    --hash=sha256:190eeec67e023d5aac54d183fa145db0b898664234234ac54643a441da434616 \
-    --hash=sha256:1a2ed0852c25950cf430067f058f8d98df6288502ac313861d9803fe7691a9b3 \
-    --hash=sha256:1c4e1b4c06d9abd1037c088dae1566c85f344a3e6ae4350744c3f7f7259d9c67 \
-    --hash=sha256:1d0e23c6b746eb8ce04573cc47bcac60961ac138885d207bd6f57e27a1431ae8 \
-    --hash=sha256:2317e1d4dba68203a5227ea3057f9078ec9376275f9700086b8f0ffc0b358e1b \
-    --hash=sha256:2d553e02b68c0ea5a226855f02edbc9eefd99f6a8886fa9f9bdf999d77f46585 \
-    --hash=sha256:3603ef82a9920bd0bfb505423cb7e937498ad971ad5a6141841e8f76d2fd5446 \
-    --hash=sha256:3defc925c4b22ac1272d544a49c6ba04c3eefcce3200319ee1be03d9270306dd \
-    --hash=sha256:3e59f175e868f856a77c0a77ba001385c377df2104fdbda6b9f99456a01e102a \
-    --hash=sha256:4284d664ef0ff7b709836d4de7b13d80873dc5faeffc073abdb280058bfac5e3 \
-    --hash=sha256:55c373becbd36a44d0c9be1d5271422fdaa8562d158fb44b4192297b3c67096c \
-    --hash=sha256:5836b8fb044c6e75ba34dfaabc602493019eadfa0faf6ff25f4c4c356a71a853 \
-    --hash=sha256:5cdb7e7e5524b76d3ec037c1d81a9e2c7457b240fd4cb0a2476b65c3a5a6c81f \
-    --hash=sha256:6650bd56ef350d37c8baccfd3ee8a0483ed6f8666e641e4b9ae1a1827b79f9e5 \
-    --hash=sha256:7395f13533318f150ee72adb55b29284b16e73b6d5f02ab21f173b3e83f242b8 \
-    --hash=sha256:7720322763aceb5e0a7cadcc38c67b839efe599f0887cbf6c003c55b1458c501 \
-    --hash=sha256:7cd5e3d910ac87652a09f6e5db8e41bc3b49cf08ddd2d73d30afc644801492cd \
-    --hash=sha256:81744a7e61b598ebcf4722ac56a7a4f50502432b5b4dc7eb29075a89cf82d029 \
-    --hash=sha256:84e87eba6b77a3af187bae82d8de1a7c208c2a04ec9f6bd444fd091b811ad92e \
-    --hash=sha256:8d0fe45be57b5219aa4b96e846631c04615d5ef068146de5a02ccd15c185321f \
-    --hash=sha256:9595e478047ce752b35cfa221d7601a5283ccdaab40422e0dc1d4a334c70f580 \
-    --hash=sha256:99c14f0727c978639139e6cad7a60e82b7720922678d75aacb90cf4ef74a068c \
-    --hash=sha256:9b1eed7670d564f1025d7cda89f99f216c30210e42e95de466135be0b4a499d9 \
-    --hash=sha256:9fad9bd5502221ab179f13ea251cb30eef7cf65023156967f86673aff54b53a0 \
-    --hash=sha256:ad339509dcfbbc99bf8e147db6686249c4032f26586699ec4c82f6e5909c9fe2 \
-    --hash=sha256:bcbeb44fc16e0078b3b68a95e43f821ae34dcbf976dde6985141838a5f23dd3d \
-    --hash=sha256:c8e7b05dc6315a193cceaec071cc3cf1c180cea28808ccded0b1283f1c38ba73 \
-    --hash=sha256:ca95594d936ee349620900be5b46c0122a1ff6ce42d7d5cb2cf09dc84071ef16 \
-    --hash=sha256:d029fac6a80edae80f79c37e5e3abfa92968fe921886139b3ee470a1b177321a \
-    --hash=sha256:d17e7fc814eaab93409b80819fd6d30342844345c27f3bc3c4b43c2425a8d267 \
-    --hash=sha256:d6821ef9870f32154da873fcde439274f99814ea452dd16b99fa0b66345c4b6b \
-    --hash=sha256:e6503534b52bb1720ace9366ee30838a58a3413d3e197512f3338c8f34b5d89d \
-    --hash=sha256:ed1df8cc01dd1e3970666a7370b8bfc7457371c58ba88c57bd5bca17ab198053 \
-    --hash=sha256:f1d52d052355e0c5c89e0630dd2ff7c0b823fd5f56286a663e92444761b35e25 \
-    --hash=sha256:f85b290e5b8b11814efb0d004d8ce6c9a483c35c462e8d9bf84abb93e79fa770
+zope-interface==7.2 \
+    --hash=sha256:033b3923b63474800b04cba480b70f6e6243a62208071fc148354f3f89cc01b7 \
+    --hash=sha256:05b910a5afe03256b58ab2ba6288960a2892dfeef01336dc4be6f1b9ed02ab0a \
+    --hash=sha256:086ee2f51eaef1e4a52bd7d3111a0404081dadae87f84c0ad4ce2649d4f708b7 \
+    --hash=sha256:0ef9e2f865721553c6f22a9ff97da0f0216c074bd02b25cf0d3af60ea4d6931d \
+    --hash=sha256:1090c60116b3da3bfdd0c03406e2f14a1ff53e5771aebe33fec1edc0a350175d \
+    --hash=sha256:144964649eba4c5e4410bb0ee290d338e78f179cdbfd15813de1a664e7649b3b \
+    --hash=sha256:15398c000c094b8855d7d74f4fdc9e73aa02d4d0d5c775acdef98cdb1119768d \
+    --hash=sha256:1909f52a00c8c3dcab6c4fad5d13de2285a4b3c7be063b239b8dc15ddfb73bd2 \
+    --hash=sha256:21328fcc9d5b80768bf051faa35ab98fb979080c18e6f84ab3f27ce703bce465 \
+    --hash=sha256:224b7b0314f919e751f2bca17d15aad00ddbb1eadf1cb0190fa8175edb7ede62 \
+    --hash=sha256:25e6a61dcb184453bb00eafa733169ab6d903e46f5c2ace4ad275386f9ab327a \
+    --hash=sha256:27f926f0dcb058211a3bb3e0e501c69759613b17a553788b2caeb991bed3b61d \
+    --hash=sha256:29caad142a2355ce7cfea48725aa8bcf0067e2b5cc63fcf5cd9f97ad12d6afb5 \
+    --hash=sha256:2ad9913fd858274db8dd867012ebe544ef18d218f6f7d1e3c3e6d98000f14b75 \
+    --hash=sha256:31d06db13a30303c08d61d5fb32154be51dfcbdb8438d2374ae27b4e069aac40 \
+    --hash=sha256:3e0350b51e88658d5ad126c6a57502b19d5f559f6cb0a628e3dc90442b53dd98 \
+    --hash=sha256:3f6771d1647b1fc543d37640b45c06b34832a943c80d1db214a37c31161a93f1 \
+    --hash=sha256:4893395d5dd2ba655c38ceb13014fd65667740f09fa5bb01caa1e6284e48c0cd \
+    --hash=sha256:52e446f9955195440e787596dccd1411f543743c359eeb26e9b2c02b077b0519 \
