dependabot[bot]
0ee4bb14d8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ), [actions/download-artifact](https://github.com/actions/download-artifact ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/upload-artifact` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32e )
Updates `actions/download-artifact` from 3.0.2 to 4.0.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...7a1cd3216c )
Updates `github/codeql-action` from 2 to 3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:37:32 +00:00
Jussi Kukkonen
9b877d2971
Merge pull request #2531 from theupdateframework/dependabot/pip/test-and-lint-dependencies-ba4aa0f83e
...
build(deps): bump the test-and-lint-dependencies group with 3 updates
2023-12-13 15:50:26 +02:00
dependabot[bot]
bae72af900
build(deps): bump the test-and-lint-dependencies group with 3 updates
...
Bumps the test-and-lint-dependencies group with 3 updates: [black](https://github.com/psf/black ), [isort](https://github.com/pycqa/isort ) and [pylint](https://github.com/pylint-dev/pylint ).
Updates `black` from 23.11.0 to 23.12.0
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.11.0...23.12.0 )
Updates `isort` from 5.13.0 to 5.13.1
- [Release notes](https://github.com/pycqa/isort/releases )
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pycqa/isort/compare/5.13.0...5.13.1 )
Updates `pylint` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/pylint-dev/pylint/releases )
- [Commits](https://github.com/pylint-dev/pylint/compare/v3.0.2...v3.0.3 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
- dependency-name: isort
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-13 13:38:25 +00:00
Jussi Kukkonen
e07b7e443d
Merge pull request #2530 from jku/dependabot-groups
...
Dependabot: Use groups, update weekly
2023-12-13 15:34:46 +02:00
Jussi Kukkonen
fdcfb6a423
dependabot: Add hatchling to build dependencies group
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
2b1d4eb182
Dependabot: Use groups, update weekly
...
All dependencies are now checked weekly and those weekly updates
are grouped into 4 groups:
* critical python build/release deps
* python test and lint deps (only pinned for test repro)
* all other python dependencies
* All github action dependencies
This is not quite the division that was hashed out in #2014 , mostly for
practical reasons:
* GitHub actions are already practically split by pinning strategy so they
don't really need further groups:
* Non-security-relevant actions are pinned by tags
* Other actions are pinned by hash
* The dependency grouping is quite limited
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
6c25c353f0
Merge pull request #2528 from lukpueh/upgrade-hatchling
...
build: Upgrade hatchling to 1.20.0
2023-12-13 13:55:54 +02:00
Lukas Puehringer
dd9b5e0da2
build: add workaround to auto-update build system
...
Dependabot does not support `build-system.requires`. To get
reproducibility and auto-updates, we pin the version in a regular
requirements file and use it as constraint during build.
fixes : #2529
upstream issue: dependabot/dependabot-core#8465
h/t @jku
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 12:32:00 +01:00
Lukas Puehringer
7c5f5d2517
build: Upgrade hatchling to 1.20.0
...
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 09:49:15 +01:00
Jussi Kukkonen
8fbf0c7d2f
Merge pull request #2514 from theupdateframework/dependabot/pip/idna-3.6
...
build(deps): bump idna from 3.4 to 3.6
2023-12-12 14:57:13 +02:00
Jussi Kukkonen
3419e7d0a0
Merge pull request #2524 from lukpueh/upgrade-hatchling
...
build: Upgrade hatchling to 1.19.1
2023-12-12 14:10:57 +02:00
Lukas Puehringer
00be49b6b5
build: Upgrade hatchling to 1.19.1
...
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-12 11:20:09 +01:00
dependabot[bot]
7a2f4e2734
build(deps): bump idna from 3.4 to 3.6
...
Bumps [idna](https://github.com/kjd/idna ) from 3.4 to 3.6.
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.6 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:11:44 +00:00
Jussi Kukkonen
a1a2f2bcbe
Merge pull request #2515 from theupdateframework/dependabot/pip/cryptography-41.0.7
...
build(deps): bump cryptography from 41.0.5 to 41.0.7
2023-12-12 11:11:03 +02:00
Jussi Kukkonen
892b778d47
Merge pull request #2521 from theupdateframework/dependabot/github_actions/actions/setup-python-5.0.0
...
