From 1aadfce4aba2e90fd5560cf9709b6da93ff4827a Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 16 Apr 2024 08:13:20 -0400
Subject: [PATCH 01/31] Build ubuntu 24.04 images (#563)

---
 .github/workflows/build-docker-images.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index de18e5e6..92c61aef 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -46,6 +46,7 @@ jobs:
 
           - {TAG_NAME: "cryptography-runner-ubuntu-focal", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=focal", RUNNER: "ubuntu-latest"}
           - {TAG_NAME: "cryptography-runner-ubuntu-jammy", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=jammy", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-ubuntu-noble", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=noble", RUNNER: "ubuntu-latest"}
           - {TAG_NAME: "cryptography-runner-ubuntu-rolling", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: "ubuntu-latest"}
 
           - {TAG_NAME: "cryptography-manylinux2014:x86_64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux2014_x86_64", RUNNER: "ubuntu-latest"}

From 73c4c54e46d622ade516d0a9c69ca82e4c098f87 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Apr 2024 06:18:56 -0400
Subject: [PATCH 02/31] Bump oracle/oci from 5.36.0 to 5.38.0 in /terraform
 (#564)

Bumps [oracle/oci](https://github.com/oracle/terraform-provider-oci) from 5.36.0 to 5.38.0.
- [Release notes](https://github.com/oracle/terraform-provider-oci/releases)
- [Changelog](https://github.com/oracle/terraform-provider-oci/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oracle/terraform-provider-oci/compare/v5.36.0...v5.38.0)

---
updated-dependencies:
- dependency-name: oracle/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 terraform/.terraform.lock.hcl | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 262fead6..02ebbece 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -58,24 +58,24 @@ provider "registry.terraform.io/hashicorp/local" {
 }
 
 provider "registry.terraform.io/oracle/oci" {
-  version     = "5.36.0"
+  version     = "5.38.0"
   constraints = ">= 4.67.3"
   hashes = [
-    "h1:UAh0wGPAa8p/A8YQ/UUcFpkwdtj7AGE/WZyqQfQqwig=",
-    "zh:1fe8a3fc210bae48658c703dd8aa458f794aab983dca1d591f9158e12e2dd5a2",
-    "zh:2d2bc52560cd87403f4ab287c0cc1577e3735028d1028a54830113b8537c36f4",
-    "zh:4783b0db1ad0882abf4637e30db3cfbd69a23d72355fe1fe5c580606b9c67ea5",
-    "zh:48e07c4a8c085b68f5cdaaeef218578dc3e4ede068542e0aef16a5eaa6a37cd5",
-    "zh:61a4cb9a0d7f0e02abe5049cc0a47167371b1391a0b94e5f21a99b80cd0a9bcc",
-    "zh:6a2206590a8aad7b091a496f80aee84e1da682ead2f3e98e79f895d0dc75e328",
-    "zh:83bb26f43377ec0bc12d74046e857d40696567defb43927e30a108c81126d4a9",
-    "zh:914d03e361a49fd296bafa7e10b0c228a5fb5e4f374078670f656166e8026700",
-    "zh:9749c9638c520e341726f981884d70f81025e368cb150a9b7cde7dc3f1f9c22b",
+    "h1:mCLWiQE5RMBxzJdL0pqInNQdWNjrcqlvz/DpU/3aVGk=",
+    "zh:00dd0573d645f32cc717224f42369d881b9269dcce5766e95be201506feaaea4",
+    "zh:116bc1382b7bd2fa090000a0d0fd85bde237ddad890c87bb1cc2c84ad331f416",
+    "zh:210af295912b4bed5be939158d1920f2f34a41172c73ab243a96f435ed480080",
+    "zh:54336cebaf6238e24d6be5586a97d5ffcfe0d66588360a6a5013d2599c37fd96",
+    "zh:58c29bfe6eaece615f62da3859da5611eef4cd2ea51aa07007977dedaae8aad7",
+    "zh:5a2c8557b311658665d3988d81fdb88366575769cd96495070866f630cd65660",
+    "zh:8246c63f1bf073499f121177c0d44ea2dcffaf9cc2467d7f160e40107b8af3a3",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:9ceb0432160c11143e2556170f11c093ebbb088c2161a99eea105f6cb0c7e26a",
-    "zh:b7289a754153995187c887012f35c010bb8b23aed14bd5806c43ecc51602e266",
-    "zh:c5e81ed93f94361d8edc528250353f51e842e16ea1731d98919349b7bb30bd27",
-    "zh:e38b7a6d0b10fd01d6234c7e2c3f7595df791ea96c1f57ee24294f8758ee8fa6",
-    "zh:e3b6dbf42223d9f87f12345f74996932c56ae941fa4186ae7f7a1f3695284b4f",
+    "zh:a07d53210bb87d6b7cf49c2861a27f436b612775252fb5d3a22c13e1318f88d4",
+    "zh:b6ed7bf9532de71969958daa8593242fd7e1cf4f3106b3797b6d061e6bcbb760",
+    "zh:ba2ad25ace5c1cff02999bc96fe18e9ace6c39314c6f36667a3a6716f3e4efa7",
+    "zh:bbb1627515e645f66bf9c15747d4fe9e4f3261b892182a9777fce1f6da839739",
+    "zh:c6aeff0838c16dce380981c461a4a6c51d3537920adb46c230179f240249abd4",
+    "zh:d8879877f47e843a30a22341b6eed20978909764f54f611a664088b16830a9cf",
+    "zh:e8d78ef9c785984a5902eae2668796e4c9fb8eda45e0a9efdc7b3ce6cbe9bfe2",
   ]
 }

From 65da2a88d2cc1a8c6d3fbe166f3dccaa2cb632dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Apr 2024 07:48:05 -0400
Subject: [PATCH 03/31] Bump actions/download-artifact from 4.1.4 to 4.1.5
 (#565)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-macos-openssl.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index 429caabb..f50ff1e6 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -71,11 +71,11 @@ jobs:
     name: "Build OpenSSL for macOS universal2"
     needs: [ build ]
     steps:
-      - uses: actions/download-artifact@v4.1.4
+      - uses: actions/download-artifact@v4.1.5
         with:
           name: openssl-macos-x86-64
           path: x86-64
-      - uses: actions/download-artifact@v4.1.4
+      - uses: actions/download-artifact@v4.1.5
         with:
           name: openssl-macos-arm64
           path: arm64

From 3877a5a2f9fa1b990a76bedc24c0059315121843 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Apr 2024 07:48:31 -0400
Subject: [PATCH 04/31] Bump actions/upload-artifact from 4.3.1 to 4.3.2 (#566)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-macos-openssl.yml   | 4 ++--
 .github/workflows/build-windows-openssl.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index f50ff1e6..57710baf 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -61,7 +61,7 @@ jobs:
         env:
           CFLAGS: ${{ matrix.ARCH.CFLAGS }}
 
-      - uses: actions/upload-artifact@v4.3.1
+      - uses: actions/upload-artifact@v4.3.2
         with:
           name: "openssl-macos-${{ matrix.ARCH.ARTIFACT_NAME }}"
           path: artifact/
@@ -88,7 +88,7 @@ jobs:
           cp -r ../x86-64/lib/pkgconfig lib/
           lipo -create -output lib/libssl.a ../x86-64/lib/libssl.a ../arm64/lib/libssl.a
           lipo -create -output lib/libcrypto.a ../x86-64/lib/libcrypto.a ../arm64/lib/libcrypto.a
-      - uses: actions/upload-artifact@v4.3.1
+      - uses: actions/upload-artifact@v4.3.2
         with:
           name: "openssl-macos-universal2"
           path: artifact/
diff --git a/.github/workflows/build-windows-openssl.yml b/.github/workflows/build-windows-openssl.yml
index e1552897..d671a41d 100644
--- a/.github/workflows/build-windows-openssl.yml
+++ b/.github/workflows/build-windows-openssl.yml
@@ -46,7 +46,7 @@ jobs:
         shell: cmd
       - run: windows\openssl\build_openssl.bat ${{ matrix.ARCH }}
         shell: cmd
-      - uses: actions/upload-artifact@v4.3.1
+      - uses: actions/upload-artifact@v4.3.2
         with:
           name: "openssl-${{ matrix.ARCH }}"
           path: build\

From 22aef326ff2019fbf5179ee659ee8924f5352854 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Apr 2024 08:40:05 -0400
Subject: [PATCH 05/31] Bump actions/checkout from 4.1.2 to 4.1.3 (#567)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.2...v4.1.3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-docker-images.yml   | 2 +-
 .github/workflows/build-macos-openssl.yml   | 2 +-
 .github/workflows/build-windows-openssl.yml | 2 +-
 .github/workflows/terraform.yml             | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index 92c61aef..b372901a 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -63,7 +63,7 @@ jobs:
 
     name: "${{ matrix.IMAGE.TAG_NAME }}"
     steps:
-      - uses: actions/checkout@v4.1.2
+      - uses: actions/checkout@v4.1.3
       # Pull the previous image, but if it fails return true anyway.
       # Sometimes we add new docker images and if they've never been pushed
       # they can't be pulled.
diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index 57710baf..600a53fe 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -32,7 +32,7 @@ jobs:
             OPENSSLDIR: "/opt/homebrew/etc/openssl@3"
     name: "Build OpenSSL for macOS (${{ matrix.ARCH.NAME }})"
     steps:
-      - uses: actions/checkout@v4.1.2
+      - uses: actions/checkout@v4.1.3
       - name: Download OpenSSL
         run: |
           source ./cryptography-linux/openssl-version.sh
diff --git a/.github/workflows/build-windows-openssl.yml b/.github/workflows/build-windows-openssl.yml
index d671a41d..36dd16eb 100644
--- a/.github/workflows/build-windows-openssl.yml
+++ b/.github/workflows/build-windows-openssl.yml
@@ -26,7 +26,7 @@ jobs:
         ARCH: ["win32", "win64"]
     name: "Build OpenSSL for ${{ matrix.ARCH }} on MSVC 2022"
     steps:
-      - uses: actions/checkout@v4.1.2
+      - uses: actions/checkout@v4.1.3
       - run: choco install -y nasm winrar
       - name: Export OpenSSL version
         run: |
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 2dd42eea..cd1e7630 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -17,7 +17,7 @@ jobs:
   terraform:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.2
+      - uses: actions/checkout@v4.1.3
       - run: terraform -chdir=terraform/ fmt -check
       - run: terraform -chdir=terraform/ init -backend=false
       # Need to have a values.yaml for validate to pass.

