Lukas Pühringer
0020fd77c2
Merge pull request #2916 from theupdateframework/dependabot/pip/test-and-lint-dependencies-75011380db
...
build(deps): bump ruff from 0.15.1 to 0.15.2 in the test-and-lint-dependencies group
2026-03-03 09:07:12 +01:00
Lukas Pühringer
7a1ba61a05
Merge pull request #2917 from theupdateframework/dependabot/github_actions/action-dependencies-a3a0f643bf
...
build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 in the action-dependencies group
2026-03-03 09:06:53 +01:00
Lukas Pühringer
d503d18e2d
Merge pull request #2915 from theupdateframework/dependabot/pip/build-and-release-dependencies-c5d741827e
...
build(deps-dev): bump hatchling from 1.28.0 to 1.29.0 in the build-and-release-dependencies group
2026-03-03 08:57:42 +01:00
dependabot[bot]
4c720e1f41
build(deps): bump actions/download-artifact
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 7.0.0 to 8.0.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](37930b1c2a...70fc10c6e5
2026-03-02 23:22:48 +00:00
dependabot[bot]
0e31c525ae
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.15.1 to 0.15.2
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.15.1...0.15.2 )
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.15.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-02 23:15:19 +00:00
dependabot[bot]
104ce4a0de
build(deps-dev): bump hatchling
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.28.0 to 1.29.0
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.28.0...hatchling-v1.29.0 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-version: 1.29.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-02 23:15:01 +00:00
Lukas Pühringer
41f3f6f866
Merge pull request #2913 from theupdateframework/dependabot/pip/test-and-lint-dependencies-c1229cd395
...
build(deps): bump ruff from 0.15.0 to 0.15.1 in the test-and-lint-dependencies group
2026-02-24 08:36:40 +01:00
Lukas Pühringer
3c0a6b6269
Merge pull request #2914 from theupdateframework/dependabot/pip/dependencies-d1091effbf
...
build(deps): bump cryptography from 46.0.4 to 46.0.5 in the dependencies group
2026-02-24 08:36:18 +01:00
dependabot[bot]
c46b820dc5
build(deps): bump cryptography in the dependencies group
...
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography ).
Updates `cryptography` from 46.0.4 to 46.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/46.0.4...46.0.5 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-02-23 22:58:12 +00:00
dependabot[bot]
d1c149fab3
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.15.0 to 0.15.1
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.15.0...0.15.1 )
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.15.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-02-23 22:57:47 +00:00
Jussi Kukkonen
9f34e0f232
Merge pull request #2903 from 1seal/hardening/require-explicit-bootstrap
...
feat(ngclient): require explicit bootstrap argument
2026-02-19 17:55:40 +02:00
1seal
d5fa0b0594
address review feedback: remove redundant root.json writes, rename docs section
...
Signed-off-by: 1seal <security@1seal.org>
2026-02-19 14:46:40 +01:00
Jussi Kukkonen
d68ea5969b
Merge pull request #2911 from theupdateframework/dependabot/pip/test-and-lint-dependencies-3a9aa6d8fd
...
build(deps): bump ruff from 0.14.14 to 0.15.0 in the test-and-lint-dependencies group
2026-02-17 12:20:33 +02:00
Jussi Kukkonen
927a598877
tests: Keep linter happy
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2026-02-17 12:15:12 +02:00
Jussi Kukkonen
a982e7fc91
Merge pull request #2912 from theupdateframework/dependabot/pip/dependencies-8b4bb013e3
...
build(deps): bump coverage[toml] from 7.13.2 to 7.13.4 in the dependencies group
2026-02-17 12:02:55 +02:00
dependabot[bot]
8749310954
build(deps): bump coverage[toml] in the dependencies group
...
Bumps the dependencies group with 1 update: [coverage[toml]](https://github.com/coveragepy/coveragepy ).
Updates `coverage[toml]` from 7.13.2 to 7.13.4
- [Release notes](https://github.com/coveragepy/coveragepy/releases )
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst )
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.13.2...7.13.4 )
---
updated-dependencies:
- dependency-name: coverage[toml]
dependency-version: 7.13.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-02-16 21:43:12 +00:00
dependabot[bot]
a7feb53975
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.14.14 to 0.15.0
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.14.14...0.15.0 )
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-02-16 21:42:45 +00:00
Jussi Kukkonen
34236bdd92
Merge pull request #2909 from theupdateframework/dependabot/pip/dependencies-3549884691
...
build(deps): bump cryptography from 46.0.3 to 46.0.4 in the dependencies group
2026-02-10 10:10:32 +02:00
Jussi Kukkonen
865d873d82
Merge pull request #2908 from theupdateframework/dependabot/pip/test-and-lint-dependencies-4cebb5b62e
...
build(deps): bump ruff from 0.14.13 to 0.14.14 in the test-and-lint-dependencies group
2026-02-10 10:10:02 +02:00
dependabot[bot]
ebd3929dca
build(deps): bump cryptography in the dependencies group
...
