dependabot[bot]
4ec49e23f7
build(deps): bump actions/checkout in the action-dependencies group ( #2710 )
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.7 to 4.2.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7
2024-10-01 11:00:12 +03:00
dependabot[bot]
d77ab75a4e
build(deps): bump pypa/gh-action-pypi-publish ( #2706 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.10.1 to 1.10.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](0ab0b79471...897895f1e1
2024-09-30 16:24:52 +03:00
dependabot[bot]
5971b09ac2
build(deps): bump theupdateframework/tuf-conformance ( #2704 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 1.0.0 to 1.1.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](5ae68349ec...d8ab40ba95
2024-09-17 13:04:14 +03:00
Jussi Kukkonen
8b2578274e
Merge pull request #2684 from jku/update-tuf-conformance-to-1.0
...
Update tuf conformance to 1.0
2024-09-17 12:46:08 +03:00
Jussi Kukkonen
9b2a931c78
Update permissions
...
This does not really change the default much but it's a decent practice
and makes the SSF Scorecard look better.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-09-12 12:58:12 +03:00
dependabot[bot]
26bcacf1d7
build(deps): bump pypa/gh-action-pypi-publish ( #2696 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.10.0 to 1.10.1
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](8a08d61689...0ab0b79471
2024-09-10 10:12:31 +03:00
dependabot[bot]
dc004e7d2b
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/setup-python` from 5.1.1 to 5.2.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](39cd14951b...f677139bbehttps://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](ec4db0b4dd...8a08d61689
2024-09-02 21:33:56 +00:00
dependabot[bot]
7a47f23872
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.3.5 to 4.3.6
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9
2024-08-12 21:52:40 +00:00
Jussi Kukkonen
3a429984bd
workflows: Enable tuf-conformance for PRs
...
tuf-conformance workflow now pins a release tag so we can enable this
on PRs.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-08-08 15:50:14 +03:00
Jussi Kukkonen
ce560215bf
Update tuf-conformance action to 1.0
...
Also update the client-under-test script
(this is a direct copy from tuf-conformance).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-08-08 15:48:13 +03:00
dependabot[bot]
e74205280d
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.3.4 to 4.3.5
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8
2024-08-05 21:51:28 +00:00
dependabot[bot]
ad69f71181
build(deps): bump ossf/scorecard-action in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7ed
2024-07-29 21:04:16 +00:00
dependabot[bot]
ab6dbf790b
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 5.1.0 to 5.1.1
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](82c7e631bb...39cd14951b
2024-07-15 21:42:17 +00:00
Jussi Kukkonen
40f72b1f14
workflows: Change conformance workflow name
...
Otherwise you can't tell them apart in the UI...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-11 18:41:32 +03:00
Jussi Kukkonen
b14452dac6
workflows: Tweak conformance step name
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-11 18:26:58 +03:00
Jussi Kukkonen
0b85ed570d
Add a conformance test workflow
...
* The conformance test suite is likely to still change quite a bit so
the workflow is not enabled on PRs yet
* The actual conformance client is copied from the tuf-conformance project
* This is mostly a test to see how things should work out, and a
demonstration of how the tuf-conformance project should be used
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-10 16:15:36 +03:00
dependabot[bot]
970dd075f1
build(deps): bump the action-dependencies group with 2 updates ( #2666 )
...
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 09:21:13 +03:00
dependabot[bot]
31e8eeb3f6
build(deps): bump the action-dependencies group with 2 updates ( #2660 )
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](81e9d935c8...ec4db0b4dd
2024-06-18 10:56:02 +03:00
dependabot[bot]
c5c81dd885
---
...
