Jussi Kukkonen
b8326a245f
Merge pull request #2164 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.30
...
build(deps): bump github/codeql-action from 2.1.29 to 2.1.30
2022-11-04 14:12:16 +02:00
Jussi Kukkonen
0c07a84441
Merge pull request #2157 from jku/enable-py-3.11
...
build: Enable Python 3.11 in test matrix
2022-11-03 13:19:38 +02:00
dependabot[bot]
c12df73040
build(deps): bump github/codeql-action from 2.1.29 to 2.1.30
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-03 10:03:51 +00:00
dependabot[bot]
f85807287b
build(deps): bump cryptography from 38.0.2 to 38.0.3
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 38.0.2 to 38.0.3.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/38.0.2...38.0.3 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-02 11:07:28 +00:00
Jussi Kukkonen
98587c579e
Merge pull request #2075 from KOLANICH-libs/netloc
...
Supported `file` scheme without netloc.
2022-11-02 11:17:08 +02:00
Jussi Kukkonen
35a7dd58c5
RequestsFetcher: satisfy mypy with small fix
...
The typeshed annotations for requests say that the hostname could be None:
I think this is untrue but let's keep mypy happy.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-10-31 21:25:02 +03:00
KOLANICH
0c9c494261
Supported schemes without netloc.
...
Signed-off-by: KOLANICH <KOLANICH@users.noreply.github.com>
2022-10-31 21:23:56 +03:00
Jussi Kukkonen
b002860206
Github workflows: Only upload to pypi in upstream repo
...
This is not a security measure: it makes testing the CD/release workflow
(at least the non-pypi-upload parts) in a fork a little easier as the pypi
upload is skipped.
This does make testing the pypi upload even more difficult but maybe
that is acceptable?
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-10-31 12:14:23 +02:00
Jussi Kukkonen
327fcf8640
GitHub workflows: limit "content:write" to minimum
...
permissions can be defined on workflow and job level, but not on step level.
Currently permissions are defined at workflow level which is not ideal.
Create a new "release_candidate" job so that we can minimize the
"content:write" permission exposure.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-10-31 12:13:11 +02:00
Jussi Kukkonen
53521bfda0
workflows: Set top-level permissions
...
This changes very little but it does mean any jobs added in future have to
be explicit about the permissions they need. This also makes OSSF scorecard
happier.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-10-30 12:56:22 +02:00
Jussi Kukkonen
6b03ef43ae
Merge pull request #2158 from UDITBALUJA/develop
...
updated hatchling to current latest 1.11.1
2022-10-29 21:23:26 +03:00
UDITBALUJA
37313fbfc4
updated hatchling to current latest 1.11.1
...
Signed-off-by: UDITBALUJA <uditbaluja1000@gmail.com>
2022-10-29 19:27:53 +05:30
Jussi Kukkonen
ee3e2799d5
Merge pull request #2148 from theupdateframework/dependabot/pip/pylint-2.15.5
...
build(deps): bump pylint from 2.15.4 to 2.15.5
2022-10-28 15:49:33 +03:00
Jussi Kukkonen
5568565c65
Merge pull request #2154 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.29
...
build(deps): bump github/codeql-action from 2.1.28 to 2.1.29
2022-10-27 17:59:24 +03:00
Jussi Kukkonen
5b59e7cfe6
build: Enable Python 3.11 in test matrix
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-10-27 17:35:00 +03:00
Lukas Pühringer
9264ffc580
Merge pull request #2156 from lukpueh/fix-sec-audit-blog-post
...
Fix wrong count in security audit blog post
2022-10-26 17:41:02 +02:00
Lukas Puehringer
e4d0c6d6df
Fix wrong count in security audit blog post
...
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-10-26 16:59:57 +02:00
Lukas Pühringer
9605a8218c
Merge pull request #2155 from joshuagl/joshuagl/audit-blog-post
...
Add post on python-tuf security audit by x41
2022-10-26 15:06:36 +02:00
Joshua Lock
8bb117a739
Add post on python-tuf security audit by x41
...
Signed-off-by: Joshua Lock <jlock@vmware.com>
2022-10-26 09:02:37 -04:00
dependabot[bot]
5e42be8173
build(deps): bump github/codeql-action from 2.1.28 to 2.1.29
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.28 to 2.1.29.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cc7986c02b...ec3cf9c605 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-26 10:36:17 +00:00
Lukas Pühringer
080cf606da
Merge pull request #2150 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.5.1
...
build(deps): bump actions/dependency-review-action from 2.5.0 to 2.5.1
2022-10-25 14:12:52 +02:00
Lukas Pühringer
d03be1cf76
Merge pull request #2149 from theupdateframework/dependabot/github_actions/actions/upload-artifact-3.1.1
...
build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1
2022-10-25 14:05:00 +02:00
dependabot[bot]
dac600fc8e
build(deps): bump actions/dependency-review-action from 2.5.0 to 2.5.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](fd675ced9c...0efb1d1d84 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-25 10:21:49 +00:00
dependabot[bot]
2fa55a089c
build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](3cea537223...83fd05a356 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 10:21:27 +00:00
Jussi Kukkonen
eeefeb5675
Merge pull request #2147 from miles170/ci-migrate-set-output
...
ci: migrate deprecating set-output commands
2022-10-24 13:16:52 +03:00
dependabot[bot]
193bfcdc8d
build(deps): bump pylint from 2.15.4 to 2.15.5
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.4 to 2.15.5.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.4...v2.15.5 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 10:07:42 +00:00
Miles Liu
0a79245c43
ci: migrate deprecating set-output commands
...
