Commit graph

6224 commits

Author SHA1 Message Date
dependabot[bot]
97eebaf049
build(deps): bump requests from 2.29.0 to 2.30.0
Bumps [requests](https://github.com/psf/requests) from 2.29.0 to 2.30.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.29.0...v2.30.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-05 10:57:06 +00:00
Lukas Pühringer
c56def7c18
Merge pull request #2379 from jku/rtd-workaround
readthedocs: Specify build image
2023-05-05 10:48:45 +02:00
Jussi Kukkonen
93d1d29d48 readthedocs: Specify build image
RTD docs build is failing because the default image has openssl that is
incompatible with current urllib3: Specify a newer image.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-05-05 10:55:21 +03:00
Jussi Kukkonen
6433355f42
Merge pull request #2375 from theupdateframework/dependabot/pip/coverage-7.2.5
build(deps): bump coverage from 7.2.4 to 7.2.5
2023-05-02 10:49:09 +03:00
Lukas Pühringer
979d69c3b2
Merge pull request #2367 from theupdateframework/dependabot/pip/requests-2.29.0
build(deps): bump requests from 2.28.2 to 2.29.0
2023-05-01 14:43:54 +02:00
dependabot[bot]
078f996781
build(deps): bump requests from 2.28.2 to 2.29.0
Bumps [requests](https://github.com/psf/requests) from 2.28.2 to 2.29.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.28.2...v2.29.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-01 11:14:47 +00:00
dependabot[bot]
1de47255c5
build(deps): bump coverage from 7.2.4 to 7.2.5
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.4 to 7.2.5.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.4...7.2.5)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-01 10:59:07 +00:00
Lukas Pühringer
3630dac49b
Merge pull request #2373 from theupdateframework/dependabot/github_actions/github/codeql-action-2.3.2
build(deps): bump github/codeql-action from 2.3.0 to 2.3.2
2023-04-28 15:15:18 +02:00
Lukas Pühringer
00543b0aef
Merge pull request #2372 from theupdateframework/dependabot/pip/coverage-7.2.4
build(deps): bump coverage from 7.2.3 to 7.2.4
2023-04-28 15:14:08 +02:00
dependabot[bot]
ac419451cc
build(deps): bump github/codeql-action from 2.3.0 to 2.3.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b2c19fb9a2...f3feb00acb)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-28 10:58:26 +00:00
dependabot[bot]
e544a4baf4
build(deps): bump coverage from 7.2.3 to 7.2.4
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.3 to 7.2.4.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.3...7.2.4)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-28 10:57:31 +00:00
Jussi Kukkonen
53c280680b release: Use PyPI Trusted Publishing
Instead of using the secret stored in environment secrets, allow the
publish action to use the OIDC identity to authenticate to pypi.org.
This repository/workflow/environment has been marked as a "Trusted
Publisher" in pypi.org: this means PyPI should give the publish action a
short lived token to use for publishing.

This enables #2370: but the secret should still be removed before
closing the issue (maybe after one successful release with Trusted
Publishing).