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography ).
Updates `cryptography` from 46.0.3 to 46.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.4 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-02-10 00:20:18 +00:00
dependabot[bot]
37a47c0590
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.14.13 to 0.14.14
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/0.14.14/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.14.13...0.14.14 )
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.14.14
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-02-10 00:19:53 +00:00
Lukas Pühringer
2a4c578e4f
Merge pull request #2904 from theupdateframework/dependabot/pip/test-and-lint-dependencies-4baf793881
...
build(deps): bump the test-and-lint-dependencies group with 2 updates
2026-02-03 08:32:02 +01:00
Lukas Pühringer
c8bfe78c6c
Merge pull request #2907 from theupdateframework/dependabot/github_actions/action-dependencies-f50382bc57
...
build(deps): bump actions/setup-python from 6.1.0 to 6.2.0 in the action-dependencies group
2026-02-03 08:31:10 +01:00
Lukas Pühringer
154fdd9e6c
Merge pull request #2906 from theupdateframework/dependabot/pip/dependencies-59c6d9ab24
...
build(deps): bump the dependencies group with 2 updates
2026-02-03 08:30:28 +01:00
dependabot[bot]
8765473c0b
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](83679a892e...a309ff8b42
2026-02-03 03:07:09 +00:00
dependabot[bot]
1b0f942235
build(deps): bump the dependencies group with 2 updates
...
Bumps the dependencies group with 2 updates: [pycparser](https://github.com/eliben/pycparser ) and [coverage[toml]](https://github.com/coveragepy/coveragepy ).
Updates `pycparser` from 2.23 to 3.0
- [Release notes](https://github.com/eliben/pycparser/releases )
- [Commits](https://github.com/eliben/pycparser/compare/release_v2.23...release_v3.00 )
Updates `coverage[toml]` from 7.13.1 to 7.13.2
- [Release notes](https://github.com/coveragepy/coveragepy/releases )
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst )
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.13.1...7.13.2 )
---
updated-dependencies:
- dependency-name: pycparser
dependency-version: '3.0'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
- dependency-name: coverage[toml]
dependency-version: 7.13.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-02-03 03:06:09 +00:00
Jussi Kukkonen
bf5ddf8a00
workflows: Add zizmor ignore comment
...
Should be fine to use check-latest-spec-version from master.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2026-01-30 16:12:21 +02:00
Jussi Kukkonen
95e77754ef
Merge pull request #2905 from theupdateframework/dependabot/github_actions/action-dependencies-e6ee9d7de3
...
build(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the action-dependencies group
2026-01-27 11:47:28 +02:00
dependabot[bot]
07de919f5f
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45
2026-01-26 23:02:38 +00:00
dependabot[bot]
0f495b85ef
build(deps): bump the test-and-lint-dependencies group with 2 updates
...
Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff ) and [zizmor](https://github.com/zizmorcore/zizmor ).
Updates `ruff` from 0.14.11 to 0.14.13
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.14.11...0.14.13 )
Updates `zizmor` from 1.20.0 to 1.22.0
- [Release notes](https://github.com/zizmorcore/zizmor/releases )
- [Changelog](https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md )
- [Commits](https://github.com/zizmorcore/zizmor/compare/v1.20.0...v1.22.0 )
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.14.13
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: zizmor
dependency-version: 1.22.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-01-26 23:01:33 +00:00
1seal
c49bdb9322
feat(ngclient): require explicit bootstrap argument
...
make bootstrap required and explicit: callers must pass bootstrap=<root_bytes> or bootstrap=None.
also tighten docs, examples, and tests to reflect the explicit trust anchor choice.
Signed-off-by: 1seal <security@1seal.org>
2026-01-25 11:58:09 +00:00
Lukas Pühringer
004626faca
Merge pull request #2900 from theupdateframework/dependabot/pip/build-and-release-dependencies-f627e552a0
...
build(deps): bump build from 1.3.0 to 1.4.0 in the build-and-release-dependencies group
2026-01-20 08:52:59 +01:00
Lukas Pühringer
2632374233
Merge pull request #2901 from theupdateframework/dependabot/pip/test-and-lint-dependencies-2a4c7cdeec
...
build(deps): bump ruff from 0.14.10 to 0.14.11 in the test-and-lint-dependencies group
2026-01-20 08:52:46 +01:00
Lukas Pühringer
2c66c3d482
Merge pull request #2902 from theupdateframework/dependabot/pip/dependencies-8177a8837a
...
build(deps): bump urllib3 from 2.6.2 to 2.6.3 in the dependencies group
2026-01-20 08:52:23 +01:00
dependabot[bot]
4f29bd731a
build(deps): bump urllib3 from 2.6.2 to 2.6.3 in the dependencies group
...
