Commit graph

5964 commits

Author SHA1 Message Date
dependabot[bot]
0ee4bb14d8
build(deps): bump the action-dependencies group with 3 updates
Bumps the action-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/upload-artifact` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](a8a3f3ad30...c7d193f32e)

Updates `actions/download-artifact` from 3.0.2 to 4.0.0
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](9bc31d5ccc...7a1cd3216c)

Updates `github/codeql-action` from 2 to 3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: action-dependencies
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: action-dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:37:32 +00:00
Jussi Kukkonen
9b877d2971
Merge pull request #2531 from theupdateframework/dependabot/pip/test-and-lint-dependencies-ba4aa0f83e
build(deps): bump the test-and-lint-dependencies group with 3 updates
2023-12-13 15:50:26 +02:00
dependabot[bot]
bae72af900
build(deps): bump the test-and-lint-dependencies group with 3 updates
Bumps the test-and-lint-dependencies group with 3 updates: [black](https://github.com/psf/black), [isort](https://github.com/pycqa/isort) and [pylint](https://github.com/pylint-dev/pylint).


Updates `black` from 23.11.0 to 23.12.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.11.0...23.12.0)

Updates `isort` from 5.13.0 to 5.13.1
- [Release notes](https://github.com/pycqa/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pycqa/isort/compare/5.13.0...5.13.1)

Updates `pylint` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](https://github.com/pylint-dev/pylint/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
- dependency-name: isort
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-13 13:38:25 +00:00
Jussi Kukkonen
e07b7e443d
Merge pull request #2530 from jku/dependabot-groups
Dependabot: Use groups, update weekly
2023-12-13 15:34:46 +02:00
Jussi Kukkonen
fdcfb6a423 dependabot: Add hatchling to build dependencies group
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
2b1d4eb182 Dependabot: Use groups, update weekly
All dependencies are now checked weekly and those weekly updates
are grouped into 4 groups:
  * critical python build/release deps
  * python test and lint deps (only pinned for test repro)
  * all other python dependencies
  * All github action dependencies

This is not quite the division that was hashed out in #2014, mostly for
practical reasons:
* GitHub actions are already practically split by pinning strategy so they
  don't really need further groups:
  * Non-security-relevant actions are pinned by tags
  * Other actions are pinned by hash
* The dependency grouping is quite limited

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
6c25c353f0
Merge pull request #2528 from lukpueh/upgrade-hatchling
build: Upgrade hatchling to 1.20.0
2023-12-13 13:55:54 +02:00
Lukas Puehringer
dd9b5e0da2 build: add workaround to auto-update build system
Dependabot does not support `build-system.requires`. To get
reproducibility and auto-updates, we pin the version in a regular
requirements file and use it as constraint during build.