+    --hash=sha256:550f1c6588ecc368c9ce13c44a49b8d6b6f3ca7588873c679bd8fd88a1b557b6 \
+    --hash=sha256:72cd1790b48c16db85d51fbbd12d20949d7339ad84fd971427cf00d990c1f137 \
+    --hash=sha256:7bd449c306ba006c65799ea7912adbbfed071089461a19091a228998b82b1fdb \
+    --hash=sha256:7dc5016e0133c1a1ec212fc87a4f7e7e562054549a99c73c8896fa3a9e80cbc7 \
+    --hash=sha256:802176a9f99bd8cc276dcd3b8512808716492f6f557c11196d42e26c01a69a4c \
+    --hash=sha256:80ecf2451596f19fd607bb09953f426588fc1e79e93f5968ecf3367550396b22 \
+    --hash=sha256:8b49f1a3d1ee4cdaf5b32d2e738362c7f5e40ac8b46dd7d1a65e82a4872728fe \
+    --hash=sha256:8e7da17f53e25d1a3bde5da4601e026adc9e8071f9f6f936d0fe3fe84ace6d54 \
+    --hash=sha256:a102424e28c6b47c67923a1f337ede4a4c2bba3965b01cf707978a801fc7442c \
+    --hash=sha256:a19a6cc9c6ce4b1e7e3d319a473cf0ee989cbbe2b39201d7c19e214d2dfb80c7 \
+    --hash=sha256:a71a5b541078d0ebe373a81a3b7e71432c61d12e660f1d67896ca62d9628045b \
+    --hash=sha256:baf95683cde5bc7d0e12d8e7588a3eb754d7c4fa714548adcd96bdf90169f021 \
+    --hash=sha256:cab15ff4832580aa440dc9790b8a6128abd0b88b7ee4dd56abacbc52f212209d \
+    --hash=sha256:ce290e62229964715f1011c3dbeab7a4a1e4971fd6f31324c4519464473ef9f2 \
+    --hash=sha256:d3a8ffec2a50d8ec470143ea3d15c0c52d73df882eef92de7537e8ce13475e8a \
+    --hash=sha256:e204937f67b28d2dca73ca936d3039a144a081fc47a07598d44854ea2a106239 \
+    --hash=sha256:eb23f58a446a7f09db85eda09521a498e109f137b85fb278edb2e34841055398 \
+    --hash=sha256:f6dd02ec01f4468da0f234da9d9c8545c5412fef80bc590cc51d8dd084138a89
     # via
     #   pyramid
     #   pyramid-retry

From c6929d37d805a949241b2c86a1877ff58315e930 Mon Sep 17 00:00:00 2001
From: Alexis <alexis.challande@trailofbits.com>
Date: Tue, 3 Dec 2024 18:50:21 +0100
Subject: [PATCH 12/12] Fix merge

---
 requirements/main.txt | 340 ++++++++++++++++++++++--------------------
 1 file changed, 175 insertions(+), 165 deletions(-)

diff --git a/requirements/main.txt b/requirements/main.txt
index c3f196ada86a..707e0587dd85 100644
--- a/requirements/main.txt
+++ b/requirements/main.txt
@@ -74,32 +74,34 @@ babel==2.16.0 \
     --hash=sha256:368b5b98b37c06b7daf6696391c3240c938b37767d4584413e8438c5c435fa8b \
     --hash=sha256:d1f3554ca26605fe173f3de0c65f750f5a42f924499bf134de6423582298e316
     # via -r requirements/main.in
-bcrypt==4.2.1 \
-    --hash=sha256:041fa0155c9004eb98a232d54da05c0b41d4b8e66b6fc3cb71b4b3f6144ba837 \
-    --hash=sha256:04e56e3fe8308a88b77e0afd20bec516f74aecf391cdd6e374f15cbed32783d6 \
-    --hash=sha256:1340411a0894b7d3ef562fb233e4b6ed58add185228650942bdc885362f32c17 \
-    --hash=sha256:533e7f3bcf2f07caee7ad98124fab7499cb3333ba2274f7a36cf1daee7409d99 \
-    --hash=sha256:6765386e3ab87f569b276988742039baab087b2cdb01e809d74e74503c2faafe \
-    --hash=sha256:687cf30e6681eeda39548a93ce9bfbb300e48b4d445a43db4298d2474d2a1e54 \
-    --hash=sha256:76132c176a6d9953cdc83c296aeaed65e1a708485fd55abf163e0d9f8f16ce0e \
-    --hash=sha256:76d3e352b32f4eeb34703370e370997065d28a561e4a18afe4fef07249cb4396 \
-    --hash=sha256:807261df60a8b1ccd13e6599c779014a362ae4e795f5c59747f60208daddd96d \
-    --hash=sha256:89df2aea2c43be1e1fa066df5f86c8ce822ab70a30e4c210968669565c0f4685 \
-    --hash=sha256:8ad2f4528cbf0febe80e5a3a57d7a74e6635e41af1ea5675282a33d769fba413 \
-    --hash=sha256:8c458cd103e6c5d1d85cf600e546a639f234964d0228909d8f8dbeebff82d526 \
-    --hash=sha256:8dbd0747208912b1e4ce730c6725cb56c07ac734b3629b60d4398f082ea718ad \
-    --hash=sha256:909faa1027900f2252a9ca5dfebd25fc0ef1417943824783d1c8418dd7d6df4a \
-    --hash=sha256:aaa2e285be097050dba798d537b6efd9b698aa88eef52ec98d23dcd6d7cf6fea \
-    --hash=sha256:adadd36274510a01f33e6dc08f5824b97c9580583bd4487c564fc4617b328005 \
-    --hash=sha256:b1ee315739bc8387aa36ff127afc99120ee452924e0df517a8f3e4c0187a0f5f \
-    --hash=sha256:b588af02b89d9fad33e5f98f7838bf590d6d692df7153647724a7f20c186f6bf \
-    --hash=sha256:b7703ede632dc945ed1172d6f24e9f30f27b1b1a067f32f68bf169c5f08d0425 \
-    --hash=sha256:c6f5fa3775966cca251848d4d5393ab016b3afed251163c1436fefdec3b02c84 \
-    --hash=sha256:cde78d385d5e93ece5479a0a87f73cd6fa26b171c786a884f955e165032b262c \
-    --hash=sha256:cfdf3d7530c790432046c40cda41dfee8c83e29482e6a604f8930b9930e94139 \
-    --hash=sha256:e158009a54c4c8bc91d5e0da80920d048f918c61a581f0a63e4e93bb556d362f \
-    --hash=sha256:e84e0e6f8e40a242b11bce56c313edc2be121cec3e0ec2d76fce01f6af33c07c \
-    --hash=sha256:f85b1ffa09240c89aa2e1ae9f3b1c687104f7b2b9d2098da4e923f1b7082d331
+bcrypt==4.2.0 \
+    --hash=sha256:096a15d26ed6ce37a14c1ac1e48119660f21b24cba457f160a4b830f3fe6b5cb \
+    --hash=sha256:0da52759f7f30e83f1e30a888d9163a81353ef224d82dc58eb5bb52efcabc399 \
