python-tuf

mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00

Author	SHA1	Message	Date
Lukas Puehringer	bce5039196	Rlease v5.0.0 * Bump version * Add changelog Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2024-05-14 10:16:41 +02:00
Lukas Pühringer	c890b7ef3c	Merge pull request #2628 from theupdateframework/dependabot/pip/test-and-lint-dependencies-2d7c561333 build(deps): bump ruff from 0.4.3 to 0.4.4 in the test-and-lint-dependencies group	2024-05-14 09:35:44 +02:00
Lukas Pühringer	6e24f4deb7	Merge pull request #2629 from theupdateframework/dependabot/github_actions/action-dependencies-b900de2ff3 build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 in the action-dependencies group	2024-05-14 09:35:02 +02:00
dependabot[bot]	02464e9a74	build(deps): bump ossf/scorecard-action in the action-dependencies group Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`0864cf1902...dc50aa9510`) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-05-13 21:52:50 +00:00
dependabot[bot]	a5ba1a1d1b	build(deps): bump ruff in the test-and-lint-dependencies group Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff). Updates `ruff` from 0.4.3 to 0.4.4 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.3...v0.4.4) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch dependency-group: test-and-lint-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-05-13 21:38:40 +00:00
Lukas Pühringer	87e418c201	Merge pull request #2627 from jku/finish-ruff-integration linting: Enable all Ruff rulesets by default	2024-05-07 14:53:35 +02:00
Jussi Kukkonen	419bfe34ec	linting: Enable all Ruff rulesets by default The goal here is to have ruff enable new rulesets when new releases are made without us having to o anything: we can then decide if we disable or not. * Enable a couple more rulesets (ERA, INP, T ) * Add a few individual ignores to tests and examples * Default to enable all, disable the rulesets we don't want Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-07 15:39:53 +03:00
Jussi Kukkonen	d855d1c4cb	Merge pull request #2626 from theupdateframework/dependabot/pip/test-and-lint-dependencies-0c8ab04bf2 build(deps): bump the test-and-lint-dependencies group across 1 directory with 2 updates	2024-05-07 12:35:55 +03:00
dependabot[bot]	a214a80141	build(deps): bump the test-and-lint-dependencies group across 1 directory with 2 updates Bumps the test-and-lint-dependencies group with 2 updates in the / directory: [ruff](https://github.com/astral-sh/ruff) and [coverage](https://github.com/nedbat/coveragepy). Updates `ruff` from 0.4.2 to 0.4.3 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.2...v0.4.3) Updates `coverage` from 7.5.0 to 7.5.1 - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.5.0...7.5.1) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch dependency-group: test-and-lint-dependencies - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-patch dependency-group: test-and-lint-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-05-07 09:29:52 +00:00
Lukas Pühringer	d0a557dc61	Merge pull request #2620 from theupdateframework/dependabot/pip/test-and-lint-dependencies-b2066c3ddb build(deps): bump the test-and-lint-dependencies group with 3 updates	2024-05-07 11:27:59 +02:00
Jussi Kukkonen	716cde704b	lint: Remove unneeded noqa flags Re-raising a blind exception is now ok. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-07 11:11:08 +02:00
dependabot[bot]	96d406cf9e	build(deps): bump the test-and-lint-dependencies group with 3 updates Bumps the test-and-lint-dependencies group with 3 updates: [coverage](https://github.com/nedbat/coveragepy), [ruff](https://github.com/astral-sh/ruff) and [mypy](https://github.com/python/mypy). Updates `coverage` from 7.4.4 to 7.5.0 - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.4.4...7.5.0) Updates `ruff` from 0.4.1 to 0.4.2 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.4.1...v0.4.2) Updates `mypy` from 1.9.0 to 1.10.0 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-and-lint-dependencies - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch dependency-group: test-and-lint-dependencies - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-and-lint-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-05-07 11:11:08 +02:00
Lukas Pühringer	c311e22194	Merge pull request #2597 from jku/lint-fixes Enable linters	2024-05-07 11:06:48 +02:00
Jussi Kukkonen	dbaf325390	Merge pull request #2622 from theupdateframework/dependabot/github_actions/action-dependencies-e8df6e148d build(deps): bump actions/checkout from 4.1.4 to 4.1.5 in the action-dependencies group	2024-05-07 11:36:01 +03:00
