Commit graph

6496 commits

Author SHA1 Message Date
dependabot[bot]
4e654fe698
build(deps): bump the dependencies group with 3 updates (#2837)
Bumps the dependencies group with 3 updates: [cryptography](https://github.com/pyca/cryptography), [coverage[toml]](https://github.com/nedbat/coveragepy) and [freezegun](https://github.com/spulec/freezegun).


Updates `cryptography` from 45.0.2 to 45.0.3
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/45.0.2...45.0.3)

Updates `coverage[toml]` from 7.8.0 to 7.8.2
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.8.0...7.8.2)

Updates `freezegun` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/spulec/freezegun/releases)
- [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG)
- [Commits](https://github.com/spulec/freezegun/compare/1.5.1...1.5.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 45.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: coverage[toml]
  dependency-version: 7.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: freezegun
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-27 11:32:36 +03:00
Kairo Araujo
877ac5076e
Merge pull request #2838 from theupdateframework/dependabot/pip/test-and-lint-dependencies-8db52d3157
build(deps): bump ruff from 0.11.10 to 0.11.11 in the test-and-lint-dependencies group
2025-05-27 07:44:51 +02:00
dependabot[bot]
566ed3e897
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.11.10 to 0.11.11
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.11.10...0.11.11)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-26 21:47:54 +00:00
Lukas Pühringer
6fc2a3c275
Merge pull request #2835 from theupdateframework/dependabot/pip/dependencies-6b442c29d5
build(deps): bump the dependencies group across 1 directory with 2 updates
2025-05-20 09:31:54 +02:00
dependabot[bot]
5cec62cd03
build(deps): bump the dependencies group across 1 directory with 2 updates
Bumps the dependencies group with 2 updates in the / directory: [cryptography](https://github.com/pyca/cryptography) and [ruff](https://github.com/astral-sh/ruff).


Updates `cryptography` from 44.0.3 to 45.0.2
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/44.0.3...45.0.2)

Updates `ruff` from 0.11.9 to 0.11.10
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.11.9...0.11.10)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 45.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: ruff
  dependency-version: 0.11.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-19 21:41:38 +00:00
Lukas Pühringer
4bfca1f97e
Merge pull request #2832 from theupdateframework/dependabot/pip/test-and-lint-dependencies-7682f5adcf
build(deps): bump the test-and-lint-dependencies group with 2 updates
2025-05-13 09:23:08 +02:00
dependabot[bot]
f5b2acf627
build(deps): bump the test-and-lint-dependencies group with 2 updates
Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/woodruffw/zizmor).


Updates `ruff` from 0.11.8 to 0.11.9
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.11.8...0.11.9)

Updates `zizmor` from 1.6.0 to 1.7.0
- [Release notes](https://github.com/woodruffw/zizmor/releases)
- [Changelog](https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md)
- [Commits](https://github.com/woodruffw/zizmor/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: zizmor
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-12 21:09:04 +00:00
Kairo Araujo
b0aa482a66
Merge pull request #2830 from theupdateframework/dependabot/pip/dependencies-2efb510e51
build(deps): bump cryptography from 44.0.2 to 44.0.3 in the dependencies group
2025-05-06 06:18:08 +02:00
Kairo Araujo
8ea1a9e256
Merge pull request #2831 from theupdateframework/dependabot/pip/test-and-lint-dependencies-3a2edb1555
build(deps): bump ruff from 0.11.7 to 0.11.8 in the test-and-lint-dependencies group
2025-05-06 06:17:19 +02:00
dependabot[bot]
29b482390e
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.11.7 to 0.11.8
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.11.7...0.11.8)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-05 22:37:53 +00:00
dependabot[bot]
769a61b405
build(deps): bump cryptography in the dependencies group
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 44.0.2 to 44.0.3
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/44.0.2...44.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 44.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-05 22:26:19 +00:00
Lukas Pühringer
6fe57fa569
Merge pull request #2829 from theupdateframework/dependabot/github_actions/action-dependencies-351cf6cc53
build(deps): bump the action-dependencies group with 2 updates
2025-04-29 09:17:44 +02:00
Kairo Araujo
00c16fb42c
Merge pull request #2828 from theupdateframework/dependabot/pip/test-and-lint-dependencies-e9eafb5758 2025-04-29 08:11:06 +02:00
dependabot[bot]
ec50bc52b8
build(deps): bump the action-dependencies group with 2 updates
Bumps the action-dependencies group with 2 updates: [actions/setup-python](https://github.com/actions/setup-python) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/setup-python` from 5.5.0 to 5.6.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](8d9ed9ac5c...a26af69be9)