+    --hash=sha256:1bb429fedbe0249465cdd85a58e8376f31bb315e484f16e68ca4c786dcc04291 \
+    --hash=sha256:1d84cf6d877918620b687b8fd1bf7781d11e8a0998f576c7aa939776b512b98d \
+    --hash=sha256:1ee38e858bf5d0287c39b7a1fc59eec64bbf880c7d504d3a06a96c16e14058e7 \
+    --hash=sha256:1ff39b78a52cf03fdf902635e4c81e544714861ba3f0efc56558979dd4f09170 \
+    --hash=sha256:27fe0f57bb5573104b5a6de5e4153c60814c711b29364c10a75a54bb6d7ff48d \
+    --hash=sha256:3413bd60460f76097ee2e0a493ccebe4a7601918219c02f503984f0a7ee0aebe \
+    --hash=sha256:3698393a1b1f1fd5714524193849d0c6d524d33523acca37cd28f02899285060 \
+    --hash=sha256:373db9abe198e8e2c70d12b479464e0d5092cc122b20ec504097b5f2297ed184 \
+    --hash=sha256:39e1d30c7233cfc54f5c3f2c825156fe044efdd3e0b9d309512cc514a263ec2a \
+    --hash=sha256:3bbbfb2734f0e4f37c5136130405332640a1e46e6b23e000eeff2ba8d005da68 \
+    --hash=sha256:3d3a6d28cb2305b43feac298774b997e372e56c7c7afd90a12b3dc49b189151c \
+    --hash=sha256:5a1e8aa9b28ae28020a3ac4b053117fb51c57a010b9f969603ed885f23841458 \
+    --hash=sha256:61ed14326ee023917ecd093ee6ef422a72f3aec6f07e21ea5f10622b735538a9 \
+    --hash=sha256:655ea221910bcac76ea08aaa76df427ef8625f92e55a8ee44fbf7753dbabb328 \
+    --hash=sha256:762a2c5fb35f89606a9fde5e51392dad0cd1ab7ae64149a8b935fe8d79dd5ed7 \
+    --hash=sha256:77800b7147c9dc905db1cba26abe31e504d8247ac73580b4aa179f98e6608f34 \
+    --hash=sha256:8ac68872c82f1add6a20bd489870c71b00ebacd2e9134a8aa3f98a0052ab4b0e \
+    --hash=sha256:8d7bb9c42801035e61c109c345a28ed7e84426ae4865511eb82e913df18f58c2 \
+    --hash=sha256:8f6ede91359e5df88d1f5c1ef47428a4420136f3ce97763e31b86dd8280fbdf5 \
+    --hash=sha256:9c1c4ad86351339c5f320ca372dfba6cb6beb25e8efc659bedd918d921956bae \
+    --hash=sha256:c02d944ca89d9b1922ceb8a46460dd17df1ba37ab66feac4870f6862a1533c00 \
+    --hash=sha256:c52aac18ea1f4a4f65963ea4f9530c306b56ccd0c6f8c8da0c06976e34a6e841 \
+    --hash=sha256:cb2a8ec2bc07d3553ccebf0746bbf3d19426d1c6d1adbd4fa48925f66af7b9e8 \
+    --hash=sha256:cf69eaf5185fd58f268f805b505ce31f9b9fc2d64b376642164e9244540c1221 \
+    --hash=sha256:f4f4acf526fcd1c34e7ce851147deedd4e26e6402369304220250598b26448db
     # via -r requirements/main.in
 betterproto==2.0.0b6 \
     --hash=sha256:720ae92697000f6fcf049c69267d957f0871654c8b0d7458906607685daee784 \
@@ -109,16 +111,16 @@ billiard==4.2.1 \
     --hash=sha256:12b641b0c539073fc8d3f5b8b7be998956665c4233c7c1fcd66a7e677c4fb36f \
     --hash=sha256:40b59a4ac8806ba2c2369ea98d876bc6108b051c227baffd928c644d15d8f3cb
     # via celery
-boto3==1.35.73 \
-    --hash=sha256:473438feafe77d29fbea532a91a65de0d8751a4fa5822127218710a205e28e7a \
-    --hash=sha256:ccb1a365d3084de53b58f8dfc056462f49b16931c139f4c8ac5f0bca8cb8fe81
+boto3==1.35.43 \
+    --hash=sha256:0197f460632804577aa78b2f6daf7b823bffa9d4d67a5cebb179efff0fe9631b \
+    --hash=sha256:e6a50a0599f75b21de0de1a551a0564793d25b304fa623e4052e527b268de734
     # via
     #   -r requirements/main.in
     #   celery
     #   kombu
-botocore==1.35.73 \
-    --hash=sha256:8a6a0f5ad119e38d850571df8c625dbad66aec1b20c15f84cdcb95258f9f1edb \
-    --hash=sha256:b2e3ecdd1769f011f72c4c0d0094570ba125f4ca327f24269e4d68eb5d9878b9
+botocore==1.35.43 \
+    --hash=sha256:04539b85ade060601a3023cacb538fc17aad8c059a5a2e18fe4bc5d0d91fbd72 \
+    --hash=sha256:7cfdee9117617da97daaf259dd8484bcdc259c59eb7d1ce7db9ecf8506b7d36c
     # via
     #   boto3
     #   s3transfer
@@ -396,72 +398,76 @@ click-repl==0.3.0 \
     --hash=sha256:17849c23dba3d667247dc4defe1757fff98694e90fe37474f3feebb69ced26a9 \
     --hash=sha256:fb7e06deb8da8de86180a33a9da97ac316751c094c6899382da7feeeeb51b812
     # via celery
-cmarkgfm==2024.11.20 \
-    --hash=sha256:0451df5f02cccc4e76a369e23457cba20e60a99f734ddb126bc3c772018d22dc \
-    --hash=sha256:0635abbf989281b161a9b22fb510165f60d19e57992d39e24f4fb856e498212e \
-    --hash=sha256:067bf44b49c23c589eb60ce772f2582259d9818e86a5936b0cd89fd203ff3f21 \
-    --hash=sha256:0a5e72657a92957fde6d502952113632d946328362585529b7662697421baebc \
-    --hash=sha256:106aa08dd7b9e55ca481422f705e6067db98cf725e40f7154ad6ba56468a601c \
-    --hash=sha256:13ac2f8f62b22228fa16ed0a027d0af924a86e67f4e047bc59406f8494e7643c \
-    --hash=sha256:169f3bdc8c54ac5d9994b8f47817cf383a8ff960a2a7aa7527fdb180ec2317ce \
-    --hash=sha256:175ed1f9b76310821140f97c201da4384814cb38875374b83efcd7987651a9e4 \
-    --hash=sha256:1792cfb4e2f76237753436000cf4433296c869ecabbd714b3c6c27f5b72c49f3 \
-    --hash=sha256:191ee4ad8073a8a2c2e9d723c7046e0d7f87cca8686ca96f1e7d6e2735a9ebf8 \
-    --hash=sha256:19c5ddef9349c0965931ecabed30d3611dbd88beddefa91565283bd54aa0041c \
-    --hash=sha256:1c3d66866247eb72bd494db638ab8247f8452fa871ed6e254e5adfc0e2c15cd0 \