Jussi Kukkonen	eb97939e94	Merge pull request #2623 from theupdateframework/dependabot/pip/dependencies-8be74a356d build(deps): bump cryptography from 42.0.5 to 42.0.7 in the dependencies group	2024-05-07 11:31:42 +03:00
dependabot[bot]	baea7fa1bd	build(deps): bump cryptography in the dependencies group Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography). Updates `cryptography` from 42.0.5 to 42.0.7 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/42.0.5...42.0.7) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-05-06 21:57:16 +00:00
dependabot[bot]	dd9bf7410a	build(deps): bump actions/checkout in the action-dependencies group Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`0ad4b8fada...44c2b7a8a4`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-05-06 21:50:18 +00:00
Jussi Kukkonen	80882dbe7d	lint: Enable flake8-annotations Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-06 09:19:19 +03:00
Jussi Kukkonen	dc5194e9e9	lint: Enable flake8-self Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-06 09:19:19 +03:00
Jussi Kukkonen	9a61be1bf4	lint: Enable flake8-executable * Remove exectuable flag from a couple of files * Half of the test files have a shebang (but are still not executable): remove the shebang Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-06 09:19:19 +03:00
Jussi Kukkonen	d6c1a22be1	lint: Enable flake8-unused-arguments Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-06 09:19:19 +03:00
Jussi Kukkonen	4244632a2f	lint: Enable pygrep-hooks Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-06 09:19:19 +03:00
Jussi Kukkonen	460424a620	lint: Enable flake8-raise I'm not sure I agree with not using the parens in raise SomeError but being consistent is definitely better than not being consistent. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-06 09:19:19 +03:00
Jussi Kukkonen	7e52190bf0	lint: Enable flake8-pyi "object" is slightly more informative than "Any" as annotation Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-06 09:19:19 +03:00
Jussi Kukkonen	981788bca2	lint: Enable flake8-pie Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-06 09:19:19 +03:00
Lukas Pühringer	4a26a0c49c	Merge pull request #2617 from jku/sslib-main WIP: Update to new securesystemslib API	2024-05-03 11:23:06 +02:00
Lukas Puehringer	3e549793e4	Remove SSlibSigner mention in docstring Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2024-05-03 11:18:27 +02:00
Jussi Kukkonen	a7b832b88f	Use securesystemslib 1.0.0 Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-05-02 14:05:41 +03:00
Lukas Pühringer	878829bde6	Merge pull request #2621 from theupdateframework/dependabot/github_actions/action-dependencies-434113e9b9 build(deps): bump the action-dependencies group with 2 updates	2024-04-30 09:15:35 +02:00
dependabot[bot]	8607c56000	build(deps): bump the action-dependencies group with 2 updates Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/checkout` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`1d96c772d1...0ad4b8fada`) Updates `actions/download-artifact` from 4.1.6 to 4.1.7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](`9c19ed7fe5...65a9edc588`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-29 21:42:06 +00:00
Jussi Kukkonen	3d1b16cdfa	examples: Use Cryptosigner.private_bytes private_bytes was just added to CryptoSigner, use it. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-04-25 14:44:18 +03:00
Jussi Kukkonen	38f309bbbf	WIP: Update to new securesystemslib API * API changes covered: * keys and interface modules removed * SSlibSigner removed * CryptoSigner added: this replaces the removed functionality * DSSE "signatures" container type changed * Currently pins a securesystemslib main branch commit: this shoudl be reverted before merging, when securesystemslib has made a release * tests/generated_data/generate_md.py was simplified * Encrypted test keys in tests/repository_data/keystore were replaced with the unencrypted PEM versions of the same keys * The public test keys in tests/repository_data/keystore were removed as they were not used anymore Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-04-25 14:27:54 +03:00
Lukas Pühringer	970ddf9df0	Merge pull request #2602 from jku/awk-magic-changelog workflows: Add awk magic to GH changelog generation	2024-04-25 10:22:10 +02:00