Bumps the dependencies group with 1 update: [urllib3](https://github.com/urllib3/urllib3 ).
Updates `urllib3` from 2.6.2 to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.6.2...2.6.3 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-version: 2.6.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-01-19 22:39:00 +00:00
dependabot[bot]
530c6b0682
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.14.10 to 0.14.11
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.14.10...0.14.11 )
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.14.11
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-01-19 22:38:35 +00:00
dependabot[bot]
10d34fc65e
build(deps): bump build in the build-and-release-dependencies group
...
Bumps the build-and-release-dependencies group with 1 update: [build](https://github.com/pypa/build ).
Updates `build` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/pypa/build/releases )
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/build/compare/1.3.0...1.4.0 )
---
updated-dependencies:
- dependency-name: build
dependency-version: 1.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-01-19 22:38:18 +00:00
Jussi Kukkonen
7b9d787971
Merge pull request #2899 from theupdateframework/dependabot/pip/dependencies-d8927da50b
...
build(deps): bump coverage[toml] from 7.10.7 to 7.13.1 in the dependencies group
2026-01-13 12:04:26 +02:00
Jussi Kukkonen
2bd21181c7
Merge pull request #2898 from theupdateframework/dependabot/pip/test-and-lint-dependencies-9095fcff71
...
build(deps): bump zizmor from 1.16.3 to 1.20.0 in the test-and-lint-dependencies group
2026-01-13 12:04:06 +02:00
dependabot[bot]
e371cabdfa
build(deps): bump coverage[toml] in the dependencies group
...
Bumps the dependencies group with 1 update: [coverage[toml]](https://github.com/coveragepy/coveragepy ).
Updates `coverage[toml]` from 7.10.7 to 7.13.1
- [Release notes](https://github.com/coveragepy/coveragepy/releases )
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst )
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.10.7...7.13.1 )
---
updated-dependencies:
- dependency-name: coverage[toml]
dependency-version: 7.13.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-01-13 10:01:30 +00:00
dependabot[bot]
be6edcd032
build(deps): bump zizmor in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [zizmor](https://github.com/zizmorcore/zizmor ).
Updates `zizmor` from 1.16.3 to 1.20.0
- [Release notes](https://github.com/zizmorcore/zizmor/releases )
- [Changelog](https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md )
- [Commits](https://github.com/zizmorcore/zizmor/compare/v1.16.3...v1.20.0 )
---
updated-dependencies:
- dependency-name: zizmor
dependency-version: 1.20.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-01-13 10:01:02 +00:00
Lukas Pühringer
94d76ede05
Merge pull request #2897 from jku/bump-minimum-python-version
...
Bump minimum python version
2026-01-13 09:19:51 +01:00
Jussi Kukkonen
7ecb67d83e
api: make the zip() usage clearer
...
We manually enforce matching lengths but there's no harm in doing this
too.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2026-01-08 13:15:37 +02:00
Jussi Kukkonen
0785c78b33
Make linter happy after python upgrade
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2026-01-08 13:08:53 +02:00
Jussi Kukkonen
8513f46c2b
Bump minimum Python version to 3.10
...
We could just stop testing with 3.9... but I think this will lead to
unintentionally breaking 3.9 anyway sooner or later.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2026-01-08 13:08:47 +02:00
Jussi Kukkonen
b21206d3fa
Merge pull request #2893 from theupdateframework/dependabot/pip/build-and-release-dependencies-fdea254270
...
build(deps-dev): bump hatchling from 1.27.0 to 1.28.0 in the build-and-release-dependencies group
2026-01-07 13:27:59 +02:00
dependabot[bot]
89bc8bb1c1
build(deps-dev): bump hatchling
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.27.0 to 1.28.0
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.27.0...hatchling-v1.28.0 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-version: 1.28.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-01-05 21:01:22 +00:00
Jussi Kukkonen
590a3b57cd
Merge pull request #2892 from theupdateframework/dependabot/pip/test-and-lint-dependencies-0ac1949946
...
build(deps): bump ruff from 0.14.9 to 0.14.10 in the test-and-lint-dependencies group
2025-12-30 10:34:23 +02:00
dependabot[bot]
10b47eba85
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.14.9 to 0.14.10
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.14.9...0.14.10 )
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.14.10
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-12-29 21:01:28 +00:00
Jussi Kukkonen
b47232175e
Merge pull request #2889 from theupdateframework/dependabot/pip/test-and-lint-dependencies-fb9c0f41fc
...
build(deps): bump the test-and-lint-dependencies group with 2 updates
2025-12-29 12:16:33 +02:00
