Commit graph

6224 commits

Author SHA1 Message Date
Jussi Kukkonen
67e00ce176
Merge pull request #2609 from theupdateframework/dependabot/pip/dependencies-a98e789dc2
build(deps): bump idna from 3.6 to 3.7 in the dependencies group
2024-04-16 09:28:07 +03:00
Jussi Kukkonen
22a6ce578f
Merge pull request #2607 from theupdateframework/dependabot/pip/build-and-release-dependencies-6c3538640a
build(deps): bump hatchling from 1.22.4 to 1.23.0 in the build-and-release-dependencies group
2024-04-16 09:26:15 +03:00
dependabot[bot]
c4404776e9
build(deps): bump idna from 3.6 to 3.7 in the dependencies group
Bumps the dependencies group with 1 update: [idna](https://github.com/kjd/idna).


Updates `idna` from 3.6 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:21:22 +00:00
dependabot[bot]
0321caae3d
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.3.5 to 0.3.7
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.5...v0.3.7)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:20:07 +00:00
dependabot[bot]
c248dd9fbe
build(deps): bump hatchling in the build-and-release-dependencies group
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch).


Updates `hatchling` from 1.22.4 to 1.23.0
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.22.4...hatchling-v1.23.0)

---
updated-dependencies:
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:19:42 +00:00
Lukas Pühringer
f1f1ed3bc7
Merge pull request #2606 from jku/drop-persist-temp-file
Metadata API: Stop using a deprecated method
2024-04-15 15:51:52 +02:00
Jussi Kukkonen
3605eaf2fb Metadata API: Stop using a deprecated method
persist_temp_file() is deprecated, and seemingly not very useful.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-12 22:41:12 +03:00
Jussi Kukkonen
2d6fc743a4
Merge pull request #2601 from jku/release-v4
Release v4.0.0
2024-04-04 11:27:12 +03:00
Jussi Kukkonen
928702a8ac Release v4.0.0
This is a major bump only because of Metadata API, ngclient is
compatible with 3.x.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-04 10:25:18 +03:00
Lukas Pühringer
892c789374
Merge pull request #2600 from lukpueh/set-max-sslib-version
Constrain securesystemslib dependency to <0.32.0
2024-04-03 18:42:38 +02:00
Lukas Puehringer
bc3ebd8e1e Constrain securesystemslib dependency to <0.32.0
There are several breaking changes coming up in securesystemslib on its
way to 1.0.

To not disrupt tuf users this patch constrains securesystemslib to not
update the current minor version..

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2024-04-03 17:46:57 +02:00
Jussi Kukkonen
5947bd0155
Merge pull request #2594 from theupdateframework/dependabot/pip/build-and-release-dependencies-0bd4b864f7
build(deps): bump the build-and-release-dependencies group with 2 updates
2024-04-02 12:01:15 +03:00
Jussi Kukkonen
afa46195d3
Merge pull request #2596 from theupdateframework/dependabot/github_actions/action-dependencies-77fe302159
build(deps): bump the action-dependencies group with 2 updates
2024-04-02 11:44:18 +03:00
Jussi Kukkonen
7c5cae36cb
Merge pull request #2595 from theupdateframework/dependabot/pip/test-and-lint-dependencies-87f5007267
build(deps): bump the test-and-lint-dependencies group with 1 update
2024-04-02 11:43:44 +03:00
Jussi Kukkonen
ad2c98aeec
Merge pull request #2593 from theupdateframework/dependabot/pip/dependencies-f63015d7f8
build(deps): bump the dependencies group with 1 update
2024-04-02 11:42:38 +03:00
dependabot[bot]
6cd2d22ad2
build(deps): bump the dependencies group with 1 update
Bumps the dependencies group with 1 update: [pycparser](https://github.com/eliben/pycparser).