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
2023-12-12 11:10:44 +02:00
Jussi Kukkonen
7183e55b87
Merge pull request #2513 from theupdateframework/dependabot/pip/mypy-1.7.1
...
build(deps): bump mypy from 1.7.0 to 1.7.1
2023-12-12 11:10:08 +02:00
dependabot[bot]
cbbae8ae79
build(deps): bump mypy from 1.7.0 to 1.7.1
...
Bumps [mypy](https://github.com/python/mypy ) from 1.7.0 to 1.7.1.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:06:50 +00:00
Jussi Kukkonen
06c68f1f00
Merge pull request #2523 from theupdateframework/dependabot/pip/bandit-1.7.6
...
build(deps): bump bandit from 1.7.5 to 1.7.6
2023-12-12 11:05:52 +02:00
dependabot[bot]
3aa00723e3
build(deps): bump bandit from 1.7.5 to 1.7.6
...
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6 )
---
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 08:25:31 +00:00
Jussi Kukkonen
0dc514d821
Merge pull request #2522 from theupdateframework/dependabot/pip/isort-5.13.0
...
build(deps): bump isort from 5.12.0 to 5.13.0
2023-12-12 10:23:04 +02:00
dependabot[bot]
2db6b4ab5a
build(deps): bump isort from 5.12.0 to 5.13.0
...
Bumps [isort](https://github.com/pycqa/isort ) from 5.12.0 to 5.13.0.
- [Release notes](https://github.com/pycqa/isort/releases )
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pycqa/isort/compare/5.12.0...5.13.0 )
---
updated-dependencies:
- dependency-name: isort
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-11 10:39:11 +00:00
dependabot[bot]
9cb3eb582b
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](65d7f2d534...0a5c615913 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 10:56:23 +00:00
Jussi Kukkonen
f711997a08
Merge pull request #2519 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.31.0
...
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
2023-12-04 16:08:19 +01:00
dependabot[bot]
5ac1af75f0
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
...
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib ) from 0.30.0 to 0.31.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases )
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md )
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.30.0...v0.31.0 )
---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 10:57:44 +00:00
Jussi Kukkonen
06ef16b548
Merge pull request #2516 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.11
...
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
2023-12-04 09:54:22 +01:00
dependabot[bot]
9704d5bb44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.10 to 1.8.11.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](b7f401de30...2f6f737ca5 )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 08:04:44 +00:00
dependabot[bot]
9e6fe7c62d
build(deps): bump cryptography from 41.0.5 to 41.0.7
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.5 to 41.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.5...41.0.7 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 08:03:49 +00:00
Jussi Kukkonen
e989c14ee9
Merge pull request #2518 from NicholasTanz/enable_python3.12
...
build: Enable python 3.12
2023-12-04 09:02:09 +01:00
Jussi Kukkonen
823342a51e
Merge pull request #2517 from lukpueh/upgrade-hatchling
...
build: Upgrade hatchling to latest release
2023-12-04 08:53:24 +01:00
E3E
4e1d8a7ad3
enable python 3.12
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2023-12-02 23:28:34 -05:00
Lukas Puehringer
a61172a155
build: Upgrade hatchling to latest release
...
This is not tracked by dependabot so needs manual updates.
Manually tested by building with previous and new hatchling version
and diffing unzipped/untared wheel and sdist.
