dependabot[bot]
6348502301
build(deps): bump the action-dependencies group across 1 directory with 2 updates
...
Bumps the action-dependencies group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action ) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `github/codeql-action` from 4 to 4.35.3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v4...v4.35.3 )
Updates `actions/dependency-review-action` from 4 to 4.9.0
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v4...v4.9.0 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: actions/dependency-review-action
dependency-version: 4.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-12 03:58:04 +00:00
dependabot[bot]
2ca88cf8c4
build(deps): bump the action-dependencies group across 1 directory with 3 updates
...
Bumps the action-dependencies group with 3 updates in the / directory: [actions/upload-artifact](https://github.com/actions/upload-artifact ), [actions/github-script](https://github.com/actions/github-script ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](bbbca2ddaa...043fb46d1ahttps://github.com/actions/github-script/releases )
- [Commits](ed597411d8...3a2844b7e9https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](ed0c53931b...cef221092e
2026-04-28 00:46:06 +00:00
dependabot[bot]
78674bd772
build(deps): bump actions/download-artifact
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](70fc10c6e5...3e5f45b2cf
2026-03-23 21:44:20 +00:00
dependabot[bot]
51b3ee7800
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaa
2026-03-09 22:24:05 +00:00
dependabot[bot]
4c720e1f41
build(deps): bump actions/download-artifact
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 7.0.0 to 8.0.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](37930b1c2a...70fc10c6e5
2026-03-02 23:22:48 +00:00
Lukas Pühringer
2a4c578e4f
Merge pull request #2904 from theupdateframework/dependabot/pip/test-and-lint-dependencies-4baf793881
...
build(deps): bump the test-and-lint-dependencies group with 2 updates
2026-02-03 08:32:02 +01:00
dependabot[bot]
8765473c0b
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](83679a892e...a309ff8b42
2026-02-03 03:07:09 +00:00
Jussi Kukkonen
bf5ddf8a00
workflows: Add zizmor ignore comment
...
Should be fine to use check-latest-spec-version from master.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2026-01-30 16:12:21 +02:00
dependabot[bot]
07de919f5f
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45
2026-01-26 23:02:38 +00:00
Jussi Kukkonen
8513f46c2b
Bump minimum Python version to 3.10
...
We could just stop testing with 3.9... but I think this will lead to
unintentionally breaking 3.9 anyway sooner or later.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2026-01-08 13:08:47 +02:00
dependabot[bot]
9b497ce2c3
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](330a01c490...b7c566a772https://github.com/actions/download-artifact/releases )
- [Commits](018cc2cf5b...37930b1c2a
2025-12-22 21:03:20 +00:00
dependabot[bot]
53a8f11c20
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8
2025-12-15 21:03:18 +00:00
dependabot[bot]
347f76fd68
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68https://github.com/actions/setup-python/releases )
- [Commits](e797f83bcb...83679a892e
2025-12-01 23:07:50 +00:00
Jussi Kukkonen
64cacfc553
conformance: Bump version and schedule a weekly run
...
This way there is always an up-to-date result for the conformance
report (https://theupdateframework.github.io/tuf-conformance/ )
to use
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-11-03 19:43:41 +02:00
dependabot[bot]
25cea25ec1
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.6.2 to 5.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](ea165f8d65...330a01c490https://github.com/actions/download-artifact/releases )
- [Commits](634f93cb29...018cc2cf5b
2025-10-27 21:32:00 +00:00
dependabot[bot]
81124032cf
build(deps): bump github/codeql-action in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 3 to 4
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-10-13 21:02:11 +00:00
dependabot[bot]
04f72053e4
build(deps): bump ossf/scorecard-action in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](05b42c6244...4eaacf0543
2025-10-06 21:02:01 +00:00
dependabot[bot]
d3d7c46483
build(deps): bump the action-dependencies group with 3 updates ( #2863 )
...
Bumps the action-dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python ), [actions/github-script](https://github.com/actions/github-script ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/setup-python` from 5.6.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](a26af69be9...e797f83bcbhttps://github.com/actions/github-script/releases )
- [Commits](60a0d83039...ed597411d8https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](76f52bc884...ed0c53931b
2025-09-09 12:28:11 +03:00
dependabot[bot]
5f60ee52e5
build(deps): bump the action-dependencies group with 2 updates ( #2856 )
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.2.2 to 5.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8https://github.com/actions/download-artifact/releases )
- [Commits](d3f86a106a...634f93cb29
2025-08-12 11:20:34 +03:00
dependabot[bot]
8f10e91463
build(deps): bump ossf/scorecard-action in the action-dependencies group ( #2840 )
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](f49aabe0b5...05b42c6244
2025-06-03 12:34:06 +03:00
dependabot[bot]
ec50bc52b8
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/setup-python](https://github.com/actions/setup-python ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/setup-python` from 5.5.0 to 5.6.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](8d9ed9ac5c...a26af69be9https://github.com/actions/download-artifact/releases )
- [Commits](95815c38cf...d3f86a106a
2025-04-28 22:28:44 +00:00
dependabot[bot]
63b2ca5b07
build(deps): bump actions/setup-python in the action-dependencies group ( #2820 )
2025-04-01 09:25:13 +03:00
dependabot[bot]
48262c9b2a
build(deps): bump the action-dependencies group with 2 updates ( #2816 )
2025-03-25 09:23:38 +02:00
dependabot[bot]
6d8b97e3d7
build(deps): bump actions/download-artifact ( #2803 )
2025-03-04 07:41:44 +00:00
dependabot[bot]
d2b6b6d50d
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `actions/upload-artifact` from 4.6.0 to 4.6.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](65c4c4a1dd...4cec3d8aa0https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](62b2cac7ed...f49aabe0b5
2025-02-24 21:14:31 +00:00
Jussi Kukkonen
5a2a4f7927
build: Remove workaround for hatchling upgrades
...