From 7be03e67555180fd4ec699251f56e3402f52d91d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Apr 2024 06:37:49 -0700
Subject: [PATCH 06/31] Bump actions/upload-artifact from 4.3.2 to 4.3.3 (#568)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-macos-openssl.yml   | 4 ++--
 .github/workflows/build-windows-openssl.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index 600a53fe..b156252e 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -61,7 +61,7 @@ jobs:
         env:
           CFLAGS: ${{ matrix.ARCH.CFLAGS }}
 
-      - uses: actions/upload-artifact@v4.3.2
+      - uses: actions/upload-artifact@v4.3.3
         with:
           name: "openssl-macos-${{ matrix.ARCH.ARTIFACT_NAME }}"
           path: artifact/
@@ -88,7 +88,7 @@ jobs:
           cp -r ../x86-64/lib/pkgconfig lib/
           lipo -create -output lib/libssl.a ../x86-64/lib/libssl.a ../arm64/lib/libssl.a
           lipo -create -output lib/libcrypto.a ../x86-64/lib/libcrypto.a ../arm64/lib/libcrypto.a
-      - uses: actions/upload-artifact@v4.3.2
+      - uses: actions/upload-artifact@v4.3.3
         with:
           name: "openssl-macos-universal2"
           path: artifact/
diff --git a/.github/workflows/build-windows-openssl.yml b/.github/workflows/build-windows-openssl.yml
index 36dd16eb..74e6be52 100644
--- a/.github/workflows/build-windows-openssl.yml
+++ b/.github/workflows/build-windows-openssl.yml
@@ -46,7 +46,7 @@ jobs:
         shell: cmd
       - run: windows\openssl\build_openssl.bat ${{ matrix.ARCH }}
         shell: cmd
-      - uses: actions/upload-artifact@v4.3.2
+      - uses: actions/upload-artifact@v4.3.3
         with:
           name: "openssl-${{ matrix.ARCH }}"
           path: build\

From 09338e1b9230165ea2d6a8daf119a466ad1b1459 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Apr 2024 06:38:06 -0700
Subject: [PATCH 07/31] Bump actions/download-artifact from 4.1.5 to 4.1.6
 (#569)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-macos-openssl.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index b156252e..5e8c931d 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -71,11 +71,11 @@ jobs:
     name: "Build OpenSSL for macOS universal2"
     needs: [ build ]
     steps:
-      - uses: actions/download-artifact@v4.1.5
+      - uses: actions/download-artifact@v4.1.6
         with:
           name: openssl-macos-x86-64
           path: x86-64
-      - uses: actions/download-artifact@v4.1.5
+      - uses: actions/download-artifact@v4.1.6
         with:
           name: openssl-macos-arm64
           path: arm64

From 44acaed1c7b46809988cf6ef81cbbaacb15ba4cf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Apr 2024 09:09:26 -0400
Subject: [PATCH 08/31] Bump oracle/oci from 5.38.0 to 5.39.0 in /terraform
 (#570)

Bumps [oracle/oci](https://github.com/oracle/terraform-provider-oci) from 5.38.0 to 5.39.0.
- [Release notes](https://github.com/oracle/terraform-provider-oci/releases)
- [Changelog](https://github.com/oracle/terraform-provider-oci/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oracle/terraform-provider-oci/compare/v5.38.0...v5.39.0)

---
updated-dependencies:
- dependency-name: oracle/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 terraform/.terraform.lock.hcl | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 02ebbece..0ca8731f 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -58,24 +58,24 @@ provider "registry.terraform.io/hashicorp/local" {
 }
 
 provider "registry.terraform.io/oracle/oci" {
-  version     = "5.38.0"
+  version     = "5.39.0"
   constraints = ">= 4.67.3"
   hashes = [
-    "h1:mCLWiQE5RMBxzJdL0pqInNQdWNjrcqlvz/DpU/3aVGk=",
-    "zh:00dd0573d645f32cc717224f42369d881b9269dcce5766e95be201506feaaea4",
-    "zh:116bc1382b7bd2fa090000a0d0fd85bde237ddad890c87bb1cc2c84ad331f416",
-    "zh:210af295912b4bed5be939158d1920f2f34a41172c73ab243a96f435ed480080",
-    "zh:54336cebaf6238e24d6be5586a97d5ffcfe0d66588360a6a5013d2599c37fd96",
-    "zh:58c29bfe6eaece615f62da3859da5611eef4cd2ea51aa07007977dedaae8aad7",
-    "zh:5a2c8557b311658665d3988d81fdb88366575769cd96495070866f630cd65660",
-    "zh:8246c63f1bf073499f121177c0d44ea2dcffaf9cc2467d7f160e40107b8af3a3",
+    "h1:Fz75vMgyrbbX15nCCKBsHaBk6WQSFmj+AGt2feO3i30=",
+    "zh:16ecadd604105acbbf0c672312cd8bcd767d1d70f4c22d42c87a8b47cb091af7",
+    "zh:25aa3b4c7393b871964a3191c9b29ad8903c8b14c3992b201112fbd088c3f62a",
+    "zh:2da84f62599e2ba05cc0c68ba57f70b86c35b5de2486ad687885473921f5cc73",
+    "zh:33c436714d21402a5284082b264b1f1f97be171b038a1dcc9d502e670b1252a7",
+    "zh:63ced8cd3826e7b9e72ee3181ec0839a4df766910866e5c4a9dfa3116ffb4581",
+    "zh:7b069a26ed5996cb352115b024efd4b000206226285449766eb2135f81c7b630",
+    "zh:8cb0fbb334dab8d4192458dbcfb65c413c987caea1ab26025da88e805657d383",
+    "zh:941bc8354db5fc99c5029a6c5ac9c0e1f77a97b8e066fff96b3d10a3ee08a5a4",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:a07d53210bb87d6b7cf49c2861a27f436b612775252fb5d3a22c13e1318f88d4",
-    "zh:b6ed7bf9532de71969958daa8593242fd7e1cf4f3106b3797b6d061e6bcbb760",
-    "zh:ba2ad25ace5c1cff02999bc96fe18e9ace6c39314c6f36667a3a6716f3e4efa7",
-    "zh:bbb1627515e645f66bf9c15747d4fe9e4f3261b892182a9777fce1f6da839739",
-    "zh:c6aeff0838c16dce380981c461a4a6c51d3537920adb46c230179f240249abd4",
-    "zh:d8879877f47e843a30a22341b6eed20978909764f54f611a664088b16830a9cf",
-    "zh:e8d78ef9c785984a5902eae2668796e4c9fb8eda45e0a9efdc7b3ce6cbe9bfe2",
+    "zh:b290e335dd764a215e6b76ab90043f946c9c031c99f0642f6887b0c21d594410",
+    "zh:c5ae643fe1a0ecc437c211878ee6c70470ba1ea4cc4d81f0c711fd6163de2ad6",
+    "zh:dea1baf7d1e452c385ed428bb9409620486160b263a61f0579421ebea4a49059",
+    "zh:e7ee0a50d6f94e248a2b6b513461690f0cd7d1df87d6894e849a89f3cb13caf3",
+    "zh:f99c0ce0433f95a57a53f9f4c4e15a07616fcfb7a00d3daf4fc5588c9b4c8d71",
+    "zh:fae86a1450561e463beeb0edfdc5b0dbfe82e4ed0a6fe246d4b94ef538ebce85",
   ]
 }

From 32825d998b2924686d8ab64778ed4c2421435172 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Apr 2024 07:07:56 -0400
Subject: [PATCH 09/31] Bump actions/checkout from 4.1.3 to 4.1.4 (#571)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.3...v4.1.4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-docker-images.yml   | 2 +-
 .github/workflows/build-macos-openssl.yml   | 2 +-
 .github/workflows/build-windows-openssl.yml | 2 +-
 .github/workflows/terraform.yml             | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index b372901a..4510ec50 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -63,7 +63,7 @@ jobs:
 
     name: "${{ matrix.IMAGE.TAG_NAME }}"
     steps:
-      - uses: actions/checkout@v4.1.3
+      - uses: actions/checkout@v4.1.4
       # Pull the previous image, but if it fails return true anyway.
       # Sometimes we add new docker images and if they've never been pushed
       # they can't be pulled.
diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index 5e8c931d..262be577 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -32,7 +32,7 @@ jobs:
             OPENSSLDIR: "/opt/homebrew/etc/openssl@3"
     name: "Build OpenSSL for macOS (${{ matrix.ARCH.NAME }})"
     steps:
-      - uses: actions/checkout@v4.1.3
+      - uses: actions/checkout@v4.1.4
       - name: Download OpenSSL
         run: |
           source ./cryptography-linux/openssl-version.sh
diff --git a/.github/workflows/build-windows-openssl.yml b/.github/workflows/build-windows-openssl.yml
index 74e6be52..6598b2c2 100644
--- a/.github/workflows/build-windows-openssl.yml
+++ b/.github/workflows/build-windows-openssl.yml
@@ -26,7 +26,7 @@ jobs:
         ARCH: ["win32", "win64"]
     name: "Build OpenSSL for ${{ matrix.ARCH }} on MSVC 2022"
     steps:
-      - uses: actions/checkout@v4.1.3
+      - uses: actions/checkout@v4.1.4
       - run: choco install -y nasm winrar
       - name: Export OpenSSL version
         run: |
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index cd1e7630..4c2a399d 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -17,7 +17,7 @@ jobs:
   terraform:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.3
+      - uses: actions/checkout@v4.1.4
       - run: terraform -chdir=terraform/ fmt -check
       - run: terraform -chdir=terraform/ init -backend=false
       # Need to have a values.yaml for validate to pass.

From a8c8b03c373c7d6deab48dec2ec9b2faff5d313f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Apr 2024 07:08:38 -0400
Subject: [PATCH 10/31] Bump actions/download-artifact from 4.1.6 to 4.1.7
 (#572)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-macos-openssl.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index 262be577..335ae89d 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -71,11 +71,11 @@ jobs:
     name: "Build OpenSSL for macOS universal2"
     needs: [ build ]
     steps:
-      - uses: actions/download-artifact@v4.1.6
+      - uses: actions/download-artifact@v4.1.7
         with:
           name: openssl-macos-x86-64
           path: x86-64
-      - uses: actions/download-artifact@v4.1.6
+      - uses: actions/download-artifact@v4.1.7
         with:
           name: openssl-macos-arm64
           path: arm64

From c984bc8e3175e1fe398a0c5b097569ea0039361e Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Thu, 25 Apr 2024 23:02:47 -0400
Subject: [PATCH 11/31] Use rolling for the arm64 image (#573)

This is better than us needing to manually bump
---
 .github/workflows/build-docker-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index 4510ec50..1da61a19 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -58,7 +58,7 @@ jobs:
           - {TAG_NAME: "cryptography-manylinux_2_28:aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux_2_28_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
           - {TAG_NAME: "cryptography-musllinux_1_1:aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_1_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
           - {TAG_NAME: "cryptography-musllinux_1_2:aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_2_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-runner-ubuntu-jammy:aarch64", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=jammy", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-runner-ubuntu-rolling:aarch64", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: [self-hosted, Linux, ARM64]}
           - {TAG_NAME: "cryptography-runner-alpine:aarch64", DOCKERFILE_PATH: "runners/alpine", RUNNER: [self-hosted, Linux, ARM64]}
 
     name: "${{ matrix.IMAGE.TAG_NAME }}"

From edbf6c113724b3012971327a288126cc29208bc5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 May 2024 07:02:54 -0400
Subject: [PATCH 12/31] Bump oracle/oci from 5.39.0 to 5.40.0 in /terraform
 (#574)

Bumps [oracle/oci](https://github.com/oracle/terraform-provider-oci) from 5.39.0 to 5.40.0.
- [Release notes](https://github.com/oracle/terraform-provider-oci/releases)
- [Changelog](https://github.com/oracle/terraform-provider-oci/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oracle/terraform-provider-oci/compare/v5.39.0...v5.40.0)

---
updated-dependencies:
- dependency-name: oracle/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 terraform/.terraform.lock.hcl | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 0ca8731f..c3af3983 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -58,24 +58,24 @@ provider "registry.terraform.io/hashicorp/local" {
 }
 