Jussi Kukkonen	f50693c625	workflows: Add awk magic to GH changelog generation * Create a changelog file with awk * Add both "dist" and "changelog" to artifact * This changes the artifact handling: Now the dist directory is inside the artifact (instead of the contents of the directory being in the directory): this means the default path now works for `download-artifact` * Dump changelog into the release body Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-04-25 10:40:47 +03:00
Lukas Pühringer	411505d4b7	Merge pull request #2619 from jku/only-test-old-python-on-linux workflows: Only test old Pythons on linux	2024-04-25 09:28:25 +02:00
Jussi Kukkonen	5f854b6440	workflows: Only test old Pythons on linux * This fixes current CI (new mac runners do not have old pythons) * This is also sensible: running the complete matrix seems wasteful Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-04-24 20:57:49 +03:00
Jussi Kukkonen	ffc1c3f41f	Merge pull request #2614 from theupdateframework/dependabot/github_actions/action-dependencies-fbc4b1338b build(deps): bump the action-dependencies group with 3 updates	2024-04-23 10:59:17 +03:00
Jussi Kukkonen	8cfb484a23	Merge pull request #2615 from theupdateframework/dependabot/pip/build-and-release-dependencies-cdb6e24264 build(deps): bump hatchling from 1.23.0 to 1.24.2 in the build-and-release-dependencies group	2024-04-23 10:58:22 +03:00
Jussi Kukkonen	c12c4300e2	Merge pull request #2616 from theupdateframework/dependabot/pip/test-and-lint-dependencies-79885ab03b build(deps): bump ruff from 0.3.7 to 0.4.1 in the test-and-lint-dependencies group	2024-04-23 10:57:55 +03:00
dependabot[bot]	46e9ccae99	build(deps): bump ruff in the test-and-lint-dependencies group Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff). Updates `ruff` from 0.3.7 to 0.4.1 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.3.7...v0.4.1) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-and-lint-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-22 21:46:15 +00:00
dependabot[bot]	3a2c7b413a	build(deps): bump hatchling in the build-and-release-dependencies group Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch). Updates `hatchling` from 1.23.0 to 1.24.2 - [Release notes](https://github.com/pypa/hatch/releases) - [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.23.0...hatchling-v1.24.2) --- updated-dependencies: - dependency-name: hatchling dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-and-release-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-22 21:44:58 +00:00
dependabot[bot]	0e5833afb8	build(deps): bump the action-dependencies group with 3 updates Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/checkout` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`9bb56186c3...1d96c772d1`) Updates `actions/upload-artifact` from 4.3.1 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](`5d5d22a312...65462800fd`) Updates `actions/download-artifact` from 4.1.4 to 4.1.6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](`c850b930e6...9c19ed7fe5`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-22 21:40:01 +00:00
Jussi Kukkonen	f165c76fc2	Merge pull request #2613 from NicholasTanz/enableRulesets Enable rulesets (BLE and RUF)	2024-04-22 16:19:55 +03:00
Jussi Kukkonen	9db9277849	Merge pull request #2610 from jku/simplify-tests workflows: Simplify testing	2024-04-22 15:09:44 +03:00
Jussi Kukkonen	74882c52ec	Merge pull request #2612 from jku/support-app-user-agent Support app-specific user-agents	2024-04-22 15:08:08 +03:00
Jussi Kukkonen	fb581453ab	tests: Add a test for custom application user agent Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-04-22 14:54:43 +03:00
E3E	52601e2bd8	add RUF and BLE rulesets; ignore some broad exceptions (BLE001) and RUF012 Signed-off-by: E3E <ntanzill@purdue.edu>	2024-04-21 01:37:40 -04:00
Jussi Kukkonen	fe2068697c	Support app-specific user-agents * application user-agent can be set with UpdaterConfig object * Setting will affect the default fetcher only * the application user-agent will be prefixed to the ngclient default user-agent Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-04-19 17:55:29 +03:00
Jussi Kukkonen	7d57ab65d2	workflows: Simplify testing * Don't try to handle sslib main test within the matrix * Put it in a separate workflow * Include the new workflow in CI but not in CD * Bonus: Make cache-dependency-path more complete Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2024-04-16 10:32:08 +03:00
Jussi Kukkonen	c6256875f0	Merge pull request #2608 from theupdateframework/dependabot/pip/test-and-lint-dependencies-b976d329b1 build(deps): bump ruff from 0.3.5 to 0.3.7 in the test-and-lint-dependencies group	2024-04-16 09:29:08 +03:00

1 2 3 4 5 ...

6224 commits