-    --hash=sha256:1cf12f8354c5120198c9a5171e546034de7e24a413118921e244b46036321caf \
-    --hash=sha256:1e27c7cbc727109d5af94262f29754ac87ae73e15da1ecefda953a3101ad899f \
-    --hash=sha256:207d77cc794a1b30ed00e763ee664abc2fe647b0a141067c0962b775bdbc56ce \
-    --hash=sha256:211fad7b509cb1247b6d20a6ec14b0777793b922254b2e28357528001be09f0b \
-    --hash=sha256:22205f2aa5f7eba8770f8881143b760c5c93904d775f6a8dbe6e30123800d27f \
-    --hash=sha256:258429ff6608bf8d7d7ad774f651c70ebb11efb9f9f024f55a6ce26249437d52 \
-    --hash=sha256:2826e9518134ee7d548e1944462cfedf7e7cdf86ffda906d1251c221fae43baf \
-    --hash=sha256:3354d5497820e18eccf0552224cb2cba2cb27ab378ed99371523e2726027c04c \
-    --hash=sha256:35e280f76a73a71c7e4a494b267137741fcd837667bf77a5b30e68b30ab2d3b1 \
-    --hash=sha256:3ad48791fdb16372423a43e82774121a5dd85af0ab0532d2c19f56bf46e73f18 \
-    --hash=sha256:3d9dea0e0a0e9ad436ab11430333b6fa294de0daa00ff675ddac5757a7c628ec \
-    --hash=sha256:4bc2c0ca1ba3c113f6bd178cfa10e62c257c2ed04d3ef684e2ee8b05342f51bc \
-    --hash=sha256:4d9073952e578255e27a1f6cb359071813bad301ec4d4f4b8233a9a23e5fa7ab \
-    --hash=sha256:4f987178288a598ddfa8c6fc19dbcc6eb796b7a211266ff4bd1e8cae436fbfd3 \
-    --hash=sha256:5d23226dc67534c6adf5739b7a5150fbcc2c5b9e0d48f8a0bdcfc5636980e19b \
-    --hash=sha256:5dd01cf61975a8a57213cdef5ed870e936032f13fe93d60ddf659ffb9cf73c6a \
-    --hash=sha256:5fbb3e12d0dbb9f508ea2217e9eef03caea0ce7a7460a9692ecfd85a675727ed \
-    --hash=sha256:61c699e399c7878f5eeef11e51c67d06eb8c4d09d0beb7675b1d6b393c1c5fb9 \
-    --hash=sha256:6d9e8ae37fe7568bf259dcbcb07b95ee3bc3f744bec87162a1391e806c15d9ae \
-    --hash=sha256:7766026926ed06552ddda4f3584b67fa5890dad3aa3a124e35356b33e2874cfd \
-    --hash=sha256:78edaff25d16dc6257d21397f257f43a7fcc8375585c6d51f46896dabacf9b6a \
-    --hash=sha256:7f314c53959f5ad57828d30b101cfe2f25b3b2e26e83ef5d67027309754daaf8 \
-    --hash=sha256:810d1b5157cb17d32660d4032970eb4a140265e2cc09004b97d314e59300e5aa \
-    --hash=sha256:8434aa7e4f12fb5cccf0846f29db5cbdb77f8a41c79cef14f67d4903b288618a \
-    --hash=sha256:90b3449bcbf8ab763ca693453ae29e85cf3bbd60b5580ea79e2ae056102b8cdd \
-    --hash=sha256:9347e1f06924bcf207d0b25cb91e51be7eccfa9e91f03528db2a27bfea364365 \
-    --hash=sha256:9488d4b1049c111300678ff874fde0ddf0f8aaf7ce532d39f942a250e39b56a5 \
-    --hash=sha256:9a846edb229fbb405aa728863723d02ffefd967f43f036fe0c698a67e0069b6f \
-    --hash=sha256:9d74c8bba226751161b7f163fb3e71ee82453759e016df934927ab44aac532eb \
-    --hash=sha256:9feb163ddb3d17ee0fc763961af9560487c5d3b158a1b74b00480cccf3631df7 \
-    --hash=sha256:a01e9d2b6621fba9c833f384d998e6afe0ad858b9e3e22dc71e2aa6caad1e9f3 \
-    --hash=sha256:ab2543f2d1070d2dbae37b7098ad3507bedc37f5252883ea879f884dbb7b7610 \
-    --hash=sha256:b06c24c2ea5a33eb63b8beeae04869b45ffd015fbd609b4266f11c015f2a7a38 \
-    --hash=sha256:b1cbe16aa6c6831f5837829f272c68e6550566699f2d1305c9d3469dd4867851 \
-    --hash=sha256:b81b1585d6386829a6dd2d972554eb35e38184bd5fa672a18ddb796ab6a977de \
-    --hash=sha256:bc07268f5b42ac37b36a8091ddc7b6a7a88c436718d7ac88f5ea0785f2bdc1ec \
-    --hash=sha256:bd613fb86c9beb4da614701421931bd534d203006d78dd4537918ade96028e60 \
-    --hash=sha256:c0eb231d0fa3190ec807f577d60a5bea256fd17968c61c4379c4c1acfd6f61df \
-    --hash=sha256:c1371b5a58139e54fc04db84cafed3b80731e2f89de9dee699f5f24c7691857d \
-    --hash=sha256:c937e632ff969c7a53e5dd1390d9e12d86be627deb93e292e249a9289237301d \
-    --hash=sha256:ccec2ae525e4435601e75be9d184d4df153bf5b7fc2605a0e1ac256f5c600b5b \
-    --hash=sha256:d3eee488ee1bd0ce251d8d5cb853d68234035b2839600319694ca85e585791f0 \
-    --hash=sha256:d58e4a83bc813585f251e3151f55e09915c3c1728da87b47defa0e8c84c85a7c \
-    --hash=sha256:d71ac6281034e0f9babe1e4aa370e1249ce8f253ad85ff60daadea8ef5da4b00 \
-    --hash=sha256:dc2247e96d7f946b25a03a5ee030b2c32fb3ef06d4194dddb6374b8ec7c4489a \
-    --hash=sha256:dd414cffe2f57ce652cfb1510637760cc761194518b0a712ceceb929a1a512d4 \
-    --hash=sha256:e134ef56690a2ea9d24947d12fa6f96bdab4288d481af704e845c4fd3de845b8 \
-    --hash=sha256:e3ae9dfebf1a9f39bbd3ae7c6150133f603601138b753497ec2deb5ff96c2cb6 \
-    --hash=sha256:e4b79ba349fb18bf0e6e07b388658591e5aea0aca0d68eeac68c9a43ab1a511d \
-    --hash=sha256:eab503e922bd2959c7e6148c69478dd44894201358370876028dd24aea776e24 \
-    --hash=sha256:f37cb4aed1595620166ef35146fc062e60208324e2787f6b72d65e6c814525d6 \
-    --hash=sha256:fc74387e90d518156d493b52af63faab2d95710e5f582df8dd50952cbf601194 \
-    --hash=sha256:ffbb3847e4d71de84e23abd30ff23fb3ce81f9096eb7bdc6569499c8b7a098b8
+cmarkgfm==2024.1.14 \
+    --hash=sha256:02ba52518469ce85448e99beb20b1808c51f5a6cfee12554e5e810bfe774b791 \
