dependabot[bot]
193bfcdc8d
build(deps): bump pylint from 2.15.4 to 2.15.5
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.4 to 2.15.5.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.4...v2.15.5 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 10:07:42 +00:00
Jussi Kukkonen
fce00d85ae
Merge pull request #2146 from theupdateframework/dependabot/github_actions/actions/download-artifact-3.0.1
...
build(deps): bump actions/download-artifact from 3.0.0 to 3.0.1
2022-10-21 14:53:46 +03:00
dependabot[bot]
68571fb887
build(deps): bump actions/download-artifact from 3.0.0 to 3.0.1
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](fb598a63ae...9782bd6a98
2022-10-21 11:14:31 +00:00
Lukas Pühringer
f7924088b6
Merge pull request #2142 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.28
...
build(deps): bump github/codeql-action from 2.1.27 to 2.1.28
2022-10-19 12:47:08 +02:00
Lukas Pühringer
820ff6cf21
Merge pull request #2141 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.25.0
...
build(deps): bump securesystemslib[crypto,pynacl] from 0.24.0 to 0.25.0
2022-10-19 12:46:27 +02:00
dependabot[bot]
5fffbb0485
build(deps): bump github/codeql-action from 2.1.27 to 2.1.28
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.27 to 2.1.28.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](807578363a...cc7986c02b
2022-10-19 10:17:35 +00:00
dependabot[bot]
0aecd96327
build(deps): bump securesystemslib[crypto,pynacl] from 0.24.0 to 0.25.0
...
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib ) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases )
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/master/CHANGELOG.md )
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-19 10:06:24 +00:00
Jussi Kukkonen
852f7a4101
Merge pull request #2139 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.5.0
...
build(deps): bump actions/dependency-review-action from 2.4.1 to 2.5.0
2022-10-18 16:17:15 +03:00
Jussi Kukkonen
bbbcac38cc
Merge pull request #2138 from theupdateframework/dependabot/github_actions/actions/github-script-6.3.3
...
build(deps): bump actions/github-script from 6.3.2 to 6.3.3
2022-10-18 16:12:09 +03:00
Lukas Pühringer
e2cec677ce
Merge pull request #2137 from n-dusan/ndusan/fix-incorrect-length-metapath-validation
...
Fix: allow `length` to be zero
2022-10-17 09:49:44 +02:00
dependabot[bot]
b8976bfd51
build(deps): bump actions/dependency-review-action from 2.4.1 to 2.5.0
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9c96258789...fd675ced9c
2022-10-14 10:16:58 +00:00
dependabot[bot]
67a5fca932
build(deps): bump actions/github-script from 6.3.2 to 6.3.3
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.2 to 6.3.3.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](100527700e...d556feaca3
2022-10-14 10:16:54 +00:00
Lukas Pühringer
7e51f356b3
Merge pull request #2134 from theupdateframework/dependabot/github_actions/actions/github-script-6.3.2
...
build(deps): bump actions/github-script from 6.3.1 to 6.3.2
2022-10-12 14:21:06 +02:00
Lukas Pühringer
62d0cd962c
Merge pull request #2133 from theupdateframework/dependabot/pip/cryptography-38.0.2
...
build(deps): bump cryptography from 38.0.1 to 38.0.2
2022-10-12 14:18:46 +02:00
Lukas Pühringer
87bf583c64
Merge pull request #2135 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.4.1
...
build(deps): bump actions/dependency-review-action from 2.4.0 to 2.4.1
2022-10-12 14:16:27 +02:00
n-dusan
604eef2ffd
fix: allow length to be zero
...