 provider "registry.terraform.io/oracle/oci" {
-  version     = "5.39.0"
+  version     = "5.40.0"
   constraints = ">= 4.67.3"
   hashes = [
-    "h1:Fz75vMgyrbbX15nCCKBsHaBk6WQSFmj+AGt2feO3i30=",
-    "zh:16ecadd604105acbbf0c672312cd8bcd767d1d70f4c22d42c87a8b47cb091af7",
-    "zh:25aa3b4c7393b871964a3191c9b29ad8903c8b14c3992b201112fbd088c3f62a",
-    "zh:2da84f62599e2ba05cc0c68ba57f70b86c35b5de2486ad687885473921f5cc73",
-    "zh:33c436714d21402a5284082b264b1f1f97be171b038a1dcc9d502e670b1252a7",
-    "zh:63ced8cd3826e7b9e72ee3181ec0839a4df766910866e5c4a9dfa3116ffb4581",
-    "zh:7b069a26ed5996cb352115b024efd4b000206226285449766eb2135f81c7b630",
-    "zh:8cb0fbb334dab8d4192458dbcfb65c413c987caea1ab26025da88e805657d383",
-    "zh:941bc8354db5fc99c5029a6c5ac9c0e1f77a97b8e066fff96b3d10a3ee08a5a4",
+    "h1:TMrTQQybVLvy7iTjHrKdV5/32s4El34IO3Xz9uU4QHQ=",
+    "zh:2b36a2d23eb1a350ff4c10920421a232908dabf0a4907467b22006787732ee47",
+    "zh:3059ca66c51f1d6c1f89ccb6e8347a498a57a3a97f3508f2e9d8426676ea396a",
+    "zh:30b257d8e2110bb8eee045a82c1d44cb90a89b08452c16f17395ec48477e7b22",
+    "zh:34835c569e3302fbfc7c4ebe24a64d84804d3a95d8405d4d7ee42dce236b7e72",
+    "zh:886e24a887badd5bf556fb0cc085d8547af1f32807e58811376da649d5a4c019",
+    "zh:91f3420337e143bde1ee8c58a37770caa5dbe55d970864807d67a86dc28ed58c",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:b290e335dd764a215e6b76ab90043f946c9c031c99f0642f6887b0c21d594410",
-    "zh:c5ae643fe1a0ecc437c211878ee6c70470ba1ea4cc4d81f0c711fd6163de2ad6",
-    "zh:dea1baf7d1e452c385ed428bb9409620486160b263a61f0579421ebea4a49059",
-    "zh:e7ee0a50d6f94e248a2b6b513461690f0cd7d1df87d6894e849a89f3cb13caf3",
-    "zh:f99c0ce0433f95a57a53f9f4c4e15a07616fcfb7a00d3daf4fc5588c9b4c8d71",
-    "zh:fae86a1450561e463beeb0edfdc5b0dbfe82e4ed0a6fe246d4b94ef538ebce85",
+    "zh:c5e44004f76534d428d5d9d66fcb7cffbf3fb4af44e00fc2f4b6be462acc1fee",
+    "zh:c921e4e3e3a170c33ed481c9300386e98b7c5ef57fc4b4f9df482396edbd33f4",
+    "zh:d03527e17c1d0f6770b8eaeeb2efe7600e7f01f2e9223764fdbd0d5bd0a2f16e",
+    "zh:dd0bd0a026e089969c422e6f9bc53885d7777a9820ce68fc72af1eaf697d32ac",
+    "zh:ddf5309d5553c90452ae63015bad12516bb295bf8ac2776efb1c3429ab3063ed",
+    "zh:e3a9f00a982ba8451f9c519c381a9480aa1b2e245faa4b8346af3df27225fb40",
+    "zh:ee967f5904dee3eeecc69c0bc57151c3833cbc0ff079237845776bf18624aaa8",
+    "zh:f2d189eb060588c023bbf4223abf929015b1cd7c6f4601c9765de6169ab2d07e",
   ]
 }

From 326f4d92552a49bc63ef776000cafdacc5d10205 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 May 2024 06:43:45 -0400
Subject: [PATCH 13/31] Bump actions/checkout from 4.1.4 to 4.1.5 (#575)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.4...v4.1.5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-docker-images.yml   | 2 +-
 .github/workflows/build-macos-openssl.yml   | 2 +-
 .github/workflows/build-windows-openssl.yml | 2 +-
 .github/workflows/terraform.yml             | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index 1da61a19..adb113f2 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -63,7 +63,7 @@ jobs:
 
     name: "${{ matrix.IMAGE.TAG_NAME }}"
     steps:
-      - uses: actions/checkout@v4.1.4
+      - uses: actions/checkout@v4.1.5
       # Pull the previous image, but if it fails return true anyway.
       # Sometimes we add new docker images and if they've never been pushed
       # they can't be pulled.
diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index 335ae89d..a449dc39 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -32,7 +32,7 @@ jobs:
             OPENSSLDIR: "/opt/homebrew/etc/openssl@3"
     name: "Build OpenSSL for macOS (${{ matrix.ARCH.NAME }})"
     steps:
-      - uses: actions/checkout@v4.1.4
+      - uses: actions/checkout@v4.1.5
       - name: Download OpenSSL
         run: |
           source ./cryptography-linux/openssl-version.sh
diff --git a/.github/workflows/build-windows-openssl.yml b/.github/workflows/build-windows-openssl.yml
index 6598b2c2..5371793d 100644
--- a/.github/workflows/build-windows-openssl.yml
+++ b/.github/workflows/build-windows-openssl.yml
@@ -26,7 +26,7 @@ jobs:
         ARCH: ["win32", "win64"]
     name: "Build OpenSSL for ${{ matrix.ARCH }} on MSVC 2022"
     steps:
-      - uses: actions/checkout@v4.1.4
+      - uses: actions/checkout@v4.1.5
       - run: choco install -y nasm winrar
       - name: Export OpenSSL version
         run: |
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 4c2a399d..6b4036fb 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -17,7 +17,7 @@ jobs:
   terraform:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.4
+      - uses: actions/checkout@v4.1.5
       - run: terraform -chdir=terraform/ fmt -check
       - run: terraform -chdir=terraform/ init -backend=false
       # Need to have a values.yaml for validate to pass.

From 3e095345ea82bfc8b0df0b04d7f3ffa539c40ac3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 May 2024 07:06:18 -0400
Subject: [PATCH 14/31] Bump oracle/oci from 5.40.0 to 5.41.0 in /terraform
 (#576)

Bumps [oracle/oci](https://github.com/oracle/terraform-provider-oci) from 5.40.0 to 5.41.0.
- [Release notes](https://github.com/oracle/terraform-provider-oci/releases)
- [Changelog](https://github.com/oracle/terraform-provider-oci/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oracle/terraform-provider-oci/compare/v5.40.0...v5.41.0)

---
updated-dependencies:
- dependency-name: oracle/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 terraform/.terraform.lock.hcl | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index c3af3983..35d679bf 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -58,24 +58,24 @@ provider "registry.terraform.io/hashicorp/local" {
 }
 
 provider "registry.terraform.io/oracle/oci" {
-  version     = "5.40.0"
+  version     = "5.41.0"
   constraints = ">= 4.67.3"
   hashes = [
-    "h1:TMrTQQybVLvy7iTjHrKdV5/32s4El34IO3Xz9uU4QHQ=",
-    "zh:2b36a2d23eb1a350ff4c10920421a232908dabf0a4907467b22006787732ee47",
-    "zh:3059ca66c51f1d6c1f89ccb6e8347a498a57a3a97f3508f2e9d8426676ea396a",
-    "zh:30b257d8e2110bb8eee045a82c1d44cb90a89b08452c16f17395ec48477e7b22",
-    "zh:34835c569e3302fbfc7c4ebe24a64d84804d3a95d8405d4d7ee42dce236b7e72",
-    "zh:886e24a887badd5bf556fb0cc085d8547af1f32807e58811376da649d5a4c019",
-    "zh:91f3420337e143bde1ee8c58a37770caa5dbe55d970864807d67a86dc28ed58c",
+    "h1:ql31lMkVjOTLXos9lwujT4JOzv5hF81o60n9+Atalag=",
+    "zh:148112ce71e5888d7a66641902d5ecf4640d577d01c3c7914fbcaeae6f7a9a11",
+    "zh:26d22964dcca450b0534850346e7f2b587311869b9d6aa6a9b647cca61297e97",
+    "zh:340ceeb483119db290b80b7eef6c4fbddac754679eb1c4584cc87777ab0aab68",
+    "zh:497d94ee4895f1b1cf7b8baec3023c7c130b52dd117296be30fb148ba5a79f94",
+    "zh:52bc6c512d669ac39a69a25dbca36b4843c0c7666b0dd1f7fa28973c0706f28d",
+    "zh:66c19893e0524580cc4fdf7309de14efdfc658abed19dcdcfca1d0c64c04c8fb",
+    "zh:7426636c9a3d4afa04774403cb4db58c0c2212f60c619cdce3065937cb15a21c",
+    "zh:987553ab9f8246f8504675400bb09f18e208c499fe87867bba3cc312d787411d",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:c5e44004f76534d428d5d9d66fcb7cffbf3fb4af44e00fc2f4b6be462acc1fee",
-    "zh:c921e4e3e3a170c33ed481c9300386e98b7c5ef57fc4b4f9df482396edbd33f4",
-    "zh:d03527e17c1d0f6770b8eaeeb2efe7600e7f01f2e9223764fdbd0d5bd0a2f16e",
-    "zh:dd0bd0a026e089969c422e6f9bc53885d7777a9820ce68fc72af1eaf697d32ac",
-    "zh:ddf5309d5553c90452ae63015bad12516bb295bf8ac2776efb1c3429ab3063ed",
-    "zh:e3a9f00a982ba8451f9c519c381a9480aa1b2e245faa4b8346af3df27225fb40",
-    "zh:ee967f5904dee3eeecc69c0bc57151c3833cbc0ff079237845776bf18624aaa8",
-    "zh:f2d189eb060588c023bbf4223abf929015b1cd7c6f4601c9765de6169ab2d07e",
+    "zh:c4e1cfc4fd4fc37db5d105bff18b08291e5f8a4ee8888bb40693a25f7e7a8ae1",
+    "zh:cfbdecb87d83ac1cde743710be0dbe5483e3dda6c643a85c579ad0392b6997d7",
+    "zh:d566ade1e469565189e8b25e98f5052dbeececfbae3f36a5475c05bfed3e885a",
+    "zh:dc70e5e3ad01d6153be9e868fed5745d1ecc37f154a92cc37c98409326b6e3f5",
+    "zh:f4ff727cbd34a4013c71d59c199ac9f1ce97acf18663443d5567b0815b6930f0",
+    "zh:f6b25a5f80c3f9f82e6e4f8cff16c78c1502e75c6b39116922b26e7b85c79a6d",
   ]
 }

From c847e0cc26f384571c26aad182990908eba81356 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sun, 12 May 2024 23:05:54 -0400
Subject: [PATCH 15/31] Remove incorrect comment (#577)

---
 .github/workflows/terraform.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 6b4036fb..7425df7d 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -13,7 +13,6 @@ on:
       - '.github/workflows/terraform.yml'
 
 jobs:
-  # Build containers for x86
   terraform:
     runs-on: ubuntu-latest
     steps:

From aaba20c93b52c92555bd726db7f55ea7fe9b6f63 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 16 May 2024 03:09:52 +0200
Subject: [PATCH 16/31] build static node.js for manylinux2014 x86_64 and arm64
 (#578)

* build static node.js for manylinux2014 x86_64 and arm64

also copy it to /staticnode on manylinux2014 and alpine builders

* review feedback

* use scratch + some formatting

* test it differently

* fix

* sigh

* naming
---
 .github/workflows/build-docker-images.yml | 52 +++++++++++------------
 .github/workflows/build-static-node.yml   | 51 ++++++++++++++++++++++
 cryptography-linux/Dockerfile             | 38 ++---------------
 runners/alpine/Dockerfile                 |  5 +++
 staticnode/Dockerfile                     | 19 +++++++++
 staticnode/Dockerfile-test                |  6 +++
 staticnode/node-version.sh                |  1 +
 7 files changed, 112 insertions(+), 60 deletions(-)
 create mode 100644 .github/workflows/build-static-node.yml
 create mode 100644 staticnode/Dockerfile
 create mode 100644 staticnode/Dockerfile-test
 create mode 100644 staticnode/node-version.sh

