Lukas Pühringer
2a4c578e4f
Merge pull request #2904 from theupdateframework/dependabot/pip/test-and-lint-dependencies-4baf793881
...
build(deps): bump the test-and-lint-dependencies group with 2 updates
2026-02-03 08:32:02 +01:00
dependabot[bot]
8765473c0b
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](83679a892e...a309ff8b42
2026-02-03 03:07:09 +00:00
Jussi Kukkonen
bf5ddf8a00
workflows: Add zizmor ignore comment
...
Should be fine to use check-latest-spec-version from master.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2026-01-30 16:12:21 +02:00
dependabot[bot]
07de919f5f
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45
2026-01-26 23:02:38 +00:00
dependabot[bot]
53a8f11c20
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8
2025-12-15 21:03:18 +00:00
dependabot[bot]
347f76fd68
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68https://github.com/actions/setup-python/releases )
- [Commits](e797f83bcb...83679a892e
2025-12-01 23:07:50 +00:00
dependabot[bot]
d3d7c46483
build(deps): bump the action-dependencies group with 3 updates ( #2863 )
...
Bumps the action-dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python ), [actions/github-script](https://github.com/actions/github-script ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/setup-python` from 5.6.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](a26af69be9...e797f83bcbhttps://github.com/actions/github-script/releases )
- [Commits](60a0d83039...ed597411d8https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](76f52bc884...ed0c53931b
2025-09-09 12:28:11 +03:00
dependabot[bot]
5f60ee52e5
build(deps): bump the action-dependencies group with 2 updates ( #2856 )
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.2.2 to 5.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8https://github.com/actions/download-artifact/releases )
- [Commits](d3f86a106a...634f93cb29
2025-08-12 11:20:34 +03:00
dependabot[bot]
ec50bc52b8
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/setup-python](https://github.com/actions/setup-python ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/setup-python` from 5.5.0 to 5.6.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](8d9ed9ac5c...a26af69be9https://github.com/actions/download-artifact/releases )
- [Commits](95815c38cf...d3f86a106a
2025-04-28 22:28:44 +00:00
dependabot[bot]
63b2ca5b07
build(deps): bump actions/setup-python in the action-dependencies group ( #2820 )
2025-04-01 09:25:13 +03:00
NicholasTanz
41c7922c92
add zizmor for linting workflows.
...
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
2025-02-19 21:53:14 -05:00
dependabot[bot]
051cbda20a
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](0b93645e9f...42375524e2
2025-02-03 21:10:31 +00:00
Jussi Kukkonen
e5547e7984
workflows: Fix the spec version check
...
I removed all instances of "pip install -e ." from our scripts
in 4e889e7
2025-01-13 20:14:48 +02:00
Jussi Kukkonen
4e889e7212
dev env: Stop installing tuf as "editable"
...
This was likely only necessary because the test suite required it:
Now tuf does not get installed at all by tox (or by dev install)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
dependabot[bot]
42c3b2d919
build(deps): bump the action-dependencies group with 2 updates ( #2729 )
2024-10-29 08:50:53 +02:00
dependabot[bot]
192a349c1b
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/checkout` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](d632683dd7...eef61447b9https://github.com/actions/upload-artifact/releases )
- [Commits](50769540e7...604373da63https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](897895f1e1...f7600683ef
2024-10-07 21:33:01 +00:00
dependabot[bot]
4ec49e23f7
build(deps): bump actions/checkout in the action-dependencies group ( #2710 )
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.7 to 4.2.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7
2024-10-01 11:00:12 +03:00
dependabot[bot]
dc004e7d2b
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/setup-python` from 5.1.1 to 5.2.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](39cd14951b...f677139bbehttps://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](ec4db0b4dd...8a08d61689
2024-09-02 21:33:56 +00:00
dependabot[bot]
ab6dbf790b
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 5.1.0 to 5.1.1
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](82c7e631bb...39cd14951b
2024-07-15 21:42:17 +00:00
dependabot[bot]
31e8eeb3f6
build(deps): bump the action-dependencies group with 2 updates ( #2660 )
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](81e9d935c8...ec4db0b4dd
2024-06-18 10:56:02 +03:00
dependabot[bot]
c5c81dd885
---
...