Updates `pycparser` from 2.21 to 2.22
- [Release notes](https://github.com/eliben/pycparser/releases)
- [Changelog](https://github.com/eliben/pycparser/blob/main/CHANGES)
- [Commits](https://github.com/eliben/pycparser/compare/release_v2.21...release_v2.22)

---
updated-dependencies:
- dependency-name: pycparser
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:09:47 +00:00
dependabot[bot]
9f4906bbd1
build(deps): bump the test-and-lint-dependencies group with 1 update
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.3.3 to 0.3.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.3...v0.3.5)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:08:30 +00:00
Jussi Kukkonen
26e6a956f8
Merge pull request #2592 from jku/even-more-rulesets
lint: Enable more ruff rulesets
2024-04-02 11:06:08 +03:00
Jussi Kukkonen
009e1ddbf4 lint: Enable more ruff ulesets
Minor fixes were needed, the only possibly interesting one is
the one in RequestsFetcher (use "yield from").

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-02 11:02:48 +03:00
dependabot[bot]
38aeadfe1a
build(deps): bump the build-and-release-dependencies group with 2 updates
Bumps the build-and-release-dependencies group with 2 updates: [build](https://github.com/pypa/build) and [hatchling](https://github.com/pypa/hatch).


Updates `build` from 1.1.1 to 1.2.1
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/build/compare/1.1.1...1.2.1)

Updates `hatchling` from 1.22.2 to 1.22.4
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.22.2...hatchling-v1.22.4)

---
updated-dependencies:
- dependency-name: build
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:02:39 +00:00
dependabot[bot]
feaaeab865
build(deps): bump the action-dependencies group with 2 updates
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-python](https://github.com/actions/setup-python).


Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](b4ffde65f4...9bb56186c3)

Updates `actions/setup-python` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](0a5c615913...82c7e631bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:02:13 +00:00
Lukas Pühringer
e1f8f73185
Merge pull request #2591 from jku/tests-fix-signer-api
tests: Fix test signer to match new securesystemslib API
2024-04-02 09:43:39 +02:00
Jussi Kukkonen
24f172f017 tests: Fix test signer to match new API
securesystemslib main requires Signers to have a public_key property.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-27 13:52:43 +02:00
Jussi Kukkonen
40a4e48716
Merge pull request #2588 from jku/some-more-linters
linter: Enable more rulesets
2024-03-22 10:41:58 +01:00
Jussi Kukkonen
1512653995 linter: Enable more rules
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-19 16:30:52 +02:00
Jussi Kukkonen
73b48a67f3
Merge pull request #2586 from theupdateframework/dependabot/pip/test-and-lint-dependencies-3cdd2fbde4
build(deps): bump the test-and-lint-dependencies group with 2 updates
2024-03-19 13:57:48 +02:00
Jussi Kukkonen
9ca7e31bd7
Merge pull request #2585 from theupdateframework/dependabot/pip/build-and-release-dependencies-b02894b424
build(deps): bump the build-and-release-dependencies group with 1 update
2024-03-19 09:15:12 +02:00
dependabot[bot]
0eb3c83202
build(deps): bump the test-and-lint-dependencies group with 2 updates
Bumps the test-and-lint-dependencies group with 2 updates: [coverage](https://github.com/nedbat/coveragepy) and [ruff](https://github.com/astral-sh/ruff).


Updates `coverage` from 7.4.3 to 7.4.4
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.3...7.4.4)

Updates `ruff` from 0.3.2 to 0.3.3
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.2...v0.3.3)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-18 21:13:38 +00:00
dependabot[bot]
91c3b43344
build(deps): bump the build-and-release-dependencies group with 1 update
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch).


Updates `hatchling` from 1.21.1 to 1.22.2
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.21.1...hatchling-v1.22.2)

---
updated-dependencies:
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-18 21:13:02 +00:00
Jussi Kukkonen
a5a813e574
Merge pull request #2583 from theupdateframework/dependabot/pip/test-and-lint-dependencies-bb6bff9b6c 2024-03-12 11:47:54 +02:00
dependabot[bot]
eb1b56c925
build(deps): bump the test-and-lint-dependencies group with 2 updates
Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [mypy](https://github.com/python/mypy).