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index adb113f2..529da7e6 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -30,36 +30,36 @@ jobs:
       fail-fast: false
       matrix:
         IMAGE:
-          - {TAG_NAME: "cryptography-runner-rhel8", DOCKERFILE_PATH: "runners/rhel", BUILD_ARGS: "--build-arg RELEASE=redhat/ubi8", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-rhel8-fips", DOCKERFILE_PATH: "runners/rhel", BUILD_ARGS: "--build-arg FIPS=1 --build-arg RELEASE=redhat/ubi8", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-centos-stream9", DOCKERFILE_PATH: "runners/rhel", BUILD_ARGS: "--build-arg RELEASE=quay.io/centos/centos:stream9", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-centos-stream9-fips", DOCKERFILE_PATH: "runners/rhel", BUILD_ARGS: "--build-arg FIPS=1 --build-arg RELEASE=quay.io/centos/centos:stream9", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-rhel8", DOCKERFILE_PATH: "runners/rhel", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=redhat/ubi8", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-rhel8-fips", DOCKERFILE_PATH: "runners/rhel", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg FIPS=1 --build-arg RELEASE=redhat/ubi8", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-centos-stream9", DOCKERFILE_PATH: "runners/rhel", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=quay.io/centos/centos:stream9", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-centos-stream9-fips", DOCKERFILE_PATH: "runners/rhel", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg FIPS=1 --build-arg RELEASE=quay.io/centos/centos:stream9", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-runner-fedora", DOCKERFILE_PATH: "runners/fedora", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-alpine", DOCKERFILE_PATH: "runners/alpine", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-fedora", DOCKERFILE_PATH: "runners/fedora", NODE_ARCH: "x64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-alpine", DOCKERFILE_PATH: "runners/alpine", NODE_ARCH: "x64", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-runner-buster", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=buster", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-bullseye", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=bullseye", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-bookworm", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=bookworm", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-trixie", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=trixie", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-sid", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=sid", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-buster", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=buster", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-bullseye", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=bullseye", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-bookworm", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=bookworm", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-trixie", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=trixie", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-sid", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=sid", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-runner-ubuntu-focal", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=focal", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-ubuntu-jammy", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=jammy", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-ubuntu-noble", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=noble", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-ubuntu-rolling", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-ubuntu-focal", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=focal", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-ubuntu-jammy", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=jammy", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-ubuntu-noble", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=noble", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-ubuntu-rolling", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-manylinux2014:x86_64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux2014_x86_64", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-manylinux_2_28:x86_64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux_2_28_x86_64", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-musllinux_1_1:x86_64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_1_x86_64", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-musllinux_1_2:x86_64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_2_x86_64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-manylinux2014:x86_64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux2014_x86_64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-manylinux_2_28:x86_64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux_2_28_x86_64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-musllinux_1_1:x86_64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_1_x86_64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-musllinux_1_2:x86_64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_2_x86_64", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-manylinux2014_aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-manylinux_2_28:aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux_2_28_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-musllinux_1_1:aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_1_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-musllinux_1_2:aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_2_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-runner-ubuntu-rolling:aarch64", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-runner-alpine:aarch64", DOCKERFILE_PATH: "runners/alpine", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-manylinux2014_aarch64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-manylinux_2_28:aarch64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux_2_28_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-musllinux_1_1:aarch64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_1_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-musllinux_1_2:aarch64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_2_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-runner-ubuntu-rolling:aarch64", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-runner-alpine:aarch64", DOCKERFILE_PATH: "runners/alpine", NODE_ARCH: "arm64", RUNNER: [self-hosted, Linux, ARM64]}
 
     name: "${{ matrix.IMAGE.TAG_NAME }}"
     steps:
@@ -71,7 +71,7 @@ jobs:
         run: docker pull ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} || true
         if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
       - name: Build image
-        run: docker build --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }}
+        run: docker build --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }} --build-arg NODE_ARCH_RELEASE=${{ matrix.IMAGE.NODE_ARCH }}:v20.13.1
       - name: Login to docker
         run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" ghcr.io'
         env:
diff --git a/.github/workflows/build-static-node.yml b/.github/workflows/build-static-node.yml
new file mode 100644
index 00000000..e73d9f89
--- /dev/null
+++ b/.github/workflows/build-static-node.yml
@@ -0,0 +1,51 @@
+name: Build Static Node.js Container
+permissions:
+  contents: read
+  packages: write
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/build-static-node.yml'
+      - 'staticnode/**'
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-static-node.yml'
+      - 'staticnode/**'
+
+jobs:
+  build:
+    name: Build node.js
+    runs-on: ${{ matrix.IMAGE.RUNNER }}
+    strategy:
+      fail-fast: false
+      matrix:
+        IMAGE:
+          - {RUNNER: "ubuntu-latest", NODE_ARCH: "x64", MANYLINUX_ARCH: "x86_64"}
+          - {RUNNER: [self-hosted, Linux, ARM64], NODE_ARCH: "arm64", MANYLINUX_ARCH: "aarch64"}
+    steps:
+    - uses: actions/checkout@v4.1.5
+    - name: Set Node.js version
+      run: |
+        source ./staticnode/node-version.sh
+        echo "NODE_VERSION=$NODE_VERSION" >> $GITHUB_ENV
+    - name: Build the Docker image
+      run: |
+        echo building node.js $NODE_VERSION
+        docker build --tag ghcr.io/pyca/static-nodejs-${{ matrix.IMAGE.NODE_ARCH }}:$NODE_VERSION --build-arg VERSION=$NODE_VERSION --build-arg ARCH=${{ matrix.IMAGE.NODE_ARCH  }} staticnode
+    - name: Test static node.js on manylinux2014
+      run: |
+        cd staticnode
+        docker build -f Dockerfile-test -t test-node --build-arg MANYLINUX_ARCH=${{ matrix.IMAGE.MANYLINUX_ARCH }} --build-arg CONTAINER_NAME=ghcr.io/pyca/static-nodejs-${{ matrix.IMAGE.NODE_ARCH }}:$NODE_VERSION .
+        docker run test-node /staticnode/bin/node -e "console.log('hello world'); console.log(process.version)"
+    - name: Login to docker
+      run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" ghcr.io'
+      env:
+        DOCKER_USERNAME: ${{ github.actor }}
+        DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+      if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
+    - name: Push image
+      run: docker push ghcr.io/pyca/static-nodejs-${{ matrix.IMAGE.NODE_ARCH }}:${{ env.NODE_VERSION }}
+      if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
diff --git a/cryptography-linux/Dockerfile b/cryptography-linux/Dockerfile
index 3e27089c..b87f31f9 100644
--- a/cryptography-linux/Dockerfile
+++ b/cryptography-linux/Dockerfile
@@ -1,7 +1,8 @@
+ARG NODE_ARCH_RELEASE
 ARG PYCA_RELEASE
+FROM ghcr.io/pyca/static-nodejs-${NODE_ARCH_RELEASE} as staticnodejs
 FROM quay.io/pypa/${PYCA_RELEASE}
-ARG PYCA_RELEASE
-MAINTAINER Python Cryptographic Authority
+LABEL org.opencontainers.image.authors="Python Cryptographic Authority"
 WORKDIR /root
 RUN \
   if [ $(uname -m) = "x86_64" ]; \
@@ -16,22 +17,6 @@ RUN \
       apt-get install -qq -y --no-install-recommends prelink && \
       apt-get clean -qq && \
       rm -rf /var/lib/apt/lists/*; \
-    else \
-      # gcompat's latest release (as of 2024-02-04) doesn't support features we need for GH's node20 \
-      # so instead we build the entire thing ourselves from source. \
-      # Derived from https://git.alpinelinux.org/aports/tree/community/gcompat/APKBUILD?h=3.18-stable  \
-      # and pinned to the latest gcompat at the time this was written \
-      apk add --no-cache make libucontext-dev musl-obstack-dev; \
-      _ld="ld-linux-x86_64.so.2"; \
-      _arch="aarch64"; \
-      curl -O https://git.adelielinux.org/adelie/gcompat/-/archive/8e300a60/gcompat-ae300a60.tar.gz && \
-      tar xf gcompat*.tar.gz && \
-      cd gcompat* && \
-      make WITH_LIBUCONTEXT=1 WITH_OBSTACK=musl-obstack LINKER_PATH="/lib/ld-musl-${_arch}.so.1" LOADER_NAME="${_ld}" install && \
-      mkdir /lib64 &&\
-      ln -s "/lib/${_ld}" "/lib64/${_ld}" &&\
-      ln -s "/lib/${_ld}" /lib/libresolv.so.2 && \
-      cd .. && rm -rf gcompat*; \
     fi; \
   fi
 
@@ -50,25 +35,10 @@ RUN \
       apt-get install -qq -y --no-install-recommends libffi-dev && \
       apt-get clean -qq && \
       rm -rf /var/lib/apt/lists/*; \
-    else \
-      # gcompat's latest release (as of 2024-02-04) doesn't support features we need for GH's node20 \
-      # so instead we build the entire thing ourselves from source. \
-      # Derived from https://git.alpinelinux.org/aports/tree/community/gcompat/APKBUILD?h=3.18-stable  \
-      # and pinned to the latest gcompat at the time this was written \
-      apk add --no-cache make libucontext-dev musl-obstack-dev; \
-      _ld="ld-linux-aarch64.so.1"; \
-      _arch="aarch64"; \
-      curl -O https://git.adelielinux.org/adelie/gcompat/-/archive/8e300a60/gcompat-ae300a60.tar.gz && \
-      tar xf gcompat*.tar.gz && \
-      cd gcompat* && \
-      make WITH_LIBUCONTEXT=1 WITH_OBSTACK=musl-obstack LINKER_PATH="/lib/ld-musl-${_arch}.so.1" LOADER_NAME="${_ld}" install && \
-      mkdir /lib64 &&\
-      ln -s "/lib/${_ld}" "/lib64/${_ld}" &&\
-      ln -s "/lib/${_ld}" /lib/libresolv.so.2 && \
-      cd .. && rm -rf gcompat*; \
     fi; \
   fi
 
+COPY --from=staticnodejs /out/ /staticnode/
 ADD install_openssl.sh /root/install_openssl.sh
 ADD openssl-version.sh /root/openssl-version.sh
 RUN ./install_openssl.sh
diff --git a/runners/alpine/Dockerfile b/runners/alpine/Dockerfile
index f91737b8..a1eb870e 100644
--- a/runners/alpine/Dockerfile
+++ b/runners/alpine/Dockerfile
@@ -1,3 +1,6 @@
+ARG NODE_ARCH_RELEASE
+FROM ghcr.io/pyca/static-nodejs-${NODE_ARCH_RELEASE} as staticnodejs
+
 FROM alpine:latest
 
 # Increment this to blow away the docker cache
@@ -10,6 +13,8 @@ ENV LANG C.UTF-8
 RUN apk add --no-cache git libffi-dev curl \
     python3-dev openssl-dev bash gcc musl-dev tar pkgconfig zstd libucontext-dev musl-obstack-dev make
 
+COPY --from=staticnodejs /out/ /staticnode/
+
 # Derived from https://git.alpinelinux.org/aports/tree/community/gcompat/APKBUILD?h=3.18-stable and pinned to the
 # latest gcompat at the time this was written
 RUN if [ $(uname -m) = "x86_64" ]; \
diff --git a/staticnode/Dockerfile b/staticnode/Dockerfile
new file mode 100644
index 00000000..3b7fee0d
--- /dev/null
+++ b/staticnode/Dockerfile
@@ -0,0 +1,19 @@
+FROM alpine:latest
+ARG VERSION
+# One of x64 or arm64
+ARG ARCH
+
+RUN mkdir -p /build
+WORKDIR /build
+
+RUN apk add --no-cache binutils-gold curl g++ gcc gnupg libgcc linux-headers make python3 libstdc++
+RUN mkdir -p /out/bin
+RUN mkdir -p /node_staging
+
+RUN curl -O https://nodejs.org/dist/$VERSION/node-$VERSION.tar.gz
+RUN tar -zxvf node-$VERSION.tar.gz
+RUN cd node-$VERSION && ./configure --dest-cpu=$ARCH --fully-static && make -j$(nproc)
+RUN cp /build/node-$VERSION/LICENSE /out/LICENSE && cp /build/node-$VERSION/out/Release/node /out/bin/node
+
+FROM scratch
+COPY --from=0 /out/ /out
diff --git a/staticnode/Dockerfile-test b/staticnode/Dockerfile-test
new file mode 100644
index 00000000..d1d3dcc1
--- /dev/null
+++ b/staticnode/Dockerfile-test
@@ -0,0 +1,6 @@
+ARG MANYLINUX_ARCH
+ARG CONTAINER_NAME
+FROM ${CONTAINER_NAME} as staticnodejs
+FROM quay.io/pypa/manylinux2014_${MANYLINUX_ARCH}
+
+COPY --from=staticnodejs /out /staticnode/
diff --git a/staticnode/node-version.sh b/staticnode/node-version.sh
new file mode 100644
index 00000000..d7aeb398
--- /dev/null
+++ b/staticnode/node-version.sh
@@ -0,0 +1 @@
+export NODE_VERSION="v20.13.1"