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-20 21:18:03 +00:00
dependabot[bot]
02464e9a74
build(deps): bump ossf/scorecard-action in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510
2024-05-13 21:52:50 +00:00
dependabot[bot]
dd9bf7410a
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4
2024-05-06 21:50:18 +00:00
dependabot[bot]
8607c56000
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fadahttps://github.com/actions/download-artifact/releases )
- [Commits](9c19ed7fe5...65a9edc588
2024-04-29 21:42:06 +00:00
Jussi Kukkonen
f50693c625
workflows: Add awk magic to GH changelog generation
...
* Create a changelog file with awk
* Add both "dist" and "changelog" to artifact
* This changes the artifact handling: Now the dist
directory is inside the artifact (instead of the contents
of the directory being in the directory): this means the
default path now works for `download-artifact`
* Dump changelog into the release body
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 10:40:47 +03:00
Jussi Kukkonen
5f854b6440
workflows: Only test old Pythons on linux
...
* This fixes current CI (new mac runners do not have old pythons)
* This is also sensible: running the complete matrix seems wasteful
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-24 20:57:49 +03:00
dependabot[bot]
0e5833afb8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fdhttps://github.com/actions/download-artifact/releases )
- [Commits](c850b930e6...9c19ed7fe5
2024-04-22 21:40:01 +00:00
Jussi Kukkonen
7d57ab65d2
workflows: Simplify testing
...
* Don't try to handle sslib main test within the matrix
* Put it in a separate workflow
* Include the new workflow in CI but not in CD
* Bonus: Make cache-dependency-path more complete
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-16 10:32:08 +03:00
dependabot[bot]
feaaeab865
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3https://github.com/actions/setup-python/releases )
- [Commits](0a5c615913...82c7e631bb
2024-04-02 08:02:13 +00:00
dependabot[bot]
87d1778c03
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.8.12 to 1.8.14
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](e53eb8b103...81e9d935c8
2024-03-11 21:41:44 +00:00
dependabot[bot]
20660262a7
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](87c55149d9...c850b930e6
2024-03-04 21:16:03 +00:00
Jussi Kukkonen
d8a43ac376
Merge pull request #2577 from theupdateframework/dependabot/github_actions/action-dependencies-c371c8bcbb
...
build(deps): bump the action-dependencies group with 1 update
2024-02-27 16:09:22 +02:00
Lukas Pühringer
c93c9ff10e
Merge pull request #2570 from jku/lint-use-github-output-format
...
Lint use GitHub output format
2024-02-27 09:13:38 +01:00
dependabot[bot]
62e7221afe
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.8.11 to 1.8.12
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](2f6f737ca5...e53eb8b103
2024-02-27 08:12:31 +00:00
dependabot[bot]
10917d9cc6
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...87c55149d9
2024-02-26 21:50:43 +00:00
Jussi Kukkonen
d85cde5e8e
lint: Use GitHub output format on GitHub
...
This should enable inline annotations.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-22 15:55:00 +02:00
dependabot[bot]
21061fc239
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312https://github.com/actions/download-artifact/releases )
- [Commits](6b208ae046...eaceaf801f
2024-02-12 21:39:13 +00:00
dependabot[bot]
60bb1d6f69
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.2.0 to 4.3.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-29 21:47:11 +00:00
dependabot[bot]
ef913dc364
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/upload-artifact` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8bhttps://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-22 21:43:32 +00:00
dependabot[bot]
8c70971dea
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3ehttps://github.com/actions/download-artifact/releases )
- [Commits](f44cd7b40b...6b208ae046
2024-01-15 21:46:10 +00:00
dependabot[bot]
a17f6f7c8d
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](7a1cd3216c...f44cd7b40b
2023-12-19 09:36:42 +00:00
dependabot[bot]
0ee4bb14d8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ), [actions/download-artifact](https://github.com/actions/download-artifact ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/upload-artifact` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32ehttps://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...7a1cd3216chttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:37:32 +00:00
Lukas Puehringer
dd9b5e0da2
build: add workaround to auto-update build system
...