+    --hash=sha256:07b83ae8de9a397629b4dbe4f190e8edc87b2b94548fbc644ed006a5cc94d959 \
+    --hash=sha256:0c66d0fecfdee9f2ffe34f640e346c653a951bddba79d192629c60958933aa51 \
+    --hash=sha256:0f7845837b0c4dbb3a1a7bbfffed264f011f86ea1cd0ce7823b533bcce0e1fe3 \
+    --hash=sha256:1444f396fc18115065c66bb6f8a523167fa3bd153423d6fea272c4b486b473cf \
+    --hash=sha256:17b61950e32b6f1d6f93a28beaa5870a2b30e44ce846529ff301c986b817f036 \
+    --hash=sha256:1f530595c5fbd92c248576ce43771bd07289c1d42623422d669e20ddb545d41b \
+    --hash=sha256:1f8205bed32be4226f8e344d4e4be001a57929059c3303107485dacc145df5a8 \
+    --hash=sha256:2196871b8f42dea9d85e1a3c1bcb5e05758946874441ec3f7226d80881284e32 \
+    --hash=sha256:26d39c10b816392a3b54a9a7ba7ce894c40fee2813ac71554c424d6762c28ee6 \
+    --hash=sha256:283de0cf88c784f71e8416cf40fffc133d6ffd9686dbf094c4b5c522e1283343 \
+    --hash=sha256:29b95d267ee1c61fd41d1f8634052a77b554517b18e8ffcdf0181e5e93a7af88 \
+    --hash=sha256:2bc2dc101dd6b27aaa264f4c3e8eb444b850b06c60dc4cd278ea743fb085c35b \
+    --hash=sha256:3340c8867ee9a3d2590eb020f22cdc4e101d3d4d9f4a8cc95964f45666ed58f0 \
+    --hash=sha256:3cdc34d749601ff74209580fb7c80b3cbf1112d2832af52c14387cb04831ff2b \
+    --hash=sha256:4310b7d5cc534c27454406963319a16c7f3f05ff75b7cd24a1091884c04248ad \
+    --hash=sha256:43db622d57e81dce30dcbea3a0198588080559473e5bafb68e10959dbf0a3d0f \
+    --hash=sha256:4808af8c8c2c0a39dca8cc27406416d8254aec635f409dc5beb5cb5ed3af564a \
+    --hash=sha256:491d72e0dcc21ff9f3c9a905f785d4268170964500db498dc5b0f2f390fb340b \
+    --hash=sha256:494daf9790dd1a5440bbe3f5c70e01afbeeb3b7565d373b05b3bfa311a0ac3e3 \
+    --hash=sha256:4ecb19b2fb24fe055bbaf0d38e8262642f27123b4339f1f10e7fabb726e57ee8 \
+    --hash=sha256:4ff20857ccded325e11323540d0506fc1bd9ceea9746f81f08fe3d7e52f0a6bc \
+    --hash=sha256:53ccf3d184080f8626264f49866df4ead90685f4d5a3d5d01ffba7f50fd15512 \
+    --hash=sha256:56d68fcf5e71879c327f0889b1127ce58e85e1ac44a624f24933430d726381f3 \
+    --hash=sha256:56ec68a68164bf2ac0fd448d7fcb90d360a42072a6abd62be3e0d222240b7304 \
+    --hash=sha256:57545dfbd9f26fd3b07909d1bac3dacba4cb493fe872da2f4237b4c3597d7a3a \
+    --hash=sha256:5a922846197ac9452cca8aaa9c4b5e56b215299d067e704df9c56c8d87463335 \
+    --hash=sha256:5aa2e85a1e0f3929015d5fe023bd3664d8c744d3f898bdd05df99ed905782376 \
+    --hash=sha256:6565d5659d80d119733a407af70e5de7c04e0822fabb91db83688e0e280cc174 \
+    --hash=sha256:6d14d928ad46974098979358ca456a056b8df91d5e6fa6e9294bd1173dfdfa10 \
+    --hash=sha256:70db301d140d1f0cabe58770aad8506a4bd7fa0e5b0fae78c8f9a80712d14857 \
+    --hash=sha256:7973812317ef672c5a1c59065294c4b280aaffb7fe1071b8c661de82021d4f1b \
+    --hash=sha256:7ccd6689108673be5bb19f3a3b02cf897fab9b04290a0548e4c6deec5a1fec9a \
+    --hash=sha256:7d3f497cbbaeb540a741a6516673045abcc11b41029bc3dbc95b3b5ea2cc2182 \
+    --hash=sha256:7de3d8bfc64168419a6d1edb223616ac6f54b67e20e4b6b70f3ae659fd3f3f31 \
+    --hash=sha256:7eff0e618704c49ab3f77680a0722aced6c99d2fe590b8f8d655fa29ed17270e \
+    --hash=sha256:82b62dbc7f546c43d99964914133b7e4d7ef7ce4f411cd0acc95b382853aa47f \
+    --hash=sha256:890a235fc0cf5c821ed4dd81a5405a526e9cc616761345aee54840a575b7f969 \
+    --hash=sha256:8b8fd26ff27b9895f48459b8e556b9d6c4d255ac3735b3b2f8b14b9787ff6b89 \
+    --hash=sha256:93364f7ec9de71285f0a27552f9cfa30aa4d311d37c820daa65dc27ab211a746 \
+    --hash=sha256:9659715d79cbc5c030d36709fe443a47b5c6dbb77bd05e5531feedbe5ad00ac5 \
+    --hash=sha256:966bd27336736b2950551348b1bfc71863ea26b76b245e9966ee80cc9cde04ee \
+    --hash=sha256:a208c1726e12ba385125cef2c6d375c41c5dea4cc2673a77af712b1dbf074e90 \
+    --hash=sha256:a3fe7e5357233649030f22dd816354e51c99f90857cff904a173bbd602733aca \
+    --hash=sha256:a4b20a59dc14a074bae0bd04306e504512c1883b0c9b6e0e0c5b217797571363 \
+    --hash=sha256:a8c929836caf96c4fb7fd5e7f9efe6fbb6aa57f9dfae543f74f10b55d5a92b56 \
+    --hash=sha256:a9bd82bac3673a0848fa09512ae61059943462ce824944faaeadc727068d9e19 \
+    --hash=sha256:b0b5a3be0b76f2802f8f16c40d33f74ff68c0bca8860bd4b5252395181077534 \
+    --hash=sha256:b676300ff04629c07c02687e5dc017fb7d1edf38a5dc1ab2ec28078a71195ce6 \
+    --hash=sha256:b79662ab458c910c9785abacb8315d6f46487659d44398bd894f577bb6b9d04e \
+    --hash=sha256:b8d68eb075d2eb48e864d9c031b0117900e25a3c1c7ab8ce4f80c25b6ae7f346 \
+    --hash=sha256:bba56ccec5b980c9da003ac7449c0cbe8045e4e046d4ce51273a47d3a9b84b1a \
+    --hash=sha256:bc6fb79ef6f93dd497fd2b85be032636bb955a762c42f52ed65fefe32525fc2b \
+    --hash=sha256:bcd059584161491a2848e55ec73c28f17d8e89faec9ad860afa05246a6ee695f \
+    --hash=sha256:bee28a3cc0abae18a46119ff1cde0db991f5ebe235d24c95bbaa672a63b5d695 \