From 2276d5fedf23717641db010ea450d88c486406b6 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Thu, 16 May 2024 01:13:42 -0400
Subject: [PATCH 17/31] Simplify configuration of node arch (#579)

just use the runner's arch
---
 .github/workflows/build-docker-images.yml | 55 ++++++++++++-----------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index 529da7e6..b38b827c 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -30,40 +30,43 @@ jobs:
       fail-fast: false
       matrix:
         IMAGE:
-          - {TAG_NAME: "cryptography-runner-rhel8", DOCKERFILE_PATH: "runners/rhel", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=redhat/ubi8", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-rhel8-fips", DOCKERFILE_PATH: "runners/rhel", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg FIPS=1 --build-arg RELEASE=redhat/ubi8", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-centos-stream9", DOCKERFILE_PATH: "runners/rhel", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=quay.io/centos/centos:stream9", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-centos-stream9-fips", DOCKERFILE_PATH: "runners/rhel", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg FIPS=1 --build-arg RELEASE=quay.io/centos/centos:stream9", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-rhel8", DOCKERFILE_PATH: "runners/rhel", BUILD_ARGS: "--build-arg RELEASE=redhat/ubi8", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-rhel8-fips", DOCKERFILE_PATH: "runners/rhel", BUILD_ARGS: "--build-arg FIPS=1 --build-arg RELEASE=redhat/ubi8", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-centos-stream9", DOCKERFILE_PATH: "runners/rhel", BUILD_ARGS: "--build-arg RELEASE=quay.io/centos/centos:stream9", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-centos-stream9-fips", DOCKERFILE_PATH: "runners/rhel", BUILD_ARGS: "--build-arg FIPS=1 --build-arg RELEASE=quay.io/centos/centos:stream9", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-runner-fedora", DOCKERFILE_PATH: "runners/fedora", NODE_ARCH: "x64", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-alpine", DOCKERFILE_PATH: "runners/alpine", NODE_ARCH: "x64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-fedora", DOCKERFILE_PATH: "runners/fedora", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-alpine", DOCKERFILE_PATH: "runners/alpine", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-runner-buster", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=buster", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-bullseye", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=bullseye", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-bookworm", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=bookworm", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-trixie", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=trixie", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-sid", DOCKERFILE_PATH: "runners/debian", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=sid", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-buster", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=buster", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-bullseye", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=bullseye", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-bookworm", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=bookworm", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-trixie", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=trixie", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-sid", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=sid", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-runner-ubuntu-focal", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=focal", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-ubuntu-jammy", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=jammy", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-ubuntu-noble", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=noble", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-runner-ubuntu-rolling", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-ubuntu-focal", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=focal", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-ubuntu-jammy", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=jammy", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-ubuntu-noble", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=noble", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-runner-ubuntu-rolling", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-manylinux2014:x86_64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux2014_x86_64", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-manylinux_2_28:x86_64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux_2_28_x86_64", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-musllinux_1_1:x86_64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_1_x86_64", RUNNER: "ubuntu-latest"}
-          - {TAG_NAME: "cryptography-musllinux_1_2:x86_64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "x64", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_2_x86_64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-manylinux2014:x86_64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux2014_x86_64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-manylinux_2_28:x86_64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux_2_28_x86_64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-musllinux_1_1:x86_64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_1_x86_64", RUNNER: "ubuntu-latest"}
+          - {TAG_NAME: "cryptography-musllinux_1_2:x86_64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_2_x86_64", RUNNER: "ubuntu-latest"}
 
-          - {TAG_NAME: "cryptography-manylinux2014_aarch64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-manylinux_2_28:aarch64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux_2_28_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-musllinux_1_1:aarch64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_1_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-musllinux_1_2:aarch64", DOCKERFILE_PATH: "cryptography-linux", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_2_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-runner-ubuntu-rolling:aarch64", DOCKERFILE_PATH: "runners/ubuntu", NODE_ARCH: "arm64", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: [self-hosted, Linux, ARM64]}
-          - {TAG_NAME: "cryptography-runner-alpine:aarch64", DOCKERFILE_PATH: "runners/alpine", NODE_ARCH: "arm64", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-manylinux2014_aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-manylinux_2_28:aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=manylinux_2_28_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-musllinux_1_1:aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_1_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-musllinux_1_2:aarch64", DOCKERFILE_PATH: "cryptography-linux", BUILD_ARGS: "--build-arg PYCA_RELEASE=musllinux_1_2_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-runner-ubuntu-rolling:aarch64", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=rolling", RUNNER: [self-hosted, Linux, ARM64]}
+          - {TAG_NAME: "cryptography-runner-alpine:aarch64", DOCKERFILE_PATH: "runners/alpine", RUNNER: [self-hosted, Linux, ARM64]}
 
     name: "${{ matrix.IMAGE.TAG_NAME }}"
     steps:
       - uses: actions/checkout@v4.1.5
+      - run: |
+          arch=$(echo "${{ runner.arch }}" | tr '[:upper:]' '[:lower:]')
+          echo "NODE_ARCH=$arch" >> $GITHUB_ENV
       # Pull the previous image, but if it fails return true anyway.
       # Sometimes we add new docker images and if they've never been pushed
       # they can't be pulled.
@@ -71,7 +74,7 @@ jobs:
         run: docker pull ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} || true
         if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
       - name: Build image
-        run: docker build --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }} --build-arg NODE_ARCH_RELEASE=${{ matrix.IMAGE.NODE_ARCH }}:v20.13.1
+        run: docker build --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }} --build-arg NODE_ARCH_RELEASE=${{ env.NODE_ARCH }}:v20.13.1
       - name: Login to docker
         run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" ghcr.io'
         env:

From 4092c93c2bbfbe1c982e10f249b52fa0c14f3f84 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 May 2024 11:53:08 +0200
Subject: [PATCH 18/31] Bump oracle/oci from 5.41.0 to 5.42.0 in /terraform
 (#580)

Bumps [oracle/oci](https://github.com/oracle/terraform-provider-oci) from 5.41.0 to 5.42.0.
- [Release notes](https://github.com/oracle/terraform-provider-oci/releases)
- [Changelog](https://github.com/oracle/terraform-provider-oci/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oracle/terraform-provider-oci/compare/v5.41.0...v5.42.0)

---
updated-dependencies:
- dependency-name: oracle/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 terraform/.terraform.lock.hcl | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 35d679bf..051cf780 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -58,24 +58,24 @@ provider "registry.terraform.io/hashicorp/local" {
 }
 
 provider "registry.terraform.io/oracle/oci" {
-  version     = "5.41.0"
+  version     = "5.42.0"
   constraints = ">= 4.67.3"
   hashes = [
-    "h1:ql31lMkVjOTLXos9lwujT4JOzv5hF81o60n9+Atalag=",
-    "zh:148112ce71e5888d7a66641902d5ecf4640d577d01c3c7914fbcaeae6f7a9a11",
-    "zh:26d22964dcca450b0534850346e7f2b587311869b9d6aa6a9b647cca61297e97",
-    "zh:340ceeb483119db290b80b7eef6c4fbddac754679eb1c4584cc87777ab0aab68",
-    "zh:497d94ee4895f1b1cf7b8baec3023c7c130b52dd117296be30fb148ba5a79f94",
-    "zh:52bc6c512d669ac39a69a25dbca36b4843c0c7666b0dd1f7fa28973c0706f28d",
-    "zh:66c19893e0524580cc4fdf7309de14efdfc658abed19dcdcfca1d0c64c04c8fb",
-    "zh:7426636c9a3d4afa04774403cb4db58c0c2212f60c619cdce3065937cb15a21c",
-    "zh:987553ab9f8246f8504675400bb09f18e208c499fe87867bba3cc312d787411d",
+    "h1:4wUzNgTUaxqgp+xL31eSzvkUSSHr+Fbb5ZzVptt8SDE=",
+    "zh:3002adc1c0c23b56c79eac20aa8bcbeecac3ad61e959d4bf3fdbf02c43e0b6fe",
+    "zh:3de47921a93a72dc7a4661f82863f7d7d6e50aec42ec8b289201ebbc19569e2f",
+    "zh:4897dab7303c79597c5b79ed2e3158634f74582a5db22225bd3923c0019b3682",
+    "zh:5b816202c988397d6ca6ddc4919bb10227f93168eeb5d5dacffe552fdbcd643e",
+    "zh:8424d47852d1d80611d2d321c9e5aa88b77ace37cc0d3e9e3346ef0b7812d516",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:c4e1cfc4fd4fc37db5d105bff18b08291e5f8a4ee8888bb40693a25f7e7a8ae1",
-    "zh:cfbdecb87d83ac1cde743710be0dbe5483e3dda6c643a85c579ad0392b6997d7",
-    "zh:d566ade1e469565189e8b25e98f5052dbeececfbae3f36a5475c05bfed3e885a",
-    "zh:dc70e5e3ad01d6153be9e868fed5745d1ecc37f154a92cc37c98409326b6e3f5",
-    "zh:f4ff727cbd34a4013c71d59c199ac9f1ce97acf18663443d5567b0815b6930f0",
-    "zh:f6b25a5f80c3f9f82e6e4f8cff16c78c1502e75c6b39116922b26e7b85c79a6d",
+    "zh:a637b4e0172c588d0b8f41995b0b36526e535ad461dd3bfd5d6f739e2d9fb37c",
+    "zh:b6cb3e0a2e93de7475cb06b3ceed4ad47bbef5dd3d626a13c4f2095cb9c7459b",
+    "zh:c54c437e136eb63cf087ec66f476e9e10fdcb5ddd695c6daf45ca634985d6b55",
+    "zh:c7563b56f31e08a2d8fefb19834f08d116581a4b47bbb43486da9082e719d6d5",
+    "zh:c8f98a1463fea84486d7ff1a7149a60684de8ebb06f408adaf74dc6940914a39",
+    "zh:cfdb86269b01c19f0f3da9d2b087d3a56343f1eba9021cf0c49d697041357359",
+    "zh:d68a4bfbd7a1d11eded456724b7876428e42aa5e86ff64b53da8bba1b8a6b2c4",
+    "zh:d755b0f6836472327116ac9c111bddcf8719a98f4a68c2377ecaa3f42dfaa094",
+    "zh:f6567eadd4469e66f6d990fcccc8dd8232d8555a2f8698bc823c57384668a074",
   ]
 }

From 9eb929bdea851f4f58c81ac08f0eea2ac1dc3044 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Thu, 16 May 2024 10:52:48 -0400
Subject: [PATCH 19/31] Various node cleanups (#581)

---
 .github/workflows/build-docker-images.yml |  5 +++--
 .github/workflows/build-static-node.yml   | 10 ++++++----
 staticnode/Dockerfile                     |  1 -
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index b38b827c..25586192 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -65,8 +65,9 @@ jobs:
     steps:
       - uses: actions/checkout@v4.1.5
       - run: |
+          source ./staticnode/node-version.sh
           arch=$(echo "${{ runner.arch }}" | tr '[:upper:]' '[:lower:]')
-          echo "NODE_ARCH=$arch" >> $GITHUB_ENV
+          echo "NODE_ARCH_RELEASE=$arch:$NODE_VERSION" >> $GITHUB_ENV
       # Pull the previous image, but if it fails return true anyway.
       # Sometimes we add new docker images and if they've never been pushed
       # they can't be pulled.
@@ -74,7 +75,7 @@ jobs:
         run: docker pull ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} || true
         if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
       - name: Build image
-        run: docker build --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }} --build-arg NODE_ARCH_RELEASE=${{ env.NODE_ARCH }}:v20.13.1
+        run: docker build --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }} --build-arg NODE_ARCH_RELEASE=${{ env.NODE_ARCH_RELEASE }}
       - name: Login to docker
         run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" ghcr.io'
         env:
diff --git a/.github/workflows/build-static-node.yml b/.github/workflows/build-static-node.yml
index e73d9f89..097107b0 100644
--- a/.github/workflows/build-static-node.yml
+++ b/.github/workflows/build-static-node.yml
@@ -23,22 +23,24 @@ jobs:
       fail-fast: false
       matrix:
         IMAGE:
-          - {RUNNER: "ubuntu-latest", NODE_ARCH: "x64", MANYLINUX_ARCH: "x86_64"}
-          - {RUNNER: [self-hosted, Linux, ARM64], NODE_ARCH: "arm64", MANYLINUX_ARCH: "aarch64"}
+          - {RUNNER: "ubuntu-latest", MANYLINUX_ARCH: "x86_64"}
+          - {RUNNER: [self-hosted, Linux, ARM64], MANYLINUX_ARCH: "aarch64"}
     steps:
     - uses: actions/checkout@v4.1.5
     - name: Set Node.js version
       run: |
         source ./staticnode/node-version.sh
         echo "NODE_VERSION=$NODE_VERSION" >> $GITHUB_ENV
+        arch=$(echo "${{ runner.arch }}" | tr '[:upper:]' '[:lower:]')
+        echo "NODE_ARCH=$arch" >> $GITHUB_ENV
     - name: Build the Docker image
       run: |
         echo building node.js $NODE_VERSION
-        docker build --tag ghcr.io/pyca/static-nodejs-${{ matrix.IMAGE.NODE_ARCH }}:$NODE_VERSION --build-arg VERSION=$NODE_VERSION --build-arg ARCH=${{ matrix.IMAGE.NODE_ARCH  }} staticnode
+        docker build --tag ghcr.io/pyca/static-nodejs-$NODE_ARCH:$NODE_VERSION --build-arg VERSION=$NODE_VERSION --build-arg ARCH=$NODE_ARCH staticnode
     - name: Test static node.js on manylinux2014
       run: |
         cd staticnode
-        docker build -f Dockerfile-test -t test-node --build-arg MANYLINUX_ARCH=${{ matrix.IMAGE.MANYLINUX_ARCH }} --build-arg CONTAINER_NAME=ghcr.io/pyca/static-nodejs-${{ matrix.IMAGE.NODE_ARCH }}:$NODE_VERSION .
+        docker build -f Dockerfile-test -t test-node --build-arg MANYLINUX_ARCH=${{ matrix.IMAGE.MANYLINUX_ARCH }} --build-arg CONTAINER_NAME=ghcr.io/pyca/static-nodejs-$NODE_ARCH:$NODE_VERSION .
         docker run test-node /staticnode/bin/node -e "console.log('hello world'); console.log(process.version)"
     - name: Login to docker
       run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" ghcr.io'
diff --git a/staticnode/Dockerfile b/staticnode/Dockerfile
index 3b7fee0d..1c9e794a 100644
--- a/staticnode/Dockerfile
+++ b/staticnode/Dockerfile
@@ -8,7 +8,6 @@ WORKDIR /build
 