* As per TUF specification, length attribute is a numerical value (which
can include 0) -
https://theupdateframework.github.io/specification/latest/#metapath-length
fix: update tests
Signed-off-by: n-dusan <nikolic.dusan.dey@gmail.com>
2022-10-12 13:02:41 +02:00
dependabot[bot]
2c56fc3532
build(deps): bump actions/dependency-review-action from 2.4.0 to 2.4.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](375c537008...9c96258789
2022-10-12 10:19:15 +00:00
dependabot[bot]
39b823afe4
build(deps): bump actions/github-script from 6.3.1 to 6.3.2
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.1 to 6.3.2.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](7dff1a8764...100527700e
2022-10-12 10:19:05 +00:00
dependabot[bot]
88a68a8ca6
build(deps): bump cryptography from 38.0.1 to 38.0.2
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 38.0.1 to 38.0.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/38.0.1...38.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-12 10:06:17 +00:00
Jussi Kukkonen
28b027815e
Merge pull request #2132 from theupdateframework/dependabot/github_actions/actions/setup-python-4.3.0
...
build(deps): bump actions/setup-python from 4.2.0 to 4.3.0
2022-10-11 17:02:45 +03:00
dependabot[bot]
76c0d6cec0
build(deps): bump actions/setup-python from 4.2.0 to 4.3.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](b55428b188...13ae5bb136
2022-10-11 10:29:56 +00:00
Lukas Pühringer
c9bfc0a31d
Merge pull request #2131 from theupdateframework/dependabot/pip/pylint-2.15.4
...
build(deps): bump pylint from 2.15.3 to 2.15.4
2022-10-11 12:25:55 +02:00
dependabot[bot]
dd66745a49
build(deps): bump pylint from 2.15.3 to 2.15.4
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.3 to 2.15.4.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.3...v2.15.4 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-11 10:10:07 +00:00
Jussi Kukkonen
0e1ab2685b
Merge pull request #2128 from theupdateframework/dependabot/pip/black-22.10.0
...
build(deps): bump black from 22.8.0 to 22.10.0
2022-10-10 13:52:13 +03:00
Lukas Pühringer
3f7c0ea34d
Merge pull request #2130 from kairoaraujo/fix_minor_typo
...
Fix typo CD.yml
2022-10-10 10:16:04 +02:00
Kairo de Araujo
869d23a9f2
Fix typo CD.yml
...
Fixed typo in CD.yml: 'candidate' instead ' candidate'.
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-10-10 09:56:25 +02:00
Jussi Kukkonen
00a5ebd387
Merge pull request #2129 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.27
...
build(deps): bump github/codeql-action from 2.1.26 to 2.1.27
2022-10-07 14:06:38 +03:00
dependabot[bot]
45f8096d97
build(deps): bump github/codeql-action from 2.1.26 to 2.1.27
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.26 to 2.1.27.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e0e5ded33c...807578363a
2022-10-07 10:43:05 +00:00
dependabot[bot]
447d64f83b
build(deps): bump black from 22.8.0 to 22.10.0
...
Bumps [black](https://github.com/psf/black ) from 22.8.0 to 22.10.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/22.8.0...22.10.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-07 10:13:33 +00:00
Jussi Kukkonen
7f3c745bdb
Merge pull request #2126 from theupdateframework/dependabot/pip/mypy-0.982
...
build(deps): bump mypy from 0.971 to 0.982
2022-10-05 09:55:30 +03:00
Lukas Pühringer
4c108be7f5
Merge pull request #2127 from theupdateframework/dependabot/github_actions/actions/checkout-3.1.0
...
build(deps): bump actions/checkout from 3.0.2 to 3.1.0
2022-10-04 13:04:22 +02:00
dependabot[bot]
9907d4d38a
build(deps): bump actions/checkout from 3.0.2 to 3.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](2541b1294d...93ea575cb5
2022-10-04 10:45:28 +00:00
dependabot[bot]
dfd05630b9
build(deps): bump mypy from 0.971 to 0.982
...
Bumps [mypy](https://github.com/python/mypy ) from 0.971 to 0.982.
- [Release notes](https://github.com/python/mypy/releases )
- [Commits](https://github.com/python/mypy/compare/v0.971...v0.982 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-04 10:34:14 +00:00
Lukas Pühringer
a4d53bedde
Merge pull request #2125 from theupdateframework/dependabot/github_actions/actions/github-script-6.3.1
...
build(deps): bump actions/github-script from 6.2.0 to 6.3.1
2022-10-03 11:48:42 +02:00
dependabot[bot]
903ad61a8e
build(deps): bump actions/github-script from 6.2.0 to 6.3.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.2.0 to 6.3.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](c713e510db...7dff1a8764
2022-10-03 09:39:02 +00:00
Jussi Kukkonen
16b959fcbe
Merge pull request #2123 from theupdateframework/dependabot/pip/coverage-6.5.0
...
build(deps): bump coverage from 6.4.4 to 6.5.0
2022-10-03 10:44:09 +03:00
Jussi Kukkonen
c65cd779b3
Merge pull request #2124 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.26
...
build(deps): bump github/codeql-action from 2.1.25 to 2.1.26
2022-10-03 10:37:10 +03:00
Joshua Lock
4349ff0a8e
Merge pull request #2122 from joshuagl/joshuagl/verify_deep
...