+    --hash=sha256:c552ef80fe8c29d647c86ab49b8f66aa7626e7de9009e4005bd2120698667fa2 \
+    --hash=sha256:c71d6b44ffdd9a03e246a35c8a2b2454eb2a319fcfe5736ff62660259f9f4683 \
+    --hash=sha256:ca9e5388c88f907c9ef1cf588947ea00a1c60f3462fe1f213b591bbd27ceb8c1 \
+    --hash=sha256:ce0f76ea3d47d206913db8f7933076191be4d8871019095a4880885531586ab5 \
+    --hash=sha256:d399545833ff3f25f8f6d9b559be5878987f3e34cfc4fe79cefc1d33fd3da852 \
+    --hash=sha256:d55795968751e1a8ddd2172c1d03d0107b9dd20445dbcd23dc9e0a80d95a0c5b \
+    --hash=sha256:ded64f663955f852d8965b40ab47718461df6d42d12719264b09a23d33b8d38f \
+    --hash=sha256:e51707471196d199f03aff1c5e12860d12a44e7bf29302e7bb485074f8e62ff0 \
+    --hash=sha256:e601ed6c9a44c5f86b392afef2f66711da07924825a4ff695eec9a3cfc905732 \
+    --hash=sha256:eb595be70d86d1497826f80e3e04b46001b2b94bccc099619daea693923a88b3 \
+    --hash=sha256:ec6eb4929bd231d7e5c0cf1154581be0a13b8d2b7aee2c30410066f363c765b9 \
+    --hash=sha256:f223e606b57eebfc81e95839cf22cbe5eaec0da9ecd42326cc46568e0029188c \
+    --hash=sha256:fdecbdad66b7738c711db33471d510c6279a01196920c43294d8071e51192807 \
+    --hash=sha256:ff0bc7dbb86d1a6877b771ed715dbe0ab071872e8c6f5beb782528b70ac7eedc
     # via readme-renderer
 cryptography==43.0.3 \
     --hash=sha256:0c580952eef9bf68c4747774cde7ec1d85a6e61de97281f2dba83c7d2c806362 \
@@ -1392,7 +1398,6 @@ nh3==0.2.19 \
     --hash=sha256:3805161c4e12088bd74752ba69630e915bc30fe666034f47217a2f16b16efc37 \
     --hash=sha256:5d4f5e2189861b352b73acb803b5f4bb409c2f36275d22717e27d4e0c217ae55 \
     --hash=sha256:75c7cafb840f24430b009f7368945cb5ca88b2b54bb384ebfba495f16bc9c121 \
-    --hash=sha256:790056b54c068ff8dceb443eaefb696b84beff58cca6c07afd754d17692a4804 \
     --hash=sha256:7e98621856b0a911c21faa5eef8f8ea3e691526c2433f9afc2be713cb6fbdb48 \
     --hash=sha256:833b3b5f1783ce95834a13030300cea00cbdfd64ea29260d01af9c4821da0aa9 \
     --hash=sha256:a7b928862daddb29805a1010a0282f77f4b8b238a37b5f76bc6c0d16d930fd22 \
@@ -2329,72 +2334,77 @@ wired==0.4 \
     --hash=sha256:2c8007863e9bfbc119da58a6d7d615a5a747986c5ce698916e44e19d88e905ff \
     --hash=sha256:cc8d9705c0f70234a3dab41ab9e6fcd35351042699a13551e43390f281535771
     # via pyramid-services
-wrapt==1.17.0 \
-    --hash=sha256:0229b247b0fc7dee0d36176cbb79dbaf2a9eb7ecc50ec3121f40ef443155fb1d \
-    --hash=sha256:0698d3a86f68abc894d537887b9bbf84d29bcfbc759e23f4644be27acf6da301 \
-    --hash=sha256:0a0a1a1ec28b641f2a3a2c35cbe86c00051c04fffcfcc577ffcdd707df3f8635 \
-    --hash=sha256:0b48554952f0f387984da81ccfa73b62e52817a4386d070c75e4db7d43a28c4a \
-    --hash=sha256:0f2a28eb35cf99d5f5bd12f5dd44a0f41d206db226535b37b0c60e9da162c3ed \
-    --hash=sha256:140ea00c87fafc42739bd74a94a5a9003f8e72c27c47cd4f61d8e05e6dec8721 \
-    --hash=sha256:16187aa2317c731170a88ef35e8937ae0f533c402872c1ee5e6d079fcf320801 \
-    --hash=sha256:17fcf043d0b4724858f25b8826c36e08f9fb2e475410bece0ec44a22d533da9b \
-    --hash=sha256:18b956061b8db634120b58f668592a772e87e2e78bc1f6a906cfcaa0cc7991c1 \
-    --hash=sha256:2399408ac33ffd5b200480ee858baa58d77dd30e0dd0cab6a8a9547135f30a88 \
-    --hash=sha256:2a0c23b8319848426f305f9cb0c98a6e32ee68a36264f45948ccf8e7d2b941f8 \
-    --hash=sha256:2dfb7cff84e72e7bf975b06b4989477873dcf160b2fd89959c629535df53d4e0 \
-    --hash=sha256:2f495b6754358979379f84534f8dd7a43ff8cff2558dcdea4a148a6e713a758f \
-    --hash=sha256:33539c6f5b96cf0b1105a0ff4cf5db9332e773bb521cc804a90e58dc49b10578 \
-    --hash=sha256:3c34f6896a01b84bab196f7119770fd8466c8ae3dfa73c59c0bb281e7b588ce7 \
-    --hash=sha256:498fec8da10e3e62edd1e7368f4b24aa362ac0ad931e678332d1b209aec93045 \
-    --hash=sha256:4d63f4d446e10ad19ed01188d6c1e1bb134cde8c18b0aa2acfd973d41fcc5ada \
-    --hash=sha256:4e4b4385363de9052dac1a67bfb535c376f3d19c238b5f36bddc95efae15e12d \
-    --hash=sha256:4e547b447073fc0dbfcbff15154c1be8823d10dab4ad401bdb1575e3fdedff1b \
-    --hash=sha256:4f643df3d4419ea3f856c5c3f40fec1d65ea2e89ec812c83f7767c8730f9827a \
-    --hash=sha256:4f763a29ee6a20c529496a20a7bcb16a73de27f5da6a843249c7047daf135977 \
-    --hash=sha256:5ae271862b2142f4bc687bdbfcc942e2473a89999a54231aa1c2c676e28f29ea \
-    --hash=sha256:5d8fd17635b262448ab8f99230fe4dac991af1dabdbb92f7a70a6afac8a7e346 \
-    --hash=sha256:69c40d4655e078ede067a7095544bcec5a963566e17503e75a3a3e0fe2803b13 \
-    --hash=sha256:69d093792dc34a9c4c8a70e4973a3361c7a7578e9cd86961b2bbf38ca71e4e22 \
-    --hash=sha256:6a9653131bda68a1f029c52157fd81e11f07d485df55410401f745007bd6d339 \
-    --hash=sha256:6ff02a91c4fc9b6a94e1c9c20f62ea06a7e375f42fe57587f004d1078ac86ca9 \
-    --hash=sha256:714c12485aa52efbc0fc0ade1e9ab3a70343db82627f90f2ecbc898fdf0bb181 \