 RUN apk add --no-cache binutils-gold curl g++ gcc gnupg libgcc linux-headers make python3 libstdc++
 RUN mkdir -p /out/bin
-RUN mkdir -p /node_staging
 
 RUN curl -O https://nodejs.org/dist/$VERSION/node-$VERSION.tar.gz
 RUN tar -zxvf node-$VERSION.tar.gz

From 83d4a90b7caa0080f3ff67d971400aff616115f9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 May 2024 07:09:13 -0400
Subject: [PATCH 20/31] Bump actions/checkout from 4.1.5 to 4.1.6 (#582)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.5...v4.1.6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-docker-images.yml   | 2 +-
 .github/workflows/build-macos-openssl.yml   | 2 +-
 .github/workflows/build-static-node.yml     | 2 +-
 .github/workflows/build-windows-openssl.yml | 2 +-
 .github/workflows/terraform.yml             | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index 25586192..8f5cb676 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -63,7 +63,7 @@ jobs:
 
     name: "${{ matrix.IMAGE.TAG_NAME }}"
     steps:
-      - uses: actions/checkout@v4.1.5
+      - uses: actions/checkout@v4.1.6
       - run: |
           source ./staticnode/node-version.sh
           arch=$(echo "${{ runner.arch }}" | tr '[:upper:]' '[:lower:]')
diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index a449dc39..c4729006 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -32,7 +32,7 @@ jobs:
             OPENSSLDIR: "/opt/homebrew/etc/openssl@3"
     name: "Build OpenSSL for macOS (${{ matrix.ARCH.NAME }})"
     steps:
-      - uses: actions/checkout@v4.1.5
+      - uses: actions/checkout@v4.1.6
       - name: Download OpenSSL
         run: |
           source ./cryptography-linux/openssl-version.sh
diff --git a/.github/workflows/build-static-node.yml b/.github/workflows/build-static-node.yml
index 097107b0..ec38843b 100644
--- a/.github/workflows/build-static-node.yml
+++ b/.github/workflows/build-static-node.yml
@@ -26,7 +26,7 @@ jobs:
           - {RUNNER: "ubuntu-latest", MANYLINUX_ARCH: "x86_64"}
           - {RUNNER: [self-hosted, Linux, ARM64], MANYLINUX_ARCH: "aarch64"}
     steps:
-    - uses: actions/checkout@v4.1.5
+    - uses: actions/checkout@v4.1.6
     - name: Set Node.js version
       run: |
         source ./staticnode/node-version.sh
diff --git a/.github/workflows/build-windows-openssl.yml b/.github/workflows/build-windows-openssl.yml
index 5371793d..7220dc21 100644
--- a/.github/workflows/build-windows-openssl.yml
+++ b/.github/workflows/build-windows-openssl.yml
@@ -26,7 +26,7 @@ jobs:
         ARCH: ["win32", "win64"]
     name: "Build OpenSSL for ${{ matrix.ARCH }} on MSVC 2022"
     steps:
-      - uses: actions/checkout@v4.1.5
+      - uses: actions/checkout@v4.1.6
       - run: choco install -y nasm winrar
       - name: Export OpenSSL version
         run: |
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 7425df7d..8463c8cc 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -16,7 +16,7 @@ jobs:
   terraform:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.5
+      - uses: actions/checkout@v4.1.6
       - run: terraform -chdir=terraform/ fmt -check
       - run: terraform -chdir=terraform/ init -backend=false
       # Need to have a values.yaml for validate to pass.

From e3884aec64fb1d08dea69e5118edbe6dc0943d1d Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 17 May 2024 10:08:00 -0400
Subject: [PATCH 21/31] oops, fix static node build (#583)

---
 .github/workflows/build-static-node.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-static-node.yml b/.github/workflows/build-static-node.yml
index ec38843b..0c923440 100644
--- a/.github/workflows/build-static-node.yml
+++ b/.github/workflows/build-static-node.yml
@@ -49,5 +49,5 @@ jobs:
         DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
       if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
     - name: Push image
-      run: docker push ghcr.io/pyca/static-nodejs-${{ matrix.IMAGE.NODE_ARCH }}:${{ env.NODE_VERSION }}
+      run: docker push ghcr.io/pyca/static-nodejs-${{ env.NODE_ARCH }}:${{ env.NODE_VERSION }}
       if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'

From 232fb1fc7e408c90b4147bb872d5afea0a2fdcc5 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 18 May 2024 11:50:32 -0400
Subject: [PATCH 22/31] Check the hash of the node source tarball (#584)

---
 .github/workflows/build-static-node.yml | 3 ++-
 cryptography-linux/install_openssl.sh   | 4 +---
 staticnode/Dockerfile                   | 3 +++
 staticnode/node-version.sh              | 1 +
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-static-node.yml b/.github/workflows/build-static-node.yml
index 0c923440..5c26656f 100644
--- a/.github/workflows/build-static-node.yml
+++ b/.github/workflows/build-static-node.yml
@@ -31,12 +31,13 @@ jobs:
       run: |
         source ./staticnode/node-version.sh
         echo "NODE_VERSION=$NODE_VERSION" >> $GITHUB_ENV
+        echo "NODE_SHA256SUM=$NODE_SHA256SUM" >> $GITHUB_ENV
         arch=$(echo "${{ runner.arch }}" | tr '[:upper:]' '[:lower:]')
         echo "NODE_ARCH=$arch" >> $GITHUB_ENV
     - name: Build the Docker image
       run: |
         echo building node.js $NODE_VERSION
-        docker build --tag ghcr.io/pyca/static-nodejs-$NODE_ARCH:$NODE_VERSION --build-arg VERSION=$NODE_VERSION --build-arg ARCH=$NODE_ARCH staticnode
+        docker build --tag ghcr.io/pyca/static-nodejs-$NODE_ARCH:$NODE_VERSION --build-arg VERSION=$NODE_VERSION --build-arg ARCH=$NODE_ARCH --build-arg SHA256SUM=$NODE_SHA256SUM staticnode
     - name: Test static node.js on manylinux2014
       run: |
         cd staticnode
diff --git a/cryptography-linux/install_openssl.sh b/cryptography-linux/install_openssl.sh
index 109e75c6..fdad0ecc 100755
--- a/cryptography-linux/install_openssl.sh
+++ b/cryptography-linux/install_openssl.sh
@@ -7,9 +7,7 @@ source /root/openssl-version.sh
 function check_sha256sum {
     local fname=$1
     local sha256=$2
-    echo "${sha256}  ${fname}" > "${fname}.sha256"
-    sha256sum -c "${fname}.sha256"
-    rm "${fname}.sha256"
+    echo "${sha256}  ${fname}" | sha256sum -c -
 }
 
 curl -#O "${OPENSSL_URL}/${OPENSSL_VERSION}.tar.gz"
diff --git a/staticnode/Dockerfile b/staticnode/Dockerfile
index 1c9e794a..52e7fda4 100644
--- a/staticnode/Dockerfile
+++ b/staticnode/Dockerfile
@@ -2,6 +2,8 @@ FROM alpine:latest
 ARG VERSION
 # One of x64 or arm64
 ARG ARCH
+# The sha256sum for the node source tarball
+ARG SHA256SUM
 
 RUN mkdir -p /build
 WORKDIR /build
@@ -10,6 +12,7 @@ RUN apk add --no-cache binutils-gold curl g++ gcc gnupg libgcc linux-headers mak
 RUN mkdir -p /out/bin
 
 RUN curl -O https://nodejs.org/dist/$VERSION/node-$VERSION.tar.gz
+RUN echo "$SHA256SUM  node-$VERSION.tar.gz" | sha256sum -c -
 RUN tar -zxvf node-$VERSION.tar.gz
 RUN cd node-$VERSION && ./configure --dest-cpu=$ARCH --fully-static && make -j$(nproc)
 RUN cp /build/node-$VERSION/LICENSE /out/LICENSE && cp /build/node-$VERSION/out/Release/node /out/bin/node
diff --git a/staticnode/node-version.sh b/staticnode/node-version.sh
index d7aeb398..1a433609 100644
--- a/staticnode/node-version.sh
+++ b/staticnode/node-version.sh
@@ -1 +1,2 @@
 export NODE_VERSION="v20.13.1"
+export NODE_SHA256SUM="a85ee53aa0a5c2f5ca94fa414cdbceb91eb7d18a77fc498358512c14cc6c6991"

From d57a614fcd6621b291b98ccd9410e99b351d3624 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 May 2024 13:36:47 +0300
Subject: [PATCH 23/31] Bump oracle/oci from 5.42.0 to 5.43.0 in /terraform
 (#585)

Bumps [oracle/oci](https://github.com/oracle/terraform-provider-oci) from 5.42.0 to 5.43.0.
- [Release notes](https://github.com/oracle/terraform-provider-oci/releases)
- [Changelog](https://github.com/oracle/terraform-provider-oci/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oracle/terraform-provider-oci/compare/v5.42.0...v5.43.0)

