Jussi Kukkonen
67e00ce176
Merge pull request #2609 from theupdateframework/dependabot/pip/dependencies-a98e789dc2
...
build(deps): bump idna from 3.6 to 3.7 in the dependencies group
2024-04-16 09:28:07 +03:00
Jussi Kukkonen
22a6ce578f
Merge pull request #2607 from theupdateframework/dependabot/pip/build-and-release-dependencies-6c3538640a
...
build(deps): bump hatchling from 1.22.4 to 1.23.0 in the build-and-release-dependencies group
2024-04-16 09:26:15 +03:00
dependabot[bot]
c4404776e9
build(deps): bump idna from 3.6 to 3.7 in the dependencies group
...
Bumps the dependencies group with 1 update: [idna](https://github.com/kjd/idna ).
Updates `idna` from 3.6 to 3.7
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:21:22 +00:00
dependabot[bot]
0321caae3d
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.3.5 to 0.3.7
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.5...v0.3.7 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:20:07 +00:00
dependabot[bot]
c248dd9fbe
build(deps): bump hatchling in the build-and-release-dependencies group
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.22.4 to 1.23.0
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.22.4...hatchling-v1.23.0 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:19:42 +00:00
Lukas Pühringer
f1f1ed3bc7
Merge pull request #2606 from jku/drop-persist-temp-file
...
Metadata API: Stop using a deprecated method
2024-04-15 15:51:52 +02:00
Jussi Kukkonen
3605eaf2fb
Metadata API: Stop using a deprecated method
...
persist_temp_file() is deprecated, and seemingly not very useful.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-12 22:41:12 +03:00
Jussi Kukkonen
2d6fc743a4
Merge pull request #2601 from jku/release-v4
...
Release v4.0.0
2024-04-04 11:27:12 +03:00
Jussi Kukkonen
928702a8ac
Release v4.0.0
...
This is a major bump only because of Metadata API, ngclient is
compatible with 3.x.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-04 10:25:18 +03:00
Lukas Pühringer
892c789374
Merge pull request #2600 from lukpueh/set-max-sslib-version
...
Constrain securesystemslib dependency to <0.32.0
2024-04-03 18:42:38 +02:00
Lukas Puehringer
bc3ebd8e1e
Constrain securesystemslib dependency to <0.32.0
...
There are several breaking changes coming up in securesystemslib on its
way to 1.0.
To not disrupt tuf users this patch constrains securesystemslib to not
update the current minor version..
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2024-04-03 17:46:57 +02:00
Jussi Kukkonen
5947bd0155
Merge pull request #2594 from theupdateframework/dependabot/pip/build-and-release-dependencies-0bd4b864f7
...
build(deps): bump the build-and-release-dependencies group with 2 updates
2024-04-02 12:01:15 +03:00
Jussi Kukkonen
afa46195d3
Merge pull request #2596 from theupdateframework/dependabot/github_actions/action-dependencies-77fe302159
...
build(deps): bump the action-dependencies group with 2 updates
2024-04-02 11:44:18 +03:00
Jussi Kukkonen
7c5cae36cb
Merge pull request #2595 from theupdateframework/dependabot/pip/test-and-lint-dependencies-87f5007267
...
build(deps): bump the test-and-lint-dependencies group with 1 update
2024-04-02 11:43:44 +03:00
Jussi Kukkonen
ad2c98aeec
Merge pull request #2593 from theupdateframework/dependabot/pip/dependencies-f63015d7f8
...
build(deps): bump the dependencies group with 1 update
2024-04-02 11:42:38 +03:00
dependabot[bot]
6cd2d22ad2
build(deps): bump the dependencies group with 1 update
...
Bumps the dependencies group with 1 update: [pycparser](https://github.com/eliben/pycparser ).