fixes: #2529
upstream issue: dependabot/dependabot-core#8465
h/t @jku

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 12:32:00 +01:00
Lukas Puehringer
7c5f5d2517 build: Upgrade hatchling to 1.20.0
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 09:49:15 +01:00
Jussi Kukkonen
8fbf0c7d2f
Merge pull request #2514 from theupdateframework/dependabot/pip/idna-3.6
build(deps): bump idna from 3.4 to 3.6
2023-12-12 14:57:13 +02:00
Jussi Kukkonen
3419e7d0a0
Merge pull request #2524 from lukpueh/upgrade-hatchling
build: Upgrade hatchling to 1.19.1
2023-12-12 14:10:57 +02:00
Lukas Puehringer
00be49b6b5 build: Upgrade hatchling to 1.19.1
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-12 11:20:09 +01:00
dependabot[bot]
7a2f4e2734
build(deps): bump idna from 3.4 to 3.6
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.6.
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.6)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:11:44 +00:00
Jussi Kukkonen
a1a2f2bcbe
Merge pull request #2515 from theupdateframework/dependabot/pip/cryptography-41.0.7
build(deps): bump cryptography from 41.0.5 to 41.0.7
2023-12-12 11:11:03 +02:00
Jussi Kukkonen
892b778d47
Merge pull request #2521 from theupdateframework/dependabot/github_actions/actions/setup-python-5.0.0
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
2023-12-12 11:10:44 +02:00
Jussi Kukkonen
7183e55b87
Merge pull request #2513 from theupdateframework/dependabot/pip/mypy-1.7.1
build(deps): bump mypy from 1.7.0 to 1.7.1
2023-12-12 11:10:08 +02:00
dependabot[bot]
cbbae8ae79
build(deps): bump mypy from 1.7.0 to 1.7.1
Bumps [mypy](https://github.com/python/mypy) from 1.7.0 to 1.7.1.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:06:50 +00:00
Jussi Kukkonen
06c68f1f00
Merge pull request #2523 from theupdateframework/dependabot/pip/bandit-1.7.6
build(deps): bump bandit from 1.7.5 to 1.7.6
2023-12-12 11:05:52 +02:00
dependabot[bot]
3aa00723e3
build(deps): bump bandit from 1.7.5 to 1.7.6
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 08:25:31 +00:00
Jussi Kukkonen
0dc514d821
Merge pull request #2522 from theupdateframework/dependabot/pip/isort-5.13.0
build(deps): bump isort from 5.12.0 to 5.13.0
2023-12-12 10:23:04 +02:00
dependabot[bot]
2db6b4ab5a
build(deps): bump isort from 5.12.0 to 5.13.0
Bumps [isort](https://github.com/pycqa/isort) from 5.12.0 to 5.13.0.
- [Release notes](https://github.com/pycqa/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pycqa/isort/compare/5.12.0...5.13.0)

---
updated-dependencies:
- dependency-name: isort
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-11 10:39:11 +00:00
dependabot[bot]
9cb3eb582b
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](65d7f2d534...0a5c615913)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 10:56:23 +00:00
Jussi Kukkonen
f711997a08
Merge pull request #2519 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.31.0
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
2023-12-04 16:08:19 +01:00
dependabot[bot]
5ac1af75f0
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib) from 0.30.0 to 0.31.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases)
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 10:57:44 +00:00
Jussi Kukkonen
06ef16b548
Merge pull request #2516 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.11
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
2023-12-04 09:54:22 +01:00
dependabot[bot]
9704d5bb44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.10 to 1.8.11.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](b7f401de30...2f6f737ca5)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 08:04:44 +00:00
dependabot[bot]
9e6fe7c62d
build(deps): bump cryptography from 41.0.5 to 41.0.7
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.5 to 41.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.5...41.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 08:03:49 +00:00
Jussi Kukkonen
e989c14ee9
Merge pull request #2518 from NicholasTanz/enable_python3.12
build: Enable python 3.12
2023-12-04 09:02:09 +01:00
Jussi Kukkonen
823342a51e
Merge pull request #2517 from lukpueh/upgrade-hatchling
build: Upgrade hatchling to latest release
2023-12-04 08:53:24 +01:00
E3E
4e1d8a7ad3 enable python 3.12
Signed-off-by: E3E <ntanzill@purdue.edu>
2023-12-02 23:28:34 -05:00
Lukas Puehringer
a61172a155 build: Upgrade hatchling to latest release
This is not tracked by dependabot so needs manual updates.

Manually tested by building with previous and new hatchling version
and diffing unzipped/untared wheel and sdist.