---
updated-dependencies:
- dependency-name: oracle/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 terraform/.terraform.lock.hcl | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 051cf780..9d913925 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -58,24 +58,24 @@ provider "registry.terraform.io/hashicorp/local" {
 }
 
 provider "registry.terraform.io/oracle/oci" {
-  version     = "5.42.0"
+  version     = "5.43.0"
   constraints = ">= 4.67.3"
   hashes = [
-    "h1:4wUzNgTUaxqgp+xL31eSzvkUSSHr+Fbb5ZzVptt8SDE=",
-    "zh:3002adc1c0c23b56c79eac20aa8bcbeecac3ad61e959d4bf3fdbf02c43e0b6fe",
-    "zh:3de47921a93a72dc7a4661f82863f7d7d6e50aec42ec8b289201ebbc19569e2f",
-    "zh:4897dab7303c79597c5b79ed2e3158634f74582a5db22225bd3923c0019b3682",
-    "zh:5b816202c988397d6ca6ddc4919bb10227f93168eeb5d5dacffe552fdbcd643e",
-    "zh:8424d47852d1d80611d2d321c9e5aa88b77ace37cc0d3e9e3346ef0b7812d516",
+    "h1:bwjTyGPtXdv4C9g7CxD27svM1YYkarJb0oyLOggeiVg=",
+    "zh:26d5e27a2e5e8863eb4df15aa78282c4e29c78acc0ecf95ceaaebb0d6c5100fb",
+    "zh:3e4d3c8961a3a6ed6445851ae5a77114c61ad03d4c42084a8e70990dadc66e08",
+    "zh:42dc29bb8c8337ce086f6f78fed912e2bf0a52cc4dd0733c1741208f7d11c66f",
+    "zh:57f98dffd3a6af1e5935413176c995c353b0c3d02b6eac032496691c45a30584",
+    "zh:58aa2eab7f9d47953b631702a652d2f1e6c0c4b2e252fb7021a99f7bac3b3bef",
+    "zh:765968760d7d4eb7c12075dfcb628f4074a7626be2285f57d82407b1f2b40d77",
+    "zh:86c1daa0a15d675f9bbaa3b2c69007fb71313ea5f4810bb20182f19f986d1d4e",
+    "zh:95f92dade7074d919260b671c28da62b26a72eeab2e2978d0eeccdc50656240a",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:a637b4e0172c588d0b8f41995b0b36526e535ad461dd3bfd5d6f739e2d9fb37c",
-    "zh:b6cb3e0a2e93de7475cb06b3ceed4ad47bbef5dd3d626a13c4f2095cb9c7459b",
-    "zh:c54c437e136eb63cf087ec66f476e9e10fdcb5ddd695c6daf45ca634985d6b55",
-    "zh:c7563b56f31e08a2d8fefb19834f08d116581a4b47bbb43486da9082e719d6d5",
-    "zh:c8f98a1463fea84486d7ff1a7149a60684de8ebb06f408adaf74dc6940914a39",
-    "zh:cfdb86269b01c19f0f3da9d2b087d3a56343f1eba9021cf0c49d697041357359",
-    "zh:d68a4bfbd7a1d11eded456724b7876428e42aa5e86ff64b53da8bba1b8a6b2c4",
-    "zh:d755b0f6836472327116ac9c111bddcf8719a98f4a68c2377ecaa3f42dfaa094",
-    "zh:f6567eadd4469e66f6d990fcccc8dd8232d8555a2f8698bc823c57384668a074",
+    "zh:b4b08ed840e87c7ca8c27cb98dc1bf2839f184301a7b6547e0a34c6bf6d6a3d5",
+    "zh:bde6dc8034484eded8dc0cf303b23a372acbb946386aca1f15dd791445491cd1",
+    "zh:d496f7e4864910ecce8e616c918136bc84b6edfab623f3a044049c4e3c2a7b22",
+    "zh:da2a0f2ebef1d42f664358ce859bf5175ffa52e211454091afb42d10124879ea",
+    "zh:f4b2eb5a8ac341e030eb5c8f2d98a790b385f4e80056e5a9788b0d91274b77ea",
+    "zh:fb7bee620690e173197766e809b32c0f53033fcc643a67aa0bc88ffdae64cf01",
   ]
 }

From 8b84444fa0d8c64a14893e0df136afeb518951b8 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Wed, 29 May 2024 21:51:41 -0400
Subject: [PATCH 24/31] there are no longer debian based manylinux images
 (#586)

---
 cryptography-linux/Dockerfile | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/cryptography-linux/Dockerfile b/cryptography-linux/Dockerfile
index b87f31f9..59696bd9 100644
--- a/cryptography-linux/Dockerfile
+++ b/cryptography-linux/Dockerfile
@@ -11,12 +11,6 @@ RUN \
       yum -y install binutils perl-IPC-Cmd && \
       yum -y clean all && \
       rm -rf /var/cache/yum; \
-    elif stat /etc/debian_version 1>&2 2>/dev/null; then \
-      export DEBIAN_FRONTEND=noninteractive && \
-      apt-get update -qq && \
-      apt-get install -qq -y --no-install-recommends prelink && \
-      apt-get clean -qq && \
-      rm -rf /var/lib/apt/lists/*; \
     fi; \
   fi
 
@@ -29,12 +23,6 @@ RUN \
       yum -y install libffi-devel perl-IPC-Cmd && \
       yum -y clean all && \
       rm -rf /var/cache/yum; \
-    elif stat /etc/debian_version 1>&2 2>/dev/null; then \
-      export DEBIAN_FRONTEND=noninteractive && \
-      apt-get update -qq && \
-      apt-get install -qq -y --no-install-recommends libffi-dev && \
-      apt-get clean -qq && \
-      rm -rf /var/lib/apt/lists/*; \
     fi; \
   fi
 

From 6707bbfc67acdc043c09b1c82b60ec37c90cfc09 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 31 May 2024 09:42:31 +0200
Subject: [PATCH 25/31] Bump oracle/oci from 5.43.0 to 5.44.0 in /terraform
 (#587)

Bumps [oracle/oci](https://github.com/oracle/terraform-provider-oci) from 5.43.0 to 5.44.0.
- [Release notes](https://github.com/oracle/terraform-provider-oci/releases)
- [Changelog](https://github.com/oracle/terraform-provider-oci/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oracle/terraform-provider-oci/compare/v5.43.0...v5.44.0)

---
updated-dependencies:
- dependency-name: oracle/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 terraform/.terraform.lock.hcl | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 9d913925..308831e1 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -58,24 +58,24 @@ provider "registry.terraform.io/hashicorp/local" {
 }
 
 provider "registry.terraform.io/oracle/oci" {
-  version     = "5.43.0"
+  version     = "5.44.0"
   constraints = ">= 4.67.3"
   hashes = [
-    "h1:bwjTyGPtXdv4C9g7CxD27svM1YYkarJb0oyLOggeiVg=",
-    "zh:26d5e27a2e5e8863eb4df15aa78282c4e29c78acc0ecf95ceaaebb0d6c5100fb",
-    "zh:3e4d3c8961a3a6ed6445851ae5a77114c61ad03d4c42084a8e70990dadc66e08",
-    "zh:42dc29bb8c8337ce086f6f78fed912e2bf0a52cc4dd0733c1741208f7d11c66f",
-    "zh:57f98dffd3a6af1e5935413176c995c353b0c3d02b6eac032496691c45a30584",
-    "zh:58aa2eab7f9d47953b631702a652d2f1e6c0c4b2e252fb7021a99f7bac3b3bef",
-    "zh:765968760d7d4eb7c12075dfcb628f4074a7626be2285f57d82407b1f2b40d77",
-    "zh:86c1daa0a15d675f9bbaa3b2c69007fb71313ea5f4810bb20182f19f986d1d4e",
-    "zh:95f92dade7074d919260b671c28da62b26a72eeab2e2978d0eeccdc50656240a",
+    "h1:KTNVUzsVxqG4bpu0f8DHXPQmwPOnt4mC5UefZM9IxMc=",
+    "zh:2512f470e68c1368e6134021409f14b6441f03c0657c2d17c98890227af506c1",
+    "zh:374cffbc9450edcdedd59a9301683ea4a9619ef99153e911c299efb7019b6077",
+    "zh:68d507093861f1629c47bd48b6785c0561a28a080c32dc671a26b495440d7790",
+    "zh:7ad0c64234f72fb18f168ca5c4dcd91ebc8d8ae3153ba093d5df77682d8670e1",
+    "zh:8173c60a764e2b65b261328c6c162bc6ced2cf4c9592bec48131d4669064a97c",
+    "zh:84d50ab9443816e8e8e909565887b35c4a4d95bb7b6c72d7d3379bbdb3c3193d",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:b4b08ed840e87c7ca8c27cb98dc1bf2839f184301a7b6547e0a34c6bf6d6a3d5",
-    "zh:bde6dc8034484eded8dc0cf303b23a372acbb946386aca1f15dd791445491cd1",
-    "zh:d496f7e4864910ecce8e616c918136bc84b6edfab623f3a044049c4e3c2a7b22",
-    "zh:da2a0f2ebef1d42f664358ce859bf5175ffa52e211454091afb42d10124879ea",
-    "zh:f4b2eb5a8ac341e030eb5c8f2d98a790b385f4e80056e5a9788b0d91274b77ea",
-    "zh:fb7bee620690e173197766e809b32c0f53033fcc643a67aa0bc88ffdae64cf01",
+    "zh:a22132c2414be1c1fa0e44851b9d41421ce2d7d94377b3d5123ed20ed9ad4d3b",
+    "zh:af8ced82c1641309d47fdf9d3d43876d09abefe7882948cddfcc9d1e1fead9a8",
+    "zh:b58fe0a465ebdfd145eb0a63a7276ca179ae397fccd6994e93d95475ed01ca42",
+    "zh:b998dd116338b430effd732289b53870b42108d67e19f40adbd693465163e2b7",
+    "zh:cb4fd4497adc8e73499f6a74bda2809d36d9c62224063e4b48b776acc4cfc01f",
+    "zh:d5d25d2ff816925d7bbff0110960529491833a417c794bb0a4ba136e2034aadb",
+    "zh:e2f725e2a5ca867272f07567ba649ca41a94f317c4d00742790af916108e7e95",
+    "zh:eda93a0b8105e04cb7f8c7e3fef84450e3b878338e47a5cfacbdb35f84456094",
   ]
 }

From b9d9d18f1141c26469a1ff8499d98d2c80e95d08 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 4 Jun 2024 09:15:24 -0700
Subject: [PATCH 26/31] Update openssl-version.sh (#588)

---
 cryptography-linux/openssl-version.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cryptography-linux/openssl-version.sh b/cryptography-linux/openssl-version.sh
index 9995e82c..3b84fc1d 100644
--- a/cryptography-linux/openssl-version.sh
+++ b/cryptography-linux/openssl-version.sh
@@ -1,5 +1,5 @@
-export OPENSSL_VERSION="openssl-3.2.1"
-export OPENSSL_SHA256="83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39"
+export OPENSSL_VERSION="openssl-3.2.2"
+export OPENSSL_SHA256="197149c18d9e9f292c43f0400acaba12e5f52cacfe050f3d199277ea738ec2e7"
 # We need a base set of flags because on Windows using MSVC
 # enable-ec_nistp_64_gcc_128 doesn't work since there's no 128-bit type
 export OPENSSL_BUILD_FLAGS_WINDOWS="no-ssl3 no-ssl3-method no-zlib no-shared no-module no-comp no-dynamic-engine no-apps no-docs no-sm2-precomp"

From e15d6cad5e8634fb85cad765d4661433db068f15 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Jun 2024 07:01:05 -0400
Subject: [PATCH 27/31] Bump oracle/oci from 5.44.0 to 5.45.0 in /terraform
 (#589)

Bumps [oracle/oci](https://github.com/oracle/terraform-provider-oci) from 5.44.0 to 5.45.0.
- [Release notes](https://github.com/oracle/terraform-provider-oci/releases)
- [Changelog](https://github.com/oracle/terraform-provider-oci/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oracle/terraform-provider-oci/compare/v5.44.0...v5.45.0)

---
updated-dependencies:
- dependency-name: oracle/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 terraform/.terraform.lock.hcl | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 308831e1..b38a883b 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -58,24 +58,24 @@ provider "registry.terraform.io/hashicorp/local" {
 }
 