-    --hash=sha256:7264cbb4a18dc4acfd73b63e4bcfec9c9802614572025bdd44d0721983fc1d9c \
-    --hash=sha256:73a96fd11d2b2e77d623a7f26e004cc31f131a365add1ce1ce9a19e55a1eef90 \
-    --hash=sha256:74bf625b1b4caaa7bad51d9003f8b07a468a704e0644a700e936c357c17dd45a \
-    --hash=sha256:81b1289e99cf4bad07c23393ab447e5e96db0ab50974a280f7954b071d41b489 \
-    --hash=sha256:8425cfce27b8b20c9b89d77fb50e368d8306a90bf2b6eef2cdf5cd5083adf83f \
-    --hash=sha256:875d240fdbdbe9e11f9831901fb8719da0bd4e6131f83aa9f69b96d18fae7504 \
-    --hash=sha256:879591c2b5ab0a7184258274c42a126b74a2c3d5a329df16d69f9cee07bba6ea \
-    --hash=sha256:89fc28495896097622c3fc238915c79365dd0ede02f9a82ce436b13bd0ab7569 \
-    --hash=sha256:8a5e7cc39a45fc430af1aefc4d77ee6bad72c5bcdb1322cfde852c15192b8bd4 \
-    --hash=sha256:8f8909cdb9f1b237786c09a810e24ee5e15ef17019f7cecb207ce205b9b5fcce \
-    --hash=sha256:914f66f3b6fc7b915d46c1cc424bc2441841083de01b90f9e81109c9759e43ab \
-    --hash=sha256:92a3d214d5e53cb1db8b015f30d544bc9d3f7179a05feb8f16df713cecc2620a \
-    --hash=sha256:948a9bd0fb2c5120457b07e59c8d7210cbc8703243225dbd78f4dfc13c8d2d1f \
-    --hash=sha256:9c900108df470060174108012de06d45f514aa4ec21a191e7ab42988ff42a86c \
-    --hash=sha256:9f2939cd4a2a52ca32bc0b359015718472d7f6de870760342e7ba295be9ebaf9 \
-    --hash=sha256:a4192b45dff127c7d69b3bdfb4d3e47b64179a0b9900b6351859f3001397dabf \
-    --hash=sha256:a8fc931382e56627ec4acb01e09ce66e5c03c384ca52606111cee50d931a342d \
-    --hash=sha256:ad47b095f0bdc5585bced35bd088cbfe4177236c7df9984b3cc46b391cc60627 \
-    --hash=sha256:b1ca5f060e205f72bec57faae5bd817a1560fcfc4af03f414b08fa29106b7e2d \
-    --hash=sha256:ba1739fb38441a27a676f4de4123d3e858e494fac05868b7a281c0a383c098f4 \
-    --hash=sha256:baa7ef4e0886a6f482e00d1d5bcd37c201b383f1d314643dfb0367169f94f04c \
-    --hash=sha256:bb90765dd91aed05b53cd7a87bd7f5c188fcd95960914bae0d32c5e7f899719d \
-    --hash=sha256:bc7f729a72b16ee21795a943f85c6244971724819819a41ddbaeb691b2dd85ad \
-    --hash=sha256:bdf62d25234290db1837875d4dceb2151e4ea7f9fff2ed41c0fde23ed542eb5b \
-    --hash=sha256:c30970bdee1cad6a8da2044febd824ef6dc4cc0b19e39af3085c763fdec7de33 \
-    --hash=sha256:d2c63b93548eda58abf5188e505ffed0229bf675f7c3090f8e36ad55b8cbc371 \
-    --hash=sha256:d751300b94e35b6016d4b1e7d0e7bbc3b5e1751e2405ef908316c2a9024008a1 \
-    --hash=sha256:da427d311782324a376cacb47c1a4adc43f99fd9d996ffc1b3e8529c4074d393 \
-    --hash=sha256:daba396199399ccabafbfc509037ac635a6bc18510ad1add8fd16d4739cdd106 \
-    --hash=sha256:e185ec6060e301a7e5f8461c86fb3640a7beb1a0f0208ffde7a65ec4074931df \
-    --hash=sha256:e4a557d97f12813dc5e18dad9fa765ae44ddd56a672bb5de4825527c847d6379 \
-    --hash=sha256:e5ed16d95fd142e9c72b6c10b06514ad30e846a0d0917ab406186541fe68b451 \
-    --hash=sha256:e711fc1acc7468463bc084d1b68561e40d1eaa135d8c509a65dd534403d83d7b \
-    --hash=sha256:f28b29dc158ca5d6ac396c8e0a2ef45c4e97bb7e65522bfc04c989e6fe814575 \
-    --hash=sha256:f335579a1b485c834849e9075191c9898e0731af45705c2ebf70e0cd5d58beed \
-    --hash=sha256:fce6fee67c318fdfb7f285c29a82d84782ae2579c0e1b385b7f36c6e8074fffb \
-    --hash=sha256:fd136bb85f4568fffca995bd3c8d52080b1e5b225dbf1c2b17b66b4c5fa02838
+wrapt==1.16.0 \
+    --hash=sha256:0d2691979e93d06a95a26257adb7bfd0c93818e89b1406f5a28f36e0d8c1e1fc \
+    --hash=sha256:14d7dc606219cdd7405133c713f2c218d4252f2a469003f8c46bb92d5d095d81 \
+    --hash=sha256:1a5db485fe2de4403f13fafdc231b0dbae5eca4359232d2efc79025527375b09 \
+    --hash=sha256:1acd723ee2a8826f3d53910255643e33673e1d11db84ce5880675954183ec47e \
+    --hash=sha256:1ca9b6085e4f866bd584fb135a041bfc32cab916e69f714a7d1d397f8c4891ca \
+    --hash=sha256:1dd50a2696ff89f57bd8847647a1c363b687d3d796dc30d4dd4a9d1689a706f0 \
+    --hash=sha256:2076fad65c6736184e77d7d4729b63a6d1ae0b70da4868adeec40989858eb3fb \
+    --hash=sha256:2a88e6010048489cda82b1326889ec075a8c856c2e6a256072b28eaee3ccf487 \
+    --hash=sha256:3ebf019be5c09d400cf7b024aa52b1f3aeebeff51550d007e92c3c1c4afc2a40 \
+    --hash=sha256:418abb18146475c310d7a6dc71143d6f7adec5b004ac9ce08dc7a34e2babdc5c \
+    --hash=sha256:43aa59eadec7890d9958748db829df269f0368521ba6dc68cc172d5d03ed8060 \
+    --hash=sha256:44a2754372e32ab315734c6c73b24351d06e77ffff6ae27d2ecf14cf3d229202 \
+    --hash=sha256:490b0ee15c1a55be9c1bd8609b8cecd60e325f0575fc98f50058eae366e01f41 \
+    --hash=sha256:49aac49dc4782cb04f58986e81ea0b4768e4ff197b57324dcbd7699c5dfb40b9 \
+    --hash=sha256:5eb404d89131ec9b4f748fa5cfb5346802e5ee8836f57d516576e61f304f3b7b \
+    --hash=sha256:5f15814a33e42b04e3de432e573aa557f9f0f56458745c2074952f564c50e664 \
+    --hash=sha256:5f370f952971e7d17c7d1ead40e49f32345a7f7a5373571ef44d800d06b1899d \