Updates `actions/download-artifact` from 4.2.1 to 4.3.0
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](95815c38cf...d3f86a106a)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: action-dependencies
- dependency-name: actions/download-artifact
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-28 22:28:44 +00:00
dependabot[bot]
96fd7bde44
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.11.6 to 0.11.7
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.11.6...0.11.7)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-28 22:13:03 +00:00
Lukas Pühringer
9a4f8d5dbd
Merge pull request #2826 from theupdateframework/dependabot/pip/dependencies-54f6db96fa
build(deps): bump securesystemslib from 1.2.0 to 1.3.0 in the dependencies group
2025-04-22 10:28:04 +02:00
Jussi Kukkonen
ee50fea0c6 annotation fixes
* Start linting securesystemslib calls
  (this requires new securesystemslib)
* Fix various issues that suddenly popup

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-04-22 10:53:54 +03:00
Lukas Pühringer
737b41f94d
Merge pull request #2825 from theupdateframework/dependabot/pip/test-and-lint-dependencies-b11e8444e9
build(deps): bump the test-and-lint-dependencies group with 2 updates
2025-04-22 09:29:39 +02:00
dependabot[bot]
394d47c257
build(deps): bump securesystemslib in the dependencies group
Bumps the dependencies group with 1 update: [securesystemslib](https://github.com/secure-systems-lab/securesystemslib).


Updates `securesystemslib` from 1.2.0 to 1.3.0
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases)
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: securesystemslib
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 21:11:19 +00:00
dependabot[bot]
7660291ad1
build(deps): bump the test-and-lint-dependencies group with 2 updates
Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/woodruffw/zizmor).


Updates `ruff` from 0.11.5 to 0.11.6
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.11.5...0.11.6)

Updates `zizmor` from 1.5.2 to 1.6.0
- [Release notes](https://github.com/woodruffw/zizmor/releases)
- [Changelog](https://github.com/woodruffw/zizmor/blob/main/docs/release-notes.md)
- [Commits](https://github.com/woodruffw/zizmor/compare/v1.5.2...v1.6.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: zizmor
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-21 21:10:40 +00:00
dependabot[bot]
9f8dc40a85
build(deps): bump ruff in the test-and-lint-dependencies group (#2823)
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.11.4 to 0.11.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.11.4...0.11.5)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-15 12:40:23 +03:00
dependabot[bot]
dc3f556642
build(deps): bump urllib3 from 2.3.0 to 2.4.0 in the dependencies group (#2824)
Bumps the dependencies group with 1 update: [urllib3](https://github.com/urllib3/urllib3).