 provider "registry.terraform.io/oracle/oci" {
-  version     = "5.44.0"
+  version     = "5.45.0"
   constraints = ">= 4.67.3"
   hashes = [
-    "h1:KTNVUzsVxqG4bpu0f8DHXPQmwPOnt4mC5UefZM9IxMc=",
-    "zh:2512f470e68c1368e6134021409f14b6441f03c0657c2d17c98890227af506c1",
-    "zh:374cffbc9450edcdedd59a9301683ea4a9619ef99153e911c299efb7019b6077",
-    "zh:68d507093861f1629c47bd48b6785c0561a28a080c32dc671a26b495440d7790",
-    "zh:7ad0c64234f72fb18f168ca5c4dcd91ebc8d8ae3153ba093d5df77682d8670e1",
-    "zh:8173c60a764e2b65b261328c6c162bc6ced2cf4c9592bec48131d4669064a97c",
-    "zh:84d50ab9443816e8e8e909565887b35c4a4d95bb7b6c72d7d3379bbdb3c3193d",
+    "h1:96iHu0PM6AW1NqM8LXtGyUtJS5mtadoa93+lFwbA8ck=",
+    "zh:0c61e4bc2da0bb4b4c15abea2c9e2eb345c22f6b6d362ab3a6cdb57a3d6b1934",
+    "zh:42a065e1c83ecc7cb6b42b6fa874e37fde590cd6fa6d2699cde8d3fcdd04b2a6",
+    "zh:45da20316282305f2c4ecb0f989a01352fae525d4c984e46fd3b1363d7b06feb",
+    "zh:575e23eb93d877142b18c331aeb8961fabef38241d764af76c3ec89004b2e9d1",
+    "zh:8c1fcf4cd7c227160668830abee422824eccf03ef1cb50f3857f7ce0dc3f72b5",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:a22132c2414be1c1fa0e44851b9d41421ce2d7d94377b3d5123ed20ed9ad4d3b",
-    "zh:af8ced82c1641309d47fdf9d3d43876d09abefe7882948cddfcc9d1e1fead9a8",
-    "zh:b58fe0a465ebdfd145eb0a63a7276ca179ae397fccd6994e93d95475ed01ca42",
-    "zh:b998dd116338b430effd732289b53870b42108d67e19f40adbd693465163e2b7",
-    "zh:cb4fd4497adc8e73499f6a74bda2809d36d9c62224063e4b48b776acc4cfc01f",
-    "zh:d5d25d2ff816925d7bbff0110960529491833a417c794bb0a4ba136e2034aadb",
-    "zh:e2f725e2a5ca867272f07567ba649ca41a94f317c4d00742790af916108e7e95",
-    "zh:eda93a0b8105e04cb7f8c7e3fef84450e3b878338e47a5cfacbdb35f84456094",
+    "zh:9be90a2bd06d4097654e0d038932bf0c300210f0c34bf3f8e81929553d7d7439",
+    "zh:9f7b8d176f3656b0c0bf1dd0fe174042079ae059335f4fd538f02399536740fc",
+    "zh:a6314268310c9ec4b0f4f90f73926805027e0b97ca2bd4848ef044fec79cb9d7",
+    "zh:abc8758702b29c73397f34ea017c113c539b7f5c32158a1fbe3a8a27cd730617",
+    "zh:ac704d5eb9097d8f9b57930ecccf14848c7104b989acda6f03645dc046d7b462",
+    "zh:c2138e7597e785a3928492600a2c8eace93eb735e0675e967d72633f56944725",
+    "zh:c572be0629042c692dbb2cca1424c2d7c69d0df39ef4fc74adce85dc9f9ee79b",
+    "zh:e15c9807e1dc91d96a3f4c1b43d724816085a605f66b79fbc0f50b322041dde5",
+    "zh:f88e720676546a3d0aebc7f8fe9b86e63ec6d8665aa17756f22abd8b16b6aa78",
   ]
 }

From 22f01d1d0ff158d3470083206997d0e0f1707360 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Wed, 5 Jun 2024 08:10:25 -0400
Subject: [PATCH 28/31] Allow redirects when downloading openssl (#590)

clean up trivial function
---
 cryptography-linux/install_openssl.sh | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/cryptography-linux/install_openssl.sh b/cryptography-linux/install_openssl.sh
index fdad0ecc..d8d567d7 100755
--- a/cryptography-linux/install_openssl.sh
+++ b/cryptography-linux/install_openssl.sh
@@ -4,14 +4,8 @@ set -xe
 OPENSSL_URL="https://www.openssl.org/source/"
 source /root/openssl-version.sh
 
-function check_sha256sum {
-    local fname=$1
-    local sha256=$2
-    echo "${sha256}  ${fname}" | sha256sum -c -
-}
-
-curl -#O "${OPENSSL_URL}/${OPENSSL_VERSION}.tar.gz"
-check_sha256sum ${OPENSSL_VERSION}.tar.gz ${OPENSSL_SHA256}
+curl -#LO "${OPENSSL_URL}/${OPENSSL_VERSION}.tar.gz"
+echo "${OPENSSL_SHA256}  ${OPENSSL_VERSION}.tar.gz" | sha256sum -c -
 tar zxf ${OPENSSL_VERSION}.tar.gz
 pushd ${OPENSSL_VERSION}
 ./config $OPENSSL_BUILD_FLAGS --prefix=/opt/pyca/cryptography/openssl --openssldir=/opt/pyca/cryptography/openssl

From 659bb5edb3c047a8413632aebd2ed6f75a0b317c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Jun 2024 11:23:58 +0200
Subject: [PATCH 29/31] Bump oracle/oci from 5.45.0 to 5.46.0 in /terraform
 (#591)

Bumps [oracle/oci](https://github.com/oracle/terraform-provider-oci) from 5.45.0 to 5.46.0.
- [Release notes](https://github.com/oracle/terraform-provider-oci/releases)
- [Changelog](https://github.com/oracle/terraform-provider-oci/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oracle/terraform-provider-oci/compare/v5.45.0...v5.46.0)

---
updated-dependencies:
- dependency-name: oracle/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 terraform/.terraform.lock.hcl | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index b38a883b..bf62815a 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -58,24 +58,24 @@ provider "registry.terraform.io/hashicorp/local" {
 }
 
 provider "registry.terraform.io/oracle/oci" {
-  version     = "5.45.0"
+  version     = "5.46.0"
   constraints = ">= 4.67.3"
   hashes = [
-    "h1:96iHu0PM6AW1NqM8LXtGyUtJS5mtadoa93+lFwbA8ck=",
-    "zh:0c61e4bc2da0bb4b4c15abea2c9e2eb345c22f6b6d362ab3a6cdb57a3d6b1934",
-    "zh:42a065e1c83ecc7cb6b42b6fa874e37fde590cd6fa6d2699cde8d3fcdd04b2a6",
-    "zh:45da20316282305f2c4ecb0f989a01352fae525d4c984e46fd3b1363d7b06feb",
-    "zh:575e23eb93d877142b18c331aeb8961fabef38241d764af76c3ec89004b2e9d1",
-    "zh:8c1fcf4cd7c227160668830abee422824eccf03ef1cb50f3857f7ce0dc3f72b5",
+    "h1:YnxOoKaBVUxvyEAcRrc8/amNglrtGTzxeTDmzm3R+LY=",
+    "zh:0dac7eba4d556d209627d11e2af6ae564a579617b548f411b5282952632d6820",
+    "zh:1b2d3e2282de8252ed6c017fc693c65747a0bf078b01423d6455df4723f5db60",
+    "zh:27763b8525aa2561adfb7c10f879e06fed71b4862f0f4d19086a0e22c05d6b49",
+    "zh:30cb5dca2edbfe4d31a73004ef049bde4b9f91ea85fdc188fc12f8e660563a45",
+    "zh:33b46e57b2d5a81e9bca7b6c7cd1a56dd0dc90f47f0624834e7eb1092a19a2d4",
+    "zh:3944bb473e7ed85fd08f6d47d65b5796f0da7714b51748c3e1c4854e9bc328a5",
+    "zh:3f2a950cd9604b00f03fb5ecdf0597b682fb9928a05e58d55c59c4b044824ba2",
+    "zh:47c85fc844dc0d685d5f3e513494ada8d785bb94188faad2ae00124ef10b319c",
+    "zh:5fc8235fb0be1192cfbd22b2cd14d20037b6611c3e783b9881ba3810befff805",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:9be90a2bd06d4097654e0d038932bf0c300210f0c34bf3f8e81929553d7d7439",
-    "zh:9f7b8d176f3656b0c0bf1dd0fe174042079ae059335f4fd538f02399536740fc",
-    "zh:a6314268310c9ec4b0f4f90f73926805027e0b97ca2bd4848ef044fec79cb9d7",
-    "zh:abc8758702b29c73397f34ea017c113c539b7f5c32158a1fbe3a8a27cd730617",
-    "zh:ac704d5eb9097d8f9b57930ecccf14848c7104b989acda6f03645dc046d7b462",
-    "zh:c2138e7597e785a3928492600a2c8eace93eb735e0675e967d72633f56944725",
-    "zh:c572be0629042c692dbb2cca1424c2d7c69d0df39ef4fc74adce85dc9f9ee79b",
-    "zh:e15c9807e1dc91d96a3f4c1b43d724816085a605f66b79fbc0f50b322041dde5",
-    "zh:f88e720676546a3d0aebc7f8fe9b86e63ec6d8665aa17756f22abd8b16b6aa78",
+    "zh:ac6537a460a506b6e09a7c90b1e26020fea4f621acc340a45286c9259a1e8a6f",
+    "zh:b4e4bc61eca8b7ee631976d40a506d67c4036c5ba63e74e2e19a28de57a13f77",
+    "zh:f0d67a9b83ad23b8083a9be648522b4e2f76fe302c782a0f5ece740e27111fb1",
+    "zh:f1daa463d29a83b97b51fa43e128abfae86613bedd4e214f085646c7702f8ee6",
+    "zh:fbc09b3f713baf0f0525a70dcabd774b05f494ad9773870bcf6fe104c46feb92",
   ]
 }

From 8bb6c04cf5eb35b22f089c8fb45ad5320718c8cf Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Thu, 13 Jun 2024 08:09:58 -0400
Subject: [PATCH 30/31] Follow redirects when downloading openssl in macOS
 builder (#593)

---
 .github/workflows/build-macos-openssl.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index c4729006..4f01abcf 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -36,7 +36,7 @@ jobs:
       - name: Download OpenSSL
         run: |
           source ./cryptography-linux/openssl-version.sh
-          curl -o openssl.tar.gz https://www.openssl.org/source/$OPENSSL_VERSION.tar.gz
+          curl -Lo openssl.tar.gz https://www.openssl.org/source/$OPENSSL_VERSION.tar.gz
           shasum -a 256 -c <<< "$OPENSSL_SHA256 *openssl.tar.gz"
       - name: Extract OpenSSL
         run: |

From 03a8016f9cb792c1071d6d86e2cdab7f5a078105 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Jun 2024 10:48:08 -0400
Subject: [PATCH 31/31] Bump actions/checkout from 4.1.6 to 4.1.7 (#592)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.6...v4.1.7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-docker-images.yml   | 2 +-
 .github/workflows/build-macos-openssl.yml   | 2 +-
 .github/workflows/build-static-node.yml     | 2 +-
 .github/workflows/build-windows-openssl.yml | 2 +-
 .github/workflows/terraform.yml             | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index 8f5cb676..adbe9170 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -63,7 +63,7 @@ jobs:
 
     name: "${{ matrix.IMAGE.TAG_NAME }}"
     steps:
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v4.1.7
       - run: |
           source ./staticnode/node-version.sh
           arch=$(echo "${{ runner.arch }}" | tr '[:upper:]' '[:lower:]')
diff --git a/.github/workflows/build-macos-openssl.yml b/.github/workflows/build-macos-openssl.yml
index 4f01abcf..18c654fa 100644
--- a/.github/workflows/build-macos-openssl.yml
+++ b/.github/workflows/build-macos-openssl.yml
@@ -32,7 +32,7 @@ jobs:
             OPENSSLDIR: "/opt/homebrew/etc/openssl@3"
     name: "Build OpenSSL for macOS (${{ matrix.ARCH.NAME }})"
     steps:
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v4.1.7
       - name: Download OpenSSL
         run: |
           source ./cryptography-linux/openssl-version.sh
diff --git a/.github/workflows/build-static-node.yml b/.github/workflows/build-static-node.yml
index 5c26656f..55135484 100644
--- a/.github/workflows/build-static-node.yml
+++ b/.github/workflows/build-static-node.yml
@@ -26,7 +26,7 @@ jobs:
           - {RUNNER: "ubuntu-latest", MANYLINUX_ARCH: "x86_64"}
           - {RUNNER: [self-hosted, Linux, ARM64], MANYLINUX_ARCH: "aarch64"}
     steps:
-    - uses: actions/checkout@v4.1.6
+    - uses: actions/checkout@v4.1.7
     - name: Set Node.js version
       run: |
         source ./staticnode/node-version.sh
diff --git a/.github/workflows/build-windows-openssl.yml b/.github/workflows/build-windows-openssl.yml
index 7220dc21..0eb11625 100644
--- a/.github/workflows/build-windows-openssl.yml
+++ b/.github/workflows/build-windows-openssl.yml
@@ -26,7 +26,7 @@ jobs:
         ARCH: ["win32", "win64"]
     name: "Build OpenSSL for ${{ matrix.ARCH }} on MSVC 2022"
     steps:
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v4.1.7
       - run: choco install -y nasm winrar
       - name: Export OpenSSL version
         run: |
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 8463c8cc..9e25a60f 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -16,7 +16,7 @@ jobs:
   terraform:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v4.1.7
       - run: terraform -chdir=terraform/ fmt -check
       - run: terraform -chdir=terraform/ init -backend=false
       # Need to have a values.yaml for validate to pass.