Updates `ruff` from 0.2.2 to 0.3.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.2.2...v0.3.2)

Updates `mypy` from 1.8.0 to 1.9.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.8.0...1.9.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-12 09:43:24 +00:00
Lukas Pühringer
e1b52e7fd8
Merge pull request #2580 from theupdateframework/dependabot/pip/test-and-lint-dependencies-c17666fe2e
build(deps): bump the test-and-lint-dependencies group with 1 update
2024-03-12 09:40:40 +01:00
Lukas Pühringer
38f7f06075
Merge pull request #2584 from theupdateframework/dependabot/github_actions/action-dependencies-7aaf6e754f
build(deps): bump the action-dependencies group with 1 update
2024-03-12 09:24:04 +01:00
dependabot[bot]
87d1778c03
build(deps): bump the action-dependencies group with 1 update
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish).


Updates `pypa/gh-action-pypi-publish` from 1.8.12 to 1.8.14
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](e53eb8b103...81e9d935c8)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-11 21:41:44 +00:00
Lukas Pühringer
22080157f4
Merge pull request #2582 from jku/more-flake-linters
Enable more linters (flake8-bugbear and flake8-datetimez)
2024-03-11 10:59:10 +01:00
Jussi Kukkonen
d95cff9a70 lint: Enable flake8-bugbear and flake8-datetimez
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-08 15:02:45 +02:00
Jussi Kukkonen
289950a17c updater: Minor improvements to error handling
In RequestsFetcher it makes sense to raise "from e" but in
updater the error we raise is not related to the original
error: use "from None".

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-08 15:00:42 +02:00
Jussi Kukkonen
27cc46f61d Metadata API: Refactor strptime call
This makes flake8-datetimez happier but has no effect on the result:

    DTZ007 The use of `datetime.datetime.strptime()` without %z must be
    followed by `.replace(tzinfo=)` or `.astimezone()

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-08 14:59:04 +02:00
Jussi Kukkonen
10841c6a23 tox: Add auto-format and and auto-fix
"tox -e fix" will fix whatever ruff knows how to fix automatically.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-07 12:01:03 +02:00
Jussi Kukkonen
d86f8ad85f
Merge pull request #2579 from theupdateframework/dependabot/pip/build-and-release-dependencies-89af8b0dd3
build(deps): bump the build-and-release-dependencies group with 1 update
2024-03-07 11:50:18 +02:00
Jussi Kukkonen
ff497c7324
Merge pull request #2573 from Mansur908/develop
change utcnow() to now(timezone.utc)
2024-03-07 10:16:29 +02:00
Jussi Kukkonen
884cae9660 lint: Update formatting for ruff 3.x
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-07 10:05:36 +02:00
Jussi Kukkonen
92dfff90b8
Merge pull request #2581 from theupdateframework/dependabot/github_actions/action-dependencies-75146c7076
build(deps): bump the action-dependencies group with 1 update
2024-03-05 11:02:25 +02:00
dependabot[bot]
20660262a7
build(deps): bump the action-dependencies group with 1 update
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/download-artifact` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](87c55149d9...c850b930e6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-04 21:16:03 +00:00
dependabot[bot]
5c0b3ac104
build(deps): bump the test-and-lint-dependencies group with 1 update
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.2.2 to 0.3.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.2.2...v0.3.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-04 21:05:59 +00:00
dependabot[bot]
c3517370e8
build(deps): bump the build-and-release-dependencies group with 1 update
Bumps the build-and-release-dependencies group with 1 update: [build](https://github.com/pypa/build).


Updates `build` from 1.0.3 to 1.1.1
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/build/compare/1.0.3...1.1.1)

---
updated-dependencies:
- dependency-name: build
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-04 21:05:27 +00:00
Jussi Kukkonen
09291239c8
Merge pull request #2578 from jku/improve-dev-docs
Improve dev docs
2024-02-29 19:44:30 +02:00
Jussi Kukkonen
f82e0bb88d docs: Incorporate review suggestions
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-29 15:54:18 +02:00
Jussi Kukkonen
dceced7acd tests: Avoid UTC alias
Older Pythons do not have this alias, use timezone.utc

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-29 15:45:56 +02:00
Jussi Kukkonen
de9633dab7 Metadata API: convenience tweak to expires setter
Practically were changing API if we start requiring that
expires is non-naive because this no longer works:

    metadata.signed.expires = datetime(3000,1,1)

We can make this work without API breaks though:
* it the input is naive, just use UTC
* if the input is not naive or UTC, raise

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-29 15:36:54 +02:00