Apparently Dependabot now supports upgrading build-system.requires: we
don't need the workarounds anymore.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-21 10:05:18 +02:00
NicholasTanz
a6fc606298
make pedantic and silence info logs
...
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
2025-02-20 17:46:48 -05:00
NicholasTanz
41c7922c92
add zizmor for linting workflows.
...
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
2025-02-19 21:53:14 -05:00
dependabot[bot]
df7f9d64b2
build(deps): bump theupdateframework/tuf-conformance
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](dee4e23533...9bfc222a37
2025-02-17 13:42:10 +00:00
dependabot[bot]
051cbda20a
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](0b93645e9f...42375524e2
2025-02-03 21:10:31 +00:00
Jussi Kukkonen
554f508a7a
Merge pull request #2764 from jku/fix-spec-version-check
...
workflows: Fix the spec version check
2025-01-29 18:40:42 +02:00
Jussi Kukkonen
d7137f9343
workflows: Add a "all tests pass" check
...
This way we can avoid naming all the matrix tests individually
in "required checks to pass before merging" in GitHub UI (which
requires tweaking everytime supported Python versions change).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-01-29 11:44:32 +02:00
dependabot[bot]
8c48095700
build(deps): bump pypa/gh-action-pypi-publish ( #2770 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.12.3 to 1.12.4
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](67339c736f...76f52bc884
2025-01-28 12:00:06 +02:00
dependabot[bot]
e49b613cf8
build(deps): bump actions/upload-artifact ( #2766 )
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.5.0 to 4.6.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6f51ac03b9...65c4c4a1dd
2025-01-14 10:27:24 +02:00
Jussi Kukkonen
e5547e7984
workflows: Fix the spec version check
...
I removed all instances of "pip install -e ." from our scripts
in 4e889e7
2025-01-13 20:14:48 +02:00
Kairo Araujo
467e806614
Merge pull request #2749 from jku/test-fixes
...
Unit test infrastructure fixes
2025-01-06 15:25:55 +01:00
dependabot[bot]
05d405e591
build(deps): bump actions/upload-artifact ( #2755 )
2024-12-24 13:57:37 +02:00
Jussi Kukkonen
4e889e7212
dev env: Stop installing tuf as "editable"
...
This was likely only necessary because the test suite required it:
Now tuf does not get installed at all by tox (or by dev install)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
31bb232ca3
tests: Remove various unneeded coverage workarounds
...
Tests now run from root dir so various coverage complications
can be removed.
Also remove the duplicate .coveragerc and rely on pyproject.toml
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
dependabot[bot]
69222b2e06
build(deps): bump pypa/gh-action-pypi-publish ( #2748 )
2024-12-10 09:04:42 +02:00
dependabot[bot]
acffdc030e
build(deps): bump theupdateframework/tuf-conformance
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](ad0e8bef1a...dee4e23533
2024-11-29 14:16:48 +00:00
dependabot[bot]
e62ac28946
build(deps): bump pypa/gh-action-pypi-publish
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.11.0 to 1.12.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](fb13cb3069...15c56dba36
2024-11-11 21:50:44 +00:00
dependabot[bot]
1346e52373
build(deps): bump pypa/gh-action-pypi-publish ( #2732 )
2024-11-05 00:26:58 +02:00
dependabot[bot]
42c3b2d919
build(deps): bump the action-dependencies group with 2 updates ( #2729 )
2024-10-29 08:50:53 +02:00
Jussi Kukkonen
bd18823b13
Python upgrade: Stop testing 3.8, start testing 3.13 ( #2721 )
...
We don't strictly require 3.9 yet but likely should soon as the
container annotation features are nice.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-10-25 13:30:03 +03:00
dependabot[bot]
bb127ec6ca
build(deps): bump theupdateframework/tuf-conformance ( #2727 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](f4acd16d0e...ad0e8bef1a
2024-10-22 10:30:01 +03:00
Jussi Kukkonen
e30838428e
README: Update badges
...
* Add a badge for conformance
* Shorten the name of the workflow (since that ends up in the badge)
* Tweak badge alt names to be more useful
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-10-17 16:42:27 +03:00
dependabot[bot]
aa1fb97722
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.4.1 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](604373da63...b4b15b8c7c
2024-10-14 21:03:11 +00:00
dependabot[bot]
192a349c1b
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/checkout` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](d632683dd7...eef61447b9https://github.com/actions/upload-artifact/releases )
- [Commits](50769540e7...604373da63https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](897895f1e1...f7600683ef
2024-10-07 21:33:01 +00:00
dependabot[bot]
4fbcfa0e2c
build(deps): bump theupdateframework/tuf-conformance ( #2711 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 1.1.0 to 2.0.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](d8ab40ba95...f4acd16d0e
2024-10-01 11:06:57 +03:00