+    --hash=sha256:66027d667efe95cc4fa945af59f92c5a02c6f5bb6012bff9e60542c74c75c362 \
+    --hash=sha256:66dfbaa7cfa3eb707bbfcd46dab2bc6207b005cbc9caa2199bcbc81d95071a00 \
+    --hash=sha256:685f568fa5e627e93f3b52fda002c7ed2fa1800b50ce51f6ed1d572d8ab3e7fc \
+    --hash=sha256:6906c4100a8fcbf2fa735f6059214bb13b97f75b1a61777fcf6432121ef12ef1 \
+    --hash=sha256:6a42cd0cfa8ffc1915aef79cb4284f6383d8a3e9dcca70c445dcfdd639d51267 \
+    --hash=sha256:6dcfcffe73710be01d90cae08c3e548d90932d37b39ef83969ae135d36ef3956 \
+    --hash=sha256:6f6eac2360f2d543cc875a0e5efd413b6cbd483cb3ad7ebf888884a6e0d2e966 \
+    --hash=sha256:72554a23c78a8e7aa02abbd699d129eead8b147a23c56e08d08dfc29cfdddca1 \
+    --hash=sha256:73870c364c11f03ed072dda68ff7aea6d2a3a5c3fe250d917a429c7432e15228 \
+    --hash=sha256:73aa7d98215d39b8455f103de64391cb79dfcad601701a3aa0dddacf74911d72 \
+    --hash=sha256:75ea7d0ee2a15733684badb16de6794894ed9c55aa5e9903260922f0482e687d \
+    --hash=sha256:7bd2d7ff69a2cac767fbf7a2b206add2e9a210e57947dd7ce03e25d03d2de292 \
+    --hash=sha256:807cc8543a477ab7422f1120a217054f958a66ef7314f76dd9e77d3f02cdccd0 \
+    --hash=sha256:8e9723528b9f787dc59168369e42ae1c3b0d3fadb2f1a71de14531d321ee05b0 \
+    --hash=sha256:9090c9e676d5236a6948330e83cb89969f433b1943a558968f659ead07cb3b36 \
+    --hash=sha256:9153ed35fc5e4fa3b2fe97bddaa7cbec0ed22412b85bcdaf54aeba92ea37428c \
+    --hash=sha256:9159485323798c8dc530a224bd3ffcf76659319ccc7bbd52e01e73bd0241a0c5 \
+    --hash=sha256:941988b89b4fd6b41c3f0bfb20e92bd23746579736b7343283297c4c8cbae68f \
+    --hash=sha256:94265b00870aa407bd0cbcfd536f17ecde43b94fb8d228560a1e9d3041462d73 \
+    --hash=sha256:98b5e1f498a8ca1858a1cdbffb023bfd954da4e3fa2c0cb5853d40014557248b \
+    --hash=sha256:9b201ae332c3637a42f02d1045e1d0cccfdc41f1f2f801dafbaa7e9b4797bfc2 \
+    --hash=sha256:a0ea261ce52b5952bf669684a251a66df239ec6d441ccb59ec7afa882265d593 \
+    --hash=sha256:a33a747400b94b6d6b8a165e4480264a64a78c8a4c734b62136062e9a248dd39 \
+    --hash=sha256:a452f9ca3e3267cd4d0fcf2edd0d035b1934ac2bd7e0e57ac91ad6b95c0c6389 \
+    --hash=sha256:a86373cf37cd7764f2201b76496aba58a52e76dedfaa698ef9e9688bfd9e41cf \
+    --hash=sha256:ac83a914ebaf589b69f7d0a1277602ff494e21f4c2f743313414378f8f50a4cf \
+    --hash=sha256:aefbc4cb0a54f91af643660a0a150ce2c090d3652cf4052a5397fb2de549cd89 \
+    --hash=sha256:b3646eefa23daeba62643a58aac816945cadc0afaf21800a1421eeba5f6cfb9c \
+    --hash=sha256:b47cfad9e9bbbed2339081f4e346c93ecd7ab504299403320bf85f7f85c7d46c \
+    --hash=sha256:b935ae30c6e7400022b50f8d359c03ed233d45b725cfdd299462f41ee5ffba6f \
+    --hash=sha256:bb2dee3874a500de01c93d5c71415fcaef1d858370d405824783e7a8ef5db440 \
+    --hash=sha256:bc57efac2da352a51cc4658878a68d2b1b67dbe9d33c36cb826ca449d80a8465 \
+    --hash=sha256:bf5703fdeb350e36885f2875d853ce13172ae281c56e509f4e6eca049bdfb136 \
+    --hash=sha256:c31f72b1b6624c9d863fc095da460802f43a7c6868c5dda140f51da24fd47d7b \
+    --hash=sha256:c5cd603b575ebceca7da5a3a251e69561bec509e0b46e4993e1cac402b7247b8 \
+    --hash=sha256:d2efee35b4b0a347e0d99d28e884dfd82797852d62fcd7ebdeee26f3ceb72cf3 \
+    --hash=sha256:d462f28826f4657968ae51d2181a074dfe03c200d6131690b7d65d55b0f360f8 \
+    --hash=sha256:d5e49454f19ef621089e204f862388d29e6e8d8b162efce05208913dde5b9ad6 \
+    --hash=sha256:da4813f751142436b075ed7aa012a8778aa43a99f7b36afe9b742d3ed8bdc95e \
+    --hash=sha256:db2e408d983b0e61e238cf579c09ef7020560441906ca990fe8412153e3b291f \
+    --hash=sha256:db98ad84a55eb09b3c32a96c576476777e87c520a34e2519d3e59c44710c002c \
+    --hash=sha256:dbed418ba5c3dce92619656802cc5355cb679e58d0d89b50f116e4a9d5a9603e \
+    --hash=sha256:dcdba5c86e368442528f7060039eda390cc4091bfd1dca41e8046af7c910dda8 \
+    --hash=sha256:decbfa2f618fa8ed81c95ee18a387ff973143c656ef800c9f24fb7e9c16054e2 \
+    --hash=sha256:e4fdb9275308292e880dcbeb12546df7f3e0f96c6b41197e0cf37d2826359020 \
+    --hash=sha256:eb1b046be06b0fce7249f1d025cd359b4b80fc1c3e24ad9eca33e0dcdb2e4a35 \
+    --hash=sha256:eb6e651000a19c96f452c85132811d25e9264d836951022d6e81df2fff38337d \
+    --hash=sha256:ed867c42c268f876097248e05b6117a65bcd1e63b779e916fe2e33cd6fd0d3c3 \
+    --hash=sha256:edfad1d29c73f9b863ebe7082ae9321374ccb10879eeabc84ba3b69f2579d537 \
+    --hash=sha256:f2058f813d4f2b5e3a9eb2eb3faf8f1d99b81c3e51aeda4b168406443e8ba809 \
+    --hash=sha256:f6b2d0c6703c988d334f297aa5df18c45e97b0af3679bb75059e0e0bd8b1069d \
+    --hash=sha256:f8212564d49c50eb4565e502814f694e240c55551a5f1bc841d4fcaabb0a9b8a \
+    --hash=sha256:ffa565331890b90056c01db69c0fe634a776f8019c143a5ae265f9c6bc4bd6d4
     # via deprecated
 wtforms[email]==3.2.1 \
     --hash=sha256:583bad77ba1dd7286463f21e11aa3043ca4869d03575921d1a1698d0715e0fd4 \