Do a deep comparison of files in verify_release
2022-09-30 16:30:45 +01:00
dependabot[bot]
99b9246db7
build(deps): bump github/codeql-action from 2.1.25 to 2.1.26
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.25 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](86f3159a69...e0e5ded33c
2022-09-30 10:18:27 +00:00
dependabot[bot]
6e1ff0234d
build(deps): bump coverage from 6.4.4 to 6.5.0
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 6.4.4 to 6.5.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/6.4.4...6.5.0 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-30 10:07:55 +00:00
Joshua Lock
4c8e965169
verify_release: do a deep comparison of the files
...
dircmp[1] does a shallow[2] comparison of files, that is only the file
type, size and modification time are compared -- not the file size or
contents. Therefore, switch to using cmp with the shallow option set to
False to perform a full comparison of the local files and retrieved files.
1. https://docs.python.org/3/library/filecmp.html?filecmp.dircmp#filecmp.dircmp
2. https://docs.python.org/3/library/filecmp.html?filecmp.dircmp#filecmp.cmp
Signed-off-by: Joshua Lock <jlock@vmware.com>
2022-09-29 20:47:21 +01:00
Jussi Kukkonen
e9fc0c0e0a
Merge pull request #2119 from MVrachev/bump-spec-version
...
Bump supported spec version to 1.0.31
2022-09-27 10:09:06 +03:00
Jussi Kukkonen
f8ea69b4ca
Merge pull request #2118 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.4.0
...
build(deps): bump actions/dependency-review-action from 2.1.0 to 2.4.0
2022-09-27 10:06:38 +03:00
Jussi Kukkonen
5e13fc8c92
Merge pull request #2117 from theupdateframework/dependabot/pip/certifi-2022.9.24
...
build(deps): bump certifi from 2022.9.14 to 2022.9.24
2022-09-27 10:05:25 +03:00
Martin Vrachev
26e748e0c1
Bump supported spec version to 1.0.31
...
Bump the supported specification version to 1.0.31 and additionally
update the generated test metadata as it has to be up to date with the
latest changes.
The new changes in the specification version 1.0.31 clarify the
requirement for the new root version as compared to the old root version
in step 5.3.5:
https://theupdateframework.github.io/specification/latest/#update-root
We already do what the specification suggests in the new changes, so
no other changes are required.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-09-26 17:56:15 +03:00
dependabot[bot]
e7ab8d56b6
build(deps): bump actions/dependency-review-action from 2.1.0 to 2.4.0
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.1.0 to 2.4.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](23d1ffffb6...375c537008
2022-09-26 10:56:29 +00:00
dependabot[bot]
7fc26cf71d
build(deps): bump certifi from 2022.9.14 to 2022.9.24
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2022.9.14 to 2022.9.24.
- [Release notes](https://github.com/certifi/python-certifi/releases )
- [Commits](https://github.com/certifi/python-certifi/compare/2022.09.14...2022.09.24 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-26 10:16:37 +00:00
Jussi Kukkonen
39b67bcc6e
Merge pull request #2113 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.25
...
build(deps): bump github/codeql-action from 2.1.24 to 2.1.25
2022-09-23 10:28:27 +03:00
dependabot[bot]
849a44d655
build(deps): bump github/codeql-action from 2.1.24 to 2.1.25
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.24 to 2.1.25.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](904260d7d9...86f3159a69
2022-09-22 10:33:20 +00:00
Jussi Kukkonen
367b75f396
Merge pull request #2110 from theupdateframework/dependabot/pip/pylint-2.15.3
...
build(deps): bump pylint from 2.15.2 to 2.15.3
2022-09-20 13:15:09 +03:00
