python-tuf

mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00

Author	SHA1	Message	Date
Jussi Kukkonen	39b67bcc6e	Merge pull request #2113 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.25 build(deps): bump github/codeql-action from 2.1.24 to 2.1.25	2022-09-23 10:28:27 +03:00
dependabot[bot]	849a44d655	build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.24 to 2.1.25. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`904260d7d9...86f3159a69`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-22 10:33:20 +00:00
Jussi Kukkonen	367b75f396	Merge pull request #2110 from theupdateframework/dependabot/pip/pylint-2.15.3 build(deps): bump pylint from 2.15.2 to 2.15.3	2022-09-20 13:15:09 +03:00
Jussi Kukkonen	210af730f5	Merge pull request #2107 from theupdateframework/dependabot/pip/certifi-2022.9.14 build(deps): bump certifi from 2022.6.15.1 to 2022.9.14	2022-09-20 13:14:23 +03:00
dependabot[bot]	d135d26eb0	build(deps): bump pylint from 2.15.2 to 2.15.3 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.2 to 2.15.3. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.2...v2.15.3) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-20 10:07:05 +00:00
dependabot[bot]	20f4327238	build(deps): bump certifi from 2022.6.15.1 to 2022.9.14 Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.6.15.1 to 2022.9.14. - [Release notes](https://github.com/certifi/python-certifi/releases) - [Commits](https://github.com/certifi/python-certifi/compare/2022.06.15.1...2022.09.14) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-19 14:03:22 +00:00
Jussi Kukkonen	ab7e56d1c0	Merge pull request #2106 from theupdateframework/dependabot/pip/idna-3.4 build(deps): bump idna from 3.3 to 3.4	2022-09-19 17:02:31 +03:00
Jussi Kukkonen	401204c1b9	Merge pull request #2109 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.24 build(deps): bump github/codeql-action from 2.1.22 to 2.1.24	2022-09-19 16:58:56 +03:00
dependabot[bot]	6b89263932	build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.22 to 2.1.24. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`b398f525a5...904260d7d9`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-19 10:21:33 +00:00
dependabot[bot]	675989c654	build(deps): bump idna from 3.3 to 3.4 Bumps [idna](https://github.com/kjd/idna) from 3.3 to 3.4. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.3...v3.4) --- updated-dependencies: - dependency-name: idna dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-14 10:23:50 +00:00
Lukas Pühringer	92b61733e5	Merge pull request #2104 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.24.0 build(deps): bump securesystemslib[crypto,pynacl] from 0.23.0 to 0.24.0	2022-09-14 12:23:01 +02:00
dependabot[bot]	86192afe6d	build(deps): bump securesystemslib[crypto,pynacl] from 0.23.0 to 0.24.0 Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases) - [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/master/CHANGELOG.md) - [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: securesystemslib[crypto,pynacl] dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-14 10:08:59 +00:00
Lukas Pühringer	955a2dd4eb	Merge pull request #2102 from theupdateframework/dependabot/pip/certifi-2022.6.15.1 build(deps): bump certifi from 2022.6.15 to 2022.6.15.1	2022-09-13 10:02:35 +02:00
Lukas Pühringer	42e5824fa8	Merge pull request #2103 from theupdateframework/dependabot/github_actions/actions/checkout-3.0.2 build(deps): bump actions/checkout from 3.0.0 to 3.0.2	2022-09-13 09:41:26 +02:00
dependabot[bot]	afd47391f4	build(deps): bump actions/checkout from 3.0.0 to 3.0.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...2541b1294d2704b0964813337f33b291d3f8596b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-09 10:25:06 +00:00