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-04-27 15:42:55 +03:00
Lukas Pühringer
03a26b7b7c
Merge pull request #2366 from theupdateframework/dependabot/pip/pylint-2.17.3
build(deps): bump pylint from 2.17.2 to 2.17.3
2023-04-26 09:45:39 +02:00
dependabot[bot]
d9172c050d
build(deps): bump pylint from 2.17.2 to 2.17.3
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.17.2 to 2.17.3.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.17.2...v2.17.3)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-25 10:57:16 +00:00
Jussi Kukkonen
91a08e32d3
Merge pull request #2365 from theupdateframework/dependabot/github_actions/github/codeql-action-2.3.0
build(deps): bump github/codeql-action from 2.2.12 to 2.3.0
2023-04-25 10:48:13 +03:00
dependabot[bot]
28ea174245
build(deps): bump github/codeql-action from 2.2.12 to 2.3.0
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7df0ce3489...b2c19fb9a2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-24 11:00:22 +00:00
Lukas Pühringer
600d16b29a
Merge pull request #2364 from theupdateframework/dependabot/github_actions/actions/setup-python-4.6.0
build(deps): bump actions/setup-python from 4.5.0 to 4.6.0
2023-04-24 09:09:32 +02:00
Lukas Pühringer
5d9937aac8
Merge pull request #2362 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.28.0
build(deps): bump securesystemslib[crypto,pynacl] from 0.27.0 to 0.28.0
2023-04-24 09:04:00 +02:00
dependabot[bot]
964c30c2dd
build(deps): bump actions/setup-python from 4.5.0 to 4.6.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](d27e3f3d7c...57ded4d7d5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-21 10:58:33 +00:00
dependabot[bot]
78db3f27a0
build(deps): bump securesystemslib[crypto,pynacl] from 0.27.0 to 0.28.0
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib) from 0.27.0 to 0.28.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases)
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-19 10:57:08 +00:00
Lukas Pühringer
808cf94da5
Merge pull request #2357 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.12
build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
2023-04-17 13:30:42 +02:00
dependabot[bot]
25cbdcaf32
build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](d186a2a36c...7df0ce3489)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 11:22:23 +00:00
Lukas Pühringer
25d3151254
Merge pull request #2358 from theupdateframework/dependabot/github_actions/actions/checkout-3.5.2
build(deps): bump actions/checkout from 3.5.0 to 3.5.2
2023-04-17 13:21:41 +02:00
Lukas Pühringer
68f4a095cb
Merge pull request #2360 from theupdateframework/dependabot/pip/cryptography-40.0.2
build(deps): bump cryptography from 40.0.1 to 40.0.2
2023-04-17 13:21:28 +02:00
dependabot[bot]
f130651d55
build(deps): bump cryptography from 40.0.1 to 40.0.2
Bumps [cryptography](https://github.com/pyca/cryptography) from 40.0.1 to 40.0.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/40.0.1...40.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 10:57:26 +00:00
dependabot[bot]
308c9874b7
build(deps): bump actions/checkout from 3.5.0 to 3.5.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8f4b7f8486...8e5e7e5ab8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-14 10:58:57 +00:00
Lukas Pühringer
fe3fa79bf8
Merge pull request #2355 from theupdateframework/dependabot/github_actions/actions/github-script-6.4.1
build(deps): bump actions/github-script from 6.4.0 to 6.4.1
2023-04-11 12:53:14 +02:00
Lukas Pühringer
561071888e
Merge pull request #2354 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.11
build(deps): bump github/codeql-action from 2.2.9 to 2.2.11
2023-04-11 12:53:09 +02:00
Lukas Pühringer
df01f87eba
Merge pull request #2353 from theupdateframework/dependabot/pip/coverage-7.2.3
build(deps): bump coverage from 7.2.2 to 7.2.3
2023-04-11 12:52:56 +02:00
Lukas Pühringer
0b3229ce0f
Merge pull request #2352 from theupdateframework/dependabot/pip/mypy-1.2.0
build(deps): bump mypy from 1.1.1 to 1.2.0
2023-04-11 12:52:11 +02:00
dependabot[bot]
63da19d127
build(deps): bump actions/github-script from 6.4.0 to 6.4.1
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.0 to 6.4.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](98814c53be...d7906e4ad0)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-07 10:58:44 +00:00
dependabot[bot]
64816c40f8
build(deps): bump github/codeql-action from 2.2.9 to 2.2.11
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](04df1262e6...d186a2a36c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-07 10:58:40 +00:00
dependabot[bot]
86335a7a1d
build(deps): bump coverage from 7.2.2 to 7.2.3
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.2 to 7.2.3.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.2...7.2.3)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-07 10:57:30 +00:00
dependabot[bot]
dc0610b051
build(deps): bump mypy from 1.1.1 to 1.2.0
Bumps [mypy](https://github.com/python/mypy) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/python/mypy/releases)
- [Commits](https://github.com/python/mypy/compare/v1.1.1...v1.2.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-07 10:57:19 +00:00
Jussi Kukkonen
16ffdb017a
Merge pull request #2350 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.5
build(deps): bump pypa/gh-action-pypi-publish from 1.8.3 to 1.8.5
2023-04-05 10:53:28 +03:00
Jussi Kukkonen
6132be0a86
Merge pull request #2349 from theupdateframework/dependabot/pip/pylint-2.17.2
build(deps): bump pylint from 2.17.1 to 2.17.2
2023-04-05 10:07:53 +03:00
dependabot[bot]
b52c7dbcfc
build(deps): bump pypa/gh-action-pypi-publish from 1.8.3 to 1.8.5
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.3 to 1.8.5.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](48b317d84d...0bf742be3e)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-04 11:00:18 +00:00
dependabot[bot]
d3647a6af1
build(deps): bump pylint from 2.17.1 to 2.17.2
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.17.1 to 2.17.2.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.17.1...v2.17.2)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-04 10:58:13 +00:00
Jussi Kukkonen
01ca2987ca
Merge pull request #2347 from theupdateframework/dependabot/github_actions/ossf/scorecard-action-2.1.3
build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
2023-03-31 09:53:28 +03:00
dependabot[bot]
904f956d4c
build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](e38b1902ae...80e868c13c)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-30 10:58:48 +00:00
Jussi Kukkonen
6a0a12b1f1
Merge pull request #2346 from theupdateframework/dependabot/pip/black-23.3.0
build(deps): bump black from 23.1.0 to 23.3.0
2023-03-29 14:04:33 +03:00
dependabot[bot]
dbd2c9b155
build(deps): bump black from 23.1.0 to 23.3.0
Bumps [black](https://github.com/psf/black) from 23.1.0 to 23.3.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.1.0...23.3.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-29 10:57:39 +00:00
Lukas Pühringer
8ae0a38039
Merge pull request #2338 from jku/hash-prefix
Add TargetFile.get_prefixed_paths()
2023-03-29 12:13:04 +02:00
Lukas Pühringer
0dc4ab2687
Merge pull request #2345 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.9
build(deps): bump github/codeql-action from 2.2.8 to 2.2.9
2023-03-29 11:51:48 +02:00
Lukas Pühringer
c005d285a5
Merge pull request #2339 from theupdateframework/dependabot/pip/pylint-2.17.1
build(deps): bump pylint from 2.17.0 to 2.17.1
2023-03-29 11:40:18 +02:00
dependabot[bot]
d68cd71fcd
build(deps): bump github/codeql-action from 2.2.8 to 2.2.9
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](67a35a0858...04df1262e6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-28 10:59:06 +00:00
Lukas Pühringer
1372630fdb
Merge pull request #2343 from theupdateframework/dependabot/github_actions/actions/checkout-3.5.0
build(deps): bump actions/checkout from 3.4.0 to 3.5.0
2023-03-28 11:05:28 +02:00
dependabot[bot]
f86f656d3c
build(deps): bump actions/checkout from 3.4.0 to 3.5.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](24cb908017...8f4b7f8486)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-28 07:44:51 +00:00
Lukas Pühringer
d55b5df4e9
Merge pull request #2341 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.8
build(deps): bump github/codeql-action from 2.2.7 to 2.2.8
2023-03-28 09:44:11 +02:00
Lukas Pühringer
cc6a4efd8c
Merge pull request #2340 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.3
build(deps): bump pypa/gh-action-pypi-publish from 1.8.1 to 1.8.3
2023-03-28 09:43:43 +02:00