Updates `urllib3` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-15 12:39:52 +03:00
Lukas Pühringer
6b3b52c788
Merge pull request #2822 from theupdateframework/dependabot/pip/test-and-lint-dependencies-ccd0c3bccc
build(deps): bump ruff from 0.11.2 to 0.11.4 in the test-and-lint-dependencies group
2025-04-08 09:34:47 +02:00
dependabot[bot]
2451af9f57
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.11.2 to 0.11.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.11.2...0.11.4)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-07 22:31:10 +00:00
dependabot[bot]
63b2ca5b07
build(deps): bump actions/setup-python in the action-dependencies group (#2820) 2025-04-01 09:25:13 +03:00
dependabot[bot]
7df7711895
build(deps): bump coverage[toml] in the dependencies group (#2821) 2025-04-01 09:24:35 +03:00
dependabot[bot]
48262c9b2a
build(deps): bump the action-dependencies group with 2 updates (#2816) 2025-03-25 09:23:38 +02:00
dependabot[bot]
ab735655cc
build(deps): bump the test-and-lint-dependencies group with 2 updates (#2817) 2025-03-25 09:23:10 +02:00
dependabot[bot]
d017fff422
build(deps): bump coverage[toml] in the dependencies group (#2818) 2025-03-25 09:22:22 +02:00
Lukas Pühringer
500e8b9a8b
Merge pull request #2815 from lukpueh/port-sslib-hash
Port securesystemslib.hash module
2025-03-19 12:21:09 +01:00
Lukas Puehringer
75e83b36d0 docs: Remove reference to securesystemslib hash
Default hash sha256 is now defined locally.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2025-03-19 11:29:36 +01:00
Lukas Puehringer
6f50998c37 Add tests for custom blake hash
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2025-03-19 10:34:35 +01:00
Lukas Puehringer
535a18918b Refactor hash helpers
Consolidate interface of bytes hash and file hash helpers.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2025-03-19 10:07:58 +01:00
Lukas Puehringer
57010fb0b1 Rename hash algo global in repo simulator
Remove the "default" prefix, because it's not a default but rather a
fixed value.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2025-03-19 09:28:01 +01:00
Jussi Kukkonen
c69af9959f
Merge pull request #2814 from theupdateframework/dependabot/pip/test-and-lint-dependencies-8ddb29c2ba 2025-03-18 20:20:26 +02:00
Jussi Kukkonen
f3eddc19ff lint: Accept ruff suggestions for cast()
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-18 18:20:11 +02:00
Lukas Puehringer
866409ffe9 Port securesystemslib.hash module
securesystemslib.hash is a small wrapper around hashlib, which serves
two main purposes:
* provide helper function to hash a file
* translate custom hash algorithm name "blake2b-256" to "blake2b" with
  (digest_size=32).

In preparation for the removal of securesystemslib.hash, this patch ports
above behavior to tuf and uses the builtin hashlib directly where
possible.

related secure-systems-lab/securesystemslib#943

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2025-03-18 16:39:46 +01:00
dependabot[bot]
9f873cb9d5
build(deps): bump coverage[toml] in the dependencies group (#2813) 2025-03-18 10:17:42 +02:00
dependabot[bot]
075949fece
build(deps): bump the test-and-lint-dependencies group with 2 updates
Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/woodruffw/zizmor).


Updates `ruff` from 0.9.10 to 0.11.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.10...0.11.0)

Updates `zizmor` from 1.4.1 to 1.5.1
- [Release notes](https://github.com/woodruffw/zizmor/releases)
- [Changelog](https://github.com/woodruffw/zizmor/blob/main/docs/release-notes.md)
- [Commits](https://github.com/woodruffw/zizmor/compare/v1.4.1...v1.5.1)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
- dependency-name: zizmor
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-03-17 21:31:22 +00:00
Jussi Kukkonen
ea88fdecc3
Merge pull request #2812 from jku/include-version-in-docs 2025-03-14 19:04:03 +02:00
Jussi Kukkonen
b690d8f573 docs: Include version number in docs
Otherwise on readthedocs it's not clear what version "latest" is.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-14 15:00:33 +02:00
Jussi Kukkonen
bb6d459ce3
Merge pull request #2806 from jku/prep-v6
Prepare v6.0
2025-03-11 12:37:42 +02:00
Jussi Kukkonen
44eed614f0 Prepare v6.0
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-11 11:41:10 +02:00
Jussi Kukkonen
bef804bad0
Merge pull request #2811 from DimitriPapadopoulos/codespell
Fix typos
2025-03-11 10:07:09 +02:00
Dimitri Papadopoulos
4a28307270
Fix typos
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2025-03-10 22:06:30 +01:00
dependabot[bot]
b1d9021ae8
build(deps): bump ruff in the test-and-lint-dependencies group (#2810) 2025-03-09 21:08:08 +00:00
Jussi Kukkonen
15933a93b6
ngclient: Create directories as needed (#2808) 2025-03-09 06:56:37 +00:00
Kairo Araujo
067ba1ad92
Merge pull request #2809 from theupdateframework/dependabot-add-zizmor-to-group 2025-03-08 13:59:55 +01:00
Jussi Kukkonen
097de2b3ef
dependabot: Add zizmor to lint dependencies
This is for better dependabot grouping

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-03-07 15:08:42 +02:00
dependabot[bot]
8df9f0fd12
build(deps): bump the dependencies group with 2 updates (#2805) 2025-03-04 07:42:56 +00:00