dependabot[bot]	0f48fa8f05	build(deps): bump certifi from 2022.6.15 to 2022.6.15.1 Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.6.15 to 2022.6.15.1. - [Release notes](https://github.com/certifi/python-certifi/releases) - [Commits](https://github.com/certifi/python-certifi/compare/2022.06.15...2022.06.15.1) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-09 10:07:34 +00:00
Lukas Pühringer	f0e08bac6d	Merge pull request #2098 from mnm678/securitymd Add SECURITY.md	2022-09-09 10:06:04 +02:00
Marina Moore	9c099972ed	move security.md to docs folder Signed-off-by: Marina Moore <mnm678@gmail.com>	2022-09-08 15:12:13 -04:00
Marina Moore	693c50b3dd	Apply suggestions from code review Co-authored-by: Joshua Lock <jlock@vmware.com> Signed-off-by: Marina Moore <mnm678@gmail.com>	2022-09-08 15:10:56 -04:00
Marina Moore	ffa365c8e8	Remove duplicate security text from README and link to SECURITY.md Signed-off-by: Marina Moore <mnm678@gmail.com>	2022-09-08 15:10:56 -04:00
Marina Moore	1f746bd25d	Add SECURITY.md The text here is copied from the README Signed-off-by: Marina Moore <mnm678@gmail.com>	2022-09-08 15:10:56 -04:00
Lukas Pühringer	60e2b55ec8	Merge pull request #2100 from theupdateframework/dependabot/pip/cryptography-38.0.1 build(deps): bump cryptography from 37.0.4 to 38.0.1	2022-09-08 13:07:46 +02:00
Lukas Pühringer	548701c252	Merge pull request #2101 from theupdateframework/dependabot/pip/pylint-2.15.2 build(deps): bump pylint from 2.15.0 to 2.15.2	2022-09-08 13:03:20 +02:00
dependabot[bot]	d0cd91d8bd	build(deps): bump pylint from 2.15.0 to 2.15.2 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.0 to 2.15.2. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.0...v2.15.2) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-08 10:08:31 +00:00
dependabot[bot]	b5f670431b	build(deps): bump cryptography from 37.0.4 to 38.0.1 Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.4 to 38.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/37.0.4...38.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-08 10:08:23 +00:00
Lukas Pühringer	7fc4558698	Merge pull request #2097 from jku/email-change Update my maintainer email	2022-09-07 09:49:10 +02:00
Jussi Kukkonen	f4c70cc2d3	Update my maintainer email Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-09-05 13:39:22 +03:00
Lukas Pühringer	7a760691c6	Merge pull request #2095 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.22 build(deps): bump github/codeql-action from 2.1.21 to 2.1.22	2022-09-02 13:29:07 +02:00
dependabot[bot]	a2cbdd23a1	build(deps): bump github/codeql-action from 2.1.21 to 2.1.22 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.21 to 2.1.22. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`c7f292ea4f...b398f525a5`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-02 10:22:03 +00:00
Lukas Pühringer	0cb3547458	Merge pull request #2094 from theupdateframework/dependabot/pip/black-22.8.0 build(deps): bump black from 22.6.0 to 22.8.0	2022-09-01 12:21:04 +02:00
dependabot[bot]	5763f8377b	build(deps): bump black from 22.6.0 to 22.8.0 Bumps [black](https://github.com/psf/black) from 22.6.0 to 22.8.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.6.0...22.8.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-01 10:08:59 +00:00
Jussi Kukkonen	724450720e	Merge pull request #2092 from lukpueh/fix-spec-version-spec chore: fix error in spec version check workflow	2022-08-31 16:12:39 +03:00
Lukas Puehringer	b83c738373	chore: fix error in spec version check workflow Use `--upgrade` option to upgrade pip with pip in workflow, instead of non-existing `-u` option (-U would also be possible). Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-30 14:19:12 +02:00
Jussi Kukkonen	704747536f	Merge pull request #2001 from rdimitrov/dimitrovr/spec-bump-workflow chore: update the workflow responsible for notifying of new TUF spec release	2022-08-30 14:01:54 +03:00
Jussi Kukkonen	3a29fb384a	Merge pull request #2087 from theupdateframework/dependabot/pip/pylint-2.15.0 build(deps): bump pylint from 2.14.5 to 2.15.0	2022-08-30 13:50:20 +03:00