Signed-off-by: Miles Liu <miles@bung.cc>
2022-10-24 15:46:44 +08:00
Jussi Kukkonen
fce00d85ae
Merge pull request #2146 from theupdateframework/dependabot/github_actions/actions/download-artifact-3.0.1
...
build(deps): bump actions/download-artifact from 3.0.0 to 3.0.1
2022-10-21 14:53:46 +03:00
dependabot[bot]
68571fb887
build(deps): bump actions/download-artifact from 3.0.0 to 3.0.1
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](fb598a63ae...9782bd6a98 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-21 11:14:31 +00:00
Lukas Pühringer
f7924088b6
Merge pull request #2142 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.28
...
build(deps): bump github/codeql-action from 2.1.27 to 2.1.28
2022-10-19 12:47:08 +02:00
Lukas Pühringer
820ff6cf21
Merge pull request #2141 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.25.0
...
build(deps): bump securesystemslib[crypto,pynacl] from 0.24.0 to 0.25.0
2022-10-19 12:46:27 +02:00
dependabot[bot]
5fffbb0485
build(deps): bump github/codeql-action from 2.1.27 to 2.1.28
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.27 to 2.1.28.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](807578363a...cc7986c02b )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-19 10:17:35 +00:00
dependabot[bot]
0aecd96327
build(deps): bump securesystemslib[crypto,pynacl] from 0.24.0 to 0.25.0
...
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib ) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases )
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/master/CHANGELOG.md )
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-19 10:06:24 +00:00
Jussi Kukkonen
852f7a4101
Merge pull request #2139 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.5.0
...
build(deps): bump actions/dependency-review-action from 2.4.1 to 2.5.0
2022-10-18 16:17:15 +03:00
Jussi Kukkonen
bbbcac38cc
Merge pull request #2138 from theupdateframework/dependabot/github_actions/actions/github-script-6.3.3
...
build(deps): bump actions/github-script from 6.3.2 to 6.3.3
2022-10-18 16:12:09 +03:00
Lukas Pühringer
e2cec677ce
Merge pull request #2137 from n-dusan/ndusan/fix-incorrect-length-metapath-validation
...
Fix: allow `length` to be zero
2022-10-17 09:49:44 +02:00
dependabot[bot]
b8976bfd51
build(deps): bump actions/dependency-review-action from 2.4.1 to 2.5.0
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9c96258789...fd675ced9c )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-14 10:16:58 +00:00
dependabot[bot]
67a5fca932
build(deps): bump actions/github-script from 6.3.2 to 6.3.3
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.2 to 6.3.3.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](100527700e...d556feaca3 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-14 10:16:54 +00:00
Lukas Pühringer
7e51f356b3
Merge pull request #2134 from theupdateframework/dependabot/github_actions/actions/github-script-6.3.2
...
build(deps): bump actions/github-script from 6.3.1 to 6.3.2
2022-10-12 14:21:06 +02:00
Lukas Pühringer
62d0cd962c
Merge pull request #2133 from theupdateframework/dependabot/pip/cryptography-38.0.2
...
build(deps): bump cryptography from 38.0.1 to 38.0.2
2022-10-12 14:18:46 +02:00
Lukas Pühringer
87bf583c64
Merge pull request #2135 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.4.1
...
build(deps): bump actions/dependency-review-action from 2.4.0 to 2.4.1
2022-10-12 14:16:27 +02:00
n-dusan
604eef2ffd
fix: allow length to be zero
...
* As per TUF specification, length attribute is a numerical value (which
can include 0) -
https://theupdateframework.github.io/specification/latest/#metapath-length
fix: update tests
Signed-off-by: n-dusan <nikolic.dusan.dey@gmail.com>
2022-10-12 13:02:41 +02:00
dependabot[bot]
2c56fc3532
build(deps): bump actions/dependency-review-action from 2.4.0 to 2.4.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](375c537008...9c96258789 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-12 10:19:15 +00:00
dependabot[bot]
39b823afe4
build(deps): bump actions/github-script from 6.3.1 to 6.3.2
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.1 to 6.3.2.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](7dff1a8764...100527700e )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-12 10:19:05 +00:00
dependabot[bot]
88a68a8ca6
build(deps): bump cryptography from 38.0.1 to 38.0.2
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 38.0.1 to 38.0.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/38.0.1...38.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-12 10:06:17 +00:00
Jussi Kukkonen
28b027815e
Merge pull request #2132 from theupdateframework/dependabot/github_actions/actions/setup-python-4.3.0
...
build(deps): bump actions/setup-python from 4.2.0 to 4.3.0
2022-10-11 17:02:45 +03:00
dependabot[bot]
76c0d6cec0
build(deps): bump actions/setup-python from 4.2.0 to 4.3.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](b55428b188...13ae5bb136 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-11 10:29:56 +00:00
Lukas Pühringer
c9bfc0a31d
Merge pull request #2131 from theupdateframework/dependabot/pip/pylint-2.15.4
...
build(deps): bump pylint from 2.15.3 to 2.15.4
2022-10-11 12:25:55 +02:00
dependabot[bot]
dd66745a49
build(deps): bump pylint from 2.15.3 to 2.15.4
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.3 to 2.15.4.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.3...v2.15.4 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-11 10:10:07 +00:00
Jussi Kukkonen
0e1ab2685b
Merge pull request #2128 from theupdateframework/dependabot/pip/black-22.10.0
...
build(deps): bump black from 22.8.0 to 22.10.0
2022-10-10 13:52:13 +03:00