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-20 21:18:03 +00:00
dependabot[bot]
dd9bf7410a
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4
2024-05-06 21:50:18 +00:00
dependabot[bot]
8607c56000
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fadahttps://github.com/actions/download-artifact/releases )
- [Commits](9c19ed7fe5...65a9edc588
2024-04-29 21:42:06 +00:00
dependabot[bot]
0e5833afb8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fdhttps://github.com/actions/download-artifact/releases )
- [Commits](c850b930e6...9c19ed7fe5
2024-04-22 21:40:01 +00:00
dependabot[bot]
feaaeab865
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3https://github.com/actions/setup-python/releases )
- [Commits](0a5c615913...82c7e631bb
2024-04-02 08:02:13 +00:00
dependabot[bot]
9cb3eb582b
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](65d7f2d534...0a5c615913
2023-12-07 10:56:23 +00:00
dependabot[bot]
2764851c88
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-18 10:10:55 +00:00
dependabot[bot]
cf3445c22f
build(deps): bump actions/setup-python from 4.7.0 to 4.7.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.0 to 4.7.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](61a6322f88...65d7f2d534
2023-10-03 11:01:32 +00:00
dependabot[bot]
aaea6c29ab
build(deps): bump actions/checkout from 4.0.0 to 4.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-25 10:56:33 +00:00
dependabot[bot]
811bf02fb0
build(deps): bump actions/checkout from 3.6.0 to 4.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...3df4ab11eb
2023-09-07 12:36:36 +00:00
sumanth8495
ade02cfb17
Missing version numbers are given, mentioned bugs are resolved.
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-06 19:04:23 +05:30
sumanth8495
1f676a8e34
version numbers are commented respectively
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-06 13:10:40 +05:30
sumanth8495
e3772c7082
workflows: Includes version comments in GH action uses-lines
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-02 18:44:15 +05:30
dependabot[bot]
82c223cafe
build(deps): bump actions/checkout from 3.5.3 to 3.6.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
2023-08-31 09:14:00 +00:00
dependabot[bot]
44dbf4bc02
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](bd6b4b6205...61a6322f88
2023-07-14 10:23:57 +00:00
dependabot[bot]
55a17cc3ee
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-12 11:00:10 +00:00
dependabot[bot]
4f3ff9fa12
build(deps): bump actions/setup-python from 4.6.0 to 4.6.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](57ded4d7d5...bd6b4b6205
2023-05-25 10:58:36 +00:00
dependabot[bot]
964c30c2dd
build(deps): bump actions/setup-python from 4.5.0 to 4.6.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](d27e3f3d7c...57ded4d7d5
2023-04-21 10:58:33 +00:00
dependabot[bot]
308c9874b7
build(deps): bump actions/checkout from 3.5.0 to 3.5.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8f4b7f8486...8e5e7e5ab8
2023-04-14 10:58:57 +00:00
dependabot[bot]
f86f656d3c
build(deps): bump actions/checkout from 3.4.0 to 3.5.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](24cb908017...8f4b7f8486
2023-03-28 07:44:51 +00:00
dependabot[bot]
a673ac3df5
build(deps): bump actions/checkout from 3.3.0 to 3.4.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...24cb908017
2023-03-20 08:21:35 +00:00
dependabot[bot]
4c3df14a50
build(deps): bump actions/setup-python from 4.4.0 to 4.5.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](5ccb29d877...d27e3f3d7c
2023-01-13 10:50:28 +00:00
dependabot[bot]
bfbfb55444
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
2023-01-13 10:32:56 +00:00
dependabot[bot]
681c134e09
build(deps): bump actions/setup-python from 4.3.1 to 4.4.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](2c3dd9e7e2...5ccb29d877
2022-12-23 10:22:10 +00:00
dependabot[bot]
98991d8f50
build(deps): bump actions/checkout from 3.1.0 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](93ea575cb5...755da8c3cf
2022-12-13 10:04:50 +00:00
dependabot[bot]
205769d9bf
build(deps): bump actions/setup-python from 4.3.0 to 4.3.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](13ae5bb136...2c3dd9e7e2
2022-12-09 17:50:35 +00:00
Jussi Kukkonen
b6c3b66ca6
build: Change build dependency pinning strategy
...
* don't autoupgrade pip: let's consider pip to be part of platform?
* pin build and tox in new requirements-build.txt: this mostly prevents
tox from going to 4.x before we're ready
* use requirements-build.txt as constraint when installing tox or build
during CI & CD
* use requirements-build.txt in requiremenets-dev.txt
Note that coveralls is not pinned, not sure if it should be.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-12-09 18:10:03 +02:00
Jussi Kukkonen
53521bfda0
workflows: Set top-level permissions
...
This changes very little but it does mean any jobs added in future have to
be explicit about the permissions they need. This also makes OSSF scorecard
happier.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-10-30 12:56:22 +02:00
Miles Liu
0a79245c43
ci: migrate deprecating set-output commands
...
Signed-off-by: Miles Liu <miles@bung.cc>
2022-10-24 15:46:44 +08:00
dependabot[bot]
76c0d6cec0
build(deps): bump actions/setup-python from 4.2.0 to 4.3.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](b55428b188...13ae5bb136
2022-10-11 10:29:56 +00:00