There were no unexpected changes.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-11-30 10:25:23 +01:00
Lukas Pühringer
c92cd28b38
Merge pull request #2512 from theupdateframework/dependabot/pip/certifi-2023.11.17
build(deps): bump certifi from 2023.7.22 to 2023.11.17
2023-11-21 12:51:51 +01:00
Lukas Pühringer
1b5949834a
Merge pull request #2509 from theupdateframework/dependabot/pip/urllib3-2.1.0
build(deps): bump urllib3 from 2.0.7 to 2.1.0
2023-11-21 12:51:03 +01:00
Lukas Pühringer
0b44de7cc9
Merge pull request #2508 from theupdateframework/dependabot/pip/mypy-1.7.0
build(deps): bump mypy from 1.6.1 to 1.7.0
2023-11-21 12:49:20 +01:00
Jussi Kukkonen
8ccaffe0fa
Merge pull request #2511 from theupdateframework/dependabot/github_actions/actions/github-script-7.0.1
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
2023-11-20 13:19:15 +02:00
dependabot[bot]
c5153c6f72
build(deps): bump certifi from 2023.7.22 to 2023.11.17
Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2023.11.17.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.07.22...2023.11.17)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:33:47 +00:00
dependabot[bot]
4d6a9310ee
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](d7906e4ad0...60a0d83039)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:13:14 +00:00
dependabot[bot]
a4ebaa405d
build(deps): bump urllib3 from 2.0.7 to 2.1.0
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.7 to 2.1.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.7...2.1.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-14 10:18:41 +00:00
dependabot[bot]
1d60002916
build(deps): bump mypy from 1.6.1 to 1.7.0
Bumps [mypy](https://github.com/python/mypy) from 1.6.1 to 1.7.0.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.6.1...v1.7.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-13 10:34:31 +00:00
Jussi Kukkonen
6a682f4df8
Merge pull request #2507 from theupdateframework/dependabot/pip/black-23.11.0
build(deps): bump black from 23.10.1 to 23.11.0
2023-11-13 10:50:23 +02:00
dependabot[bot]
7302c5afe6
build(deps): bump black from 23.10.1 to 23.11.0
Bumps [black](https://github.com/psf/black) from 23.10.1 to 23.11.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.10.1...23.11.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-08 10:16:12 +00:00
Jussi Kukkonen
8533ea95ac
Merge pull request #2505 from theupdateframework/dependabot/pip/charset-normalizer-3.3.2
build(deps): bump charset-normalizer from 3.3.1 to 3.3.2
2023-11-03 12:36:27 +02:00
dependabot[bot]
d11fc4be7b
build(deps): bump charset-normalizer from 3.3.1 to 3.3.2
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases)
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.1...3.3.2)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-03 10:31:44 +00:00
Lukas Pühringer
61ceb82c46
Merge pull request #2506 from jku/lint-on-oldest-supported-python
CI: Run lint on oldest supported Python version
2023-11-03 11:30:15 +01:00
Jussi Kukkonen
33778942a3 CI: Run lint on oldest supported Python version
* This was suggested as best practice by a pylint developer
* Seems better than CI randomly breaking when GitHub updates
  Python version (and pylint starts applying new rules that we
  can't follow because that would break old Python versions)

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-11-03 12:00:25 +02:00
Jussi Kukkonen
a73355e168
Merge pull request #2504 from theupdateframework/dependabot/pip/cryptography-41.0.5
build(deps): bump cryptography from 41.0.4 to 41.0.5
2023-10-26 11:20:41 +03:00
dependabot[bot]
dba2ebe60e
build(deps): bump cryptography from 41.0.4 to 41.0.5
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4 to 41.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.4...41.0.5)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 10:32:08 +00:00
Jussi Kukkonen
52e6ee6db0
Merge pull request #2501 from theupdateframework/dependabot/pip/pylint-3.0.2 2023-10-25 09:35:14 +03:00
Jussi Kukkonen
967974fec6
Merge pull request #2500 from theupdateframework/dependabot/pip/charset-normalizer-3.3.1 2023-10-25 09:32:28 +03:00
dependabot[bot]
a37693df9a
build(deps): bump pylint from 3.0.1 to 3.0.2
Bumps [pylint](https://github.com/pylint-dev/pylint) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](https://github.com/pylint-dev/pylint/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 06:31:55 +00:00