There were no unexpected changes.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-11-30 10:25:23 +01:00
Lukas Pühringer
c92cd28b38
Merge pull request #2512 from theupdateframework/dependabot/pip/certifi-2023.11.17
...
build(deps): bump certifi from 2023.7.22 to 2023.11.17
2023-11-21 12:51:51 +01:00
Lukas Pühringer
1b5949834a
Merge pull request #2509 from theupdateframework/dependabot/pip/urllib3-2.1.0
...
build(deps): bump urllib3 from 2.0.7 to 2.1.0
2023-11-21 12:51:03 +01:00
Lukas Pühringer
0b44de7cc9
Merge pull request #2508 from theupdateframework/dependabot/pip/mypy-1.7.0
...
build(deps): bump mypy from 1.6.1 to 1.7.0
2023-11-21 12:49:20 +01:00
Jussi Kukkonen
8ccaffe0fa
Merge pull request #2511 from theupdateframework/dependabot/github_actions/actions/github-script-7.0.1
...
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
2023-11-20 13:19:15 +02:00
dependabot[bot]
c5153c6f72
build(deps): bump certifi from 2023.7.22 to 2023.11.17
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2023.7.22 to 2023.11.17.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.07.22...2023.11.17 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:33:47 +00:00
dependabot[bot]
4d6a9310ee
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:13:14 +00:00
dependabot[bot]
a4ebaa405d
build(deps): bump urllib3 from 2.0.7 to 2.1.0
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.7 to 2.1.0.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.7...2.1.0 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-14 10:18:41 +00:00
dependabot[bot]
1d60002916
build(deps): bump mypy from 1.6.1 to 1.7.0
...
Bumps [mypy](https://github.com/python/mypy ) from 1.6.1 to 1.7.0.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.6.1...v1.7.0 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-13 10:34:31 +00:00
Jussi Kukkonen
6a682f4df8
Merge pull request #2507 from theupdateframework/dependabot/pip/black-23.11.0
...
build(deps): bump black from 23.10.1 to 23.11.0
2023-11-13 10:50:23 +02:00
dependabot[bot]
7302c5afe6
build(deps): bump black from 23.10.1 to 23.11.0
...
Bumps [black](https://github.com/psf/black ) from 23.10.1 to 23.11.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.10.1...23.11.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-08 10:16:12 +00:00
Jussi Kukkonen
8533ea95ac
Merge pull request #2505 from theupdateframework/dependabot/pip/charset-normalizer-3.3.2
...
build(deps): bump charset-normalizer from 3.3.1 to 3.3.2
2023-11-03 12:36:27 +02:00
dependabot[bot]
d11fc4be7b
build(deps): bump charset-normalizer from 3.3.1 to 3.3.2
...
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer ) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases )
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.1...3.3.2 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-03 10:31:44 +00:00
Lukas Pühringer
61ceb82c46
Merge pull request #2506 from jku/lint-on-oldest-supported-python
...
CI: Run lint on oldest supported Python version
2023-11-03 11:30:15 +01:00
Jussi Kukkonen
33778942a3
CI: Run lint on oldest supported Python version
...
* This was suggested as best practice by a pylint developer
* Seems better than CI randomly breaking when GitHub updates
Python version (and pylint starts applying new rules that we
can't follow because that would break old Python versions)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-11-03 12:00:25 +02:00
Jussi Kukkonen
a73355e168
Merge pull request #2504 from theupdateframework/dependabot/pip/cryptography-41.0.5
...
build(deps): bump cryptography from 41.0.4 to 41.0.5
2023-10-26 11:20:41 +03:00
dependabot[bot]
dba2ebe60e
build(deps): bump cryptography from 41.0.4 to 41.0.5
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.4 to 41.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.4...41.0.5 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 10:32:08 +00:00
Jussi Kukkonen
52e6ee6db0
Merge pull request #2501 from theupdateframework/dependabot/pip/pylint-3.0.2
2023-10-25 09:35:14 +03:00
Jussi Kukkonen
967974fec6
Merge pull request #2500 from theupdateframework/dependabot/pip/charset-normalizer-3.3.1
2023-10-25 09:32:28 +03:00
dependabot[bot]
a37693df9a
build(deps): bump pylint from 3.0.1 to 3.0.2
...
Bumps [pylint](https://github.com/pylint-dev/pylint ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/pylint-dev/pylint/releases )
- [Commits](https://github.com/pylint-dev/pylint/compare/v3.0.1...v3.0.2 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 06:31:55 +00:00