dependabot[bot]	10c6283645	build(deps): bump pylint from 2.14.5 to 2.15.0 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.5 to 2.15.0. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.14.5...v2.15.0) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-30 10:43:53 +00:00
Jussi Kukkonen	e4694edd70	Merge pull request #2090 from lukpueh/verify_release-http-timeout verify_release: add constant 5s HTTP timeout	2022-08-30 13:42:20 +03:00
Jussi Kukkonen	3d808937b0	Merge pull request #2091 from lukpueh/rm-setup.py build: remove obsolete setup.py	2022-08-30 11:46:34 +03:00
Lukas Puehringer	8942969226	build: remove obsolete setup.py setup.py was removed in favor of setup.cfg in #1626 and re-added later in #1832 to work around a Dependabot issue #1828. This issue seems to have been fixed upstream in dependabot/dependabot-core#5392. Fixes #2089 Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-30 10:03:45 +02:00
Lukas Puehringer	7baf1d3376	chore: misc setup-python changes in spec check job 1. update action/setup-python to latest version 2. pin major version to be used to 3.x 3. upgrade pip before using it 1 and 2 were suggested in #2089 Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-30 09:44:19 +02:00
Radoslav Dimitrov	53f1611b74	chore: limit the permissions for the job calling the version check workflow Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>	2022-08-30 09:37:01 +02:00
Radoslav Dimitrov	0e6b928d9a	chore: update the workflow responsible for notifying of new TUF spec release Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>	2022-08-30 09:36:59 +02:00
Lukas Puehringer	7b9cf4ac8e	verify_release: add constant 5s HTTP timeout Add 5 seconds HTTP timeout constant and use it for requests to GitHub. Setting timeout is recommended by requests docs and flagged by latest pylint: ``` W3101: Missing timeout argument for method 'requests.get' can cause your program to hang indefinitely (missing-timeout) ``` https://requests.readthedocs.io/en/latest/user/quickstart/#timeouts Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-30 09:06:17 +02:00
Jussi Kukkonen	4cb5b35a26	Merge pull request #2088 from theupdateframework/dependabot/github_actions/actions/github-script-6.2.0 build(deps): bump actions/github-script from 6.1.1 to 6.2.0	2022-08-29 14:01:06 +03:00
dependabot[bot]	de8f97f283	build(deps): bump actions/github-script from 6.1.1 to 6.2.0 Bumps [actions/github-script](https://github.com/actions/github-script) from 6.1.1 to 6.2.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](`d50f485531...c713e510db`) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-29 10:24:16 +00:00
Lukas Pühringer	f381244b28	Merge pull request #2086 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.21 build(deps): bump github/codeql-action from 2.1.20 to 2.1.21	2022-08-29 10:31:27 +02:00
dependabot[bot]	3d1786da74	build(deps): bump github/codeql-action from 2.1.20 to 2.1.21 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.20 to 2.1.21. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`7fee4ca032...c7f292ea4f`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-26 10:16:29 +00:00
Lukas Pühringer	f0145ccd3e	Merge pull request #2084 from theupdateframework/dependabot/pip/urllib3-1.26.12 build(deps): bump urllib3 from 1.26.11 to 1.26.12	2022-08-24 13:34:12 +02:00
Lukas Pühringer	ae8b222b94	Merge pull request #2085 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.20 build(deps): bump github/codeql-action from 2.1.19 to 2.1.20	2022-08-24 13:32:04 +02:00
dependabot[bot]	90a2ec4804	build(deps): bump github/codeql-action from 2.1.19 to 2.1.20 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.19 to 2.1.20. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`f5d217be74...7fee4ca032`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-24 10:18:21 +00:00

1 2 3 4 5 ...

5301 commits