Dependabot does not support `build-system.requires`. To get
reproducibility and auto-updates, we pin the version in a regular
requirements file and use it as constraint during build.
fixes : #2529
upstream issue: dependabot/dependabot-core#8465
h/t @jku
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 12:32:00 +01:00
dependabot[bot]
9cb3eb582b
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](65d7f2d534...0a5c615913
2023-12-07 10:56:23 +00:00
dependabot[bot]
9704d5bb44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.10 to 1.8.11.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](b7f401de30...2f6f737ca5
2023-12-04 08:04:44 +00:00
E3E
4e1d8a7ad3
enable python 3.12
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2023-12-02 23:28:34 -05:00
dependabot[bot]
4d6a9310ee
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
2023-11-20 10:13:14 +00:00
Jussi Kukkonen
33778942a3
CI: Run lint on oldest supported Python version
...
* This was suggested as best practice by a pylint developer
* Seems better than CI randomly breaking when GitHub updates
Python version (and pylint starts applying new rules that we
can't follow because that would break old Python versions)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-11-03 12:00:25 +02:00
dependabot[bot]
173fc82ef7
build(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902
2023-10-24 10:50:14 +00:00
dependabot[bot]
2764851c88
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-18 10:10:55 +00:00
Jussi Kukkonen
d5c953d575
workflows: Partially revert action versions
...
Commit f0058259
2023-10-09 18:40:56 +03:00
Jussi Kukkonen
00b67c0a67
Merge pull request #2479 from jku/dont-pin-code-scanner-actions
...
workflows: Stop pinning actions that are not security relevant
2023-10-09 11:03:45 +03:00
dependabot[bot]
cf3445c22f
build(deps): bump actions/setup-python from 4.7.0 to 4.7.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.0 to 4.7.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](61a6322f88...65d7f2d534
2023-10-03 11:01:32 +00:00
Jussi Kukkonen
f005825955
workflows: Stop pinning actions that are not security relevant
...
These workflows have no real security relevance (runtime build or test)
in the sense that a compromise in the dependencies could compromise
python-tuf security:
* scorecards
* dependency-review
* codeql-analysis
Stop pinning the actions used in them (except the common actions that
are used everyewhere like actions/checkout: use the same version of
those everywhere). The benefit here is fewer Dependabot PRs: If we had
done this from the start we'd have skipped ~70 PRs by now.
The interesting permissions used in these workflows are
* security-events: write
This can add things onto the "Security" tab in GitHub
* id-token: write
This allows OIDC authentication, but only as this specific workflow
These permissions look completely acceptable to me.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-10-02 13:34:24 +03:00
Lukas Puehringer
9894d735a9
Remove obsolete comments from Python 2.7 times
...
We longer run 2.7 tests (_test.yml) and we no longer need per-version
requirements files (main.txt).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-09-28 11:40:29 +02:00
Lukas Pühringer
ad1bbe65df
Merge pull request #2460 from jku/drop-3.7-support
...
Drop support for Python 3.7
2023-09-28 11:28:13 +02:00
dependabot[bot]
aaea6c29ab
build(deps): bump actions/checkout from 4.0.0 to 4.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-25 10:56:33 +00:00
dependabot[bot]
c672dfb7eb
build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04daf014b5...6a28655e3d
2023-09-19 10:32:26 +00:00
dependabot[bot]
dcf81b8748
build(deps): bump github/codeql-action from 2.21.5 to 2.21.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.5 to 2.21.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](00e563ead9...04daf014b5
2023-09-15 10:30:45 +00:00
dependabot[bot]
325defd06d
build(deps): bump actions/dependency-review-action from 3.0.8 to 3.1.0
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.8 to 3.1.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f6fff72a32...6c5ccdad46
2023-09-08 10:34:37 +00:00
Jussi Kukkonen
c645e186dd
Merge pull request #2455 from theupdateframework/dependabot/github_actions/actions/checkout-4.0.0
...
build(deps): bump actions/checkout from 3.6.0 to 4.0.0
2023-09-07 16:03:17 +03:00
Jussi Kukkonen
e37769e252
Drop support for Python 3.7
...
* Python 3.7 is EOL.
* Our runtime dependencies are still ok with 3.7
* Testing dependencies have started requiring 3.8
Stop supporting and testing Python 3.7.
We could just stop testing Python 3.7 (while claiming to still support
it) but that seems like it'll lead to trouble: we will inevitably use
some 3.8 feature and then won't notice because we don't test 3.7 any
more.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-09-07 15:52:36 +03:00
dependabot[bot]
811bf02fb0
build(deps): bump actions/checkout from 3.6.0 to 4.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...3df4ab11eb
2023-09-07 12:36:36 +00:00
dependabot[bot]
1c0c95f5f8
build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...a8a3f3ad30
2023-09-07 12:36:34 +00:00
sumanth8495
ade02cfb17
Missing version numbers are given, mentioned bugs are resolved.
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-06 19:04:23 +05:30
sumanth8495
1f676a8e34
version numbers are commented respectively
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-06 13:10:40 +05:30
sumanth8495
e3772c7082
workflows: Includes version comments in GH action uses-lines
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-02 18:44:15 +05:30
dependabot[bot]
82c223cafe
build(deps): bump actions/checkout from 3.5.3 to 3.6.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
2023-08-31 09:14:00 +00:00
dependabot[bot]
2e82328f69
build(deps): bump github/codeql-action from 2.21.4 to 2.21.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.4 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a09933a12a...00e563ead9
2023-08-29 10:32:24 +00:00
Jussi Kukkonen
016e16c1a9
Merge pull request #2446 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.8
...
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8
2023-08-15 16:17:49 +03:00
dependabot[bot]
69568c52fa
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.7 to 3.0.8.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](7d90b4f05f...f6fff72a32
2023-08-15 10:08:36 +00:00
dependabot[bot]
11c67cc04d
build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.3 to 2.21.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5b6282e01c...a09933a12a
2023-08-15 10:08:34 +00:00
Jussi Kukkonen
44632b4866
Merge pull request #2441 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.10
...
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
2023-08-11 14:20:59 +03:00
Jussi Kukkonen
bb8663aced
Merge pull request #2437 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.7
...
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7
2023-08-11 13:50:07 +03:00
dependabot[bot]
7f1b4f372b
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.8 to 1.8.10.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f8c70e705f...b7f401de30
2023-08-11 10:38:06 +00:00
dependabot[bot]
52b8c685e0
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](1360a344cc...7d90b4f05f
2023-08-10 10:47:08 +00:00
dependabot[bot]
e11fe641ac
build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.2 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0ba4244466...5b6282e01c
2023-08-09 10:10:30 +00:00
dependabot[bot]
34507c46ae
build(deps): bump github/codeql-action from 2.21.1 to 2.21.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.1 to 2.21.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6ca1aa8c19...0ba4244466
2023-07-31 10:57:23 +00:00
dependabot[bot]
f17c3b13ac
build(deps): bump github/codeql-action from 2.21.0 to 2.21.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.0 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1813ca74c3...6ca1aa8c19
2023-07-27 10:09:15 +00:00
dependabot[bot]
9ae7c20760
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.4 to 2.21.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](489225d82a...1813ca74c3
2023-07-20 10:30:25 +00:00
Lukas Pühringer
3262767aec
Merge pull request #2423 from theupdateframework/dependabot/github_actions/actions/setup-python-4.7.0
...
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
2023-07-17 14:02:29 +02:00
Lukas Pühringer
9e18fd733d
Merge pull request #2422 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.8
...
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
2023-07-17 13:52:45 +02:00
dependabot[bot]
c6c9644a1f
build(deps): bump github/codeql-action from 2.20.1 to 2.20.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.1 to 2.20.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f6e388ebf0...489225d82a
2023-07-17 10:55:18 +00:00
dependabot[bot]
44dbf4bc02
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](bd6b4b6205...61a6322f88
2023-07-14 10:23:57 +00:00
dependabot[bot]
459c865d44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.7 to 1.8.8.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f5622bde02...f8c70e705f
2023-07-12 10:49:20 +00:00
dependabot[bot]
9a90005c08
build(deps): bump pypa/gh-action-pypi-publish from 1.8.6 to 1.8.7
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.6 to 1.8.7.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](a56da0b891...f5622bde02
2023-06-27 10:58:39 +00:00
dependabot[bot]
2b5a375e73
build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](80e868c13c...08b4669551
2023-06-26 10:59:12 +00:00
dependabot[bot]
121d672d20
build(deps): bump github/codeql-action from 2.20.0 to 2.20.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.0 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6c089f53dd...f6e388ebf0
2023-06-21 10:59:03 +00:00
dependabot[bot]
a8185d862e
build(deps): bump github/codeql-action from 2.3.6 to 2.20.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.6 to 2.20.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](83f0fe6c49...6c089f53dd
2023-06-14 10:59:00 +00:00
dependabot[bot]
55a17cc3ee
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-12 11:00:10 +00:00
Jussi Kukkonen
61d29b32e9
Merge pull request #2405 from theupdateframework/dependabot/github_actions/github/codeql-action-2.3.6
...
build(deps): bump github/codeql-action from 2.3.3 to 2.3.6
2023-06-02 15:21:27 +03:00
Jussi Kukkonen
4dabbd0b38
Merge pull request #2403 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.6
...
build(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6
2023-06-02 14:13:47 +03:00
dependabot[bot]
1359485a67
build(deps): bump github/codeql-action from 2.3.3 to 2.3.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...83f0fe6c49
2023-06-02 10:58:18 +00:00
dependabot[bot]
bedbeb0002
build(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.4 to 3.0.6.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f46c48ed6d...1360a344cc
2023-06-01 10:59:23 +00:00
dependabot[bot]
4f3ff9fa12
build(deps): bump actions/setup-python from 4.6.0 to 4.6.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](57ded4d7d5...bd6b4b6205
2023-05-25 10:58:36 +00:00
Jussi Kukkonen
ffc904906c
github: Fix issue with draft releases
...
Commit 707dc49
2023-05-10 14:06:55 +03:00
dependabot[bot]
a6ea12754d
build(deps): bump pypa/gh-action-pypi-publish from 1.8.5 to 1.8.6
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.5 to 1.8.6.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](0bf742be3e...a56da0b891
2023-05-08 14:14:07 +00:00
Lukas Pühringer
209f87275a
Merge pull request #2371 from jku/trusted-publisher
...
release: Use PyPI Trusted Publishing
2023-05-08 16:04:26 +02:00
dependabot[bot]
224ce8ec8c
build(deps): bump github/codeql-action from 2.3.2 to 2.3.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f3feb00acb...29b1f65c5e
2023-05-05 10:58:24 +00:00
dependabot[bot]
ac419451cc
build(deps): bump github/codeql-action from 2.3.0 to 2.3.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...f3feb00acb
2023-04-28 10:58:26 +00:00
Jussi Kukkonen
53c280680b
release: Use PyPI Trusted Publishing
...
Instead of using the secret stored in environment secrets, allow the
publish action to use the OIDC identity to authenticate to pypi.org.
This repository/workflow/environment has been marked as a "Trusted
Publisher" in pypi.org: this means PyPI should give the publish action a
short lived token to use for publishing.
This enables #2370 : but the secret should still be removed before
closing the issue (maybe after one successful release with Trusted
Publishing).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-04-27 15:42:55 +03:00
dependabot[bot]
28ea174245
build(deps): bump github/codeql-action from 2.2.12 to 2.3.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
2023-04-24 11:00:22 +00:00