Updates `pycparser` from 2.21 to 2.22
- [Release notes](https://github.com/eliben/pycparser/releases )
- [Changelog](https://github.com/eliben/pycparser/blob/main/CHANGES )
- [Commits](https://github.com/eliben/pycparser/compare/release_v2.21...release_v2.22 )
---
updated-dependencies:
- dependency-name: pycparser
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:09:47 +00:00
dependabot[bot]
9f4906bbd1
build(deps): bump the test-and-lint-dependencies group with 1 update
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.3.3 to 0.3.5
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.3...v0.3.5 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:08:30 +00:00
Jussi Kukkonen
26e6a956f8
Merge pull request #2592 from jku/even-more-rulesets
...
lint: Enable more ruff rulesets
2024-04-02 11:06:08 +03:00
Jussi Kukkonen
009e1ddbf4
lint: Enable more ruff ulesets
...
Minor fixes were needed, the only possibly interesting one is
the one in RequestsFetcher (use "yield from").
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-02 11:02:48 +03:00
dependabot[bot]
38aeadfe1a
build(deps): bump the build-and-release-dependencies group with 2 updates
...
Bumps the build-and-release-dependencies group with 2 updates: [build](https://github.com/pypa/build ) and [hatchling](https://github.com/pypa/hatch ).
Updates `build` from 1.1.1 to 1.2.1
- [Release notes](https://github.com/pypa/build/releases )
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/build/compare/1.1.1...1.2.1 )
Updates `hatchling` from 1.22.2 to 1.22.4
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.22.2...hatchling-v1.22.4 )
---
updated-dependencies:
- dependency-name: build
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:02:39 +00:00
dependabot[bot]
feaaeab865
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3 )
Updates `actions/setup-python` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](0a5c615913...82c7e631bb )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:02:13 +00:00
Lukas Pühringer
e1f8f73185
Merge pull request #2591 from jku/tests-fix-signer-api
...
tests: Fix test signer to match new securesystemslib API
2024-04-02 09:43:39 +02:00
Jussi Kukkonen
24f172f017
tests: Fix test signer to match new API
...
securesystemslib main requires Signers to have a public_key property.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-27 13:52:43 +02:00
Jussi Kukkonen
40a4e48716
Merge pull request #2588 from jku/some-more-linters
...
linter: Enable more rulesets
2024-03-22 10:41:58 +01:00
Jussi Kukkonen
1512653995
linter: Enable more rules
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-19 16:30:52 +02:00
Jussi Kukkonen
73b48a67f3
Merge pull request #2586 from theupdateframework/dependabot/pip/test-and-lint-dependencies-3cdd2fbde4
...
build(deps): bump the test-and-lint-dependencies group with 2 updates
2024-03-19 13:57:48 +02:00
Jussi Kukkonen
9ca7e31bd7
Merge pull request #2585 from theupdateframework/dependabot/pip/build-and-release-dependencies-b02894b424
...
build(deps): bump the build-and-release-dependencies group with 1 update
2024-03-19 09:15:12 +02:00
dependabot[bot]
0eb3c83202
build(deps): bump the test-and-lint-dependencies group with 2 updates
...
Bumps the test-and-lint-dependencies group with 2 updates: [coverage](https://github.com/nedbat/coveragepy ) and [ruff](https://github.com/astral-sh/ruff ).
Updates `coverage` from 7.4.3 to 7.4.4
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.3...7.4.4 )
Updates `ruff` from 0.3.2 to 0.3.3
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.2...v0.3.3 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-18 21:13:38 +00:00
dependabot[bot]
91c3b43344
build(deps): bump the build-and-release-dependencies group with 1 update
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.21.1 to 1.22.2
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.21.1...hatchling-v1.22.2 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-18 21:13:02 +00:00
Jussi Kukkonen
a5a813e574
Merge pull request #2583 from theupdateframework/dependabot/pip/test-and-lint-dependencies-bb6bff9b6c
2024-03-12 11:47:54 +02:00
dependabot[bot]
eb1b56c925
build(deps): bump the test-and-lint-dependencies group with 2 updates
...
Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff ) and [mypy](https://github.com/python/mypy ).
Updates `ruff` from 0.2.2 to 0.3.2
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.2.2...v0.3.2 )
Updates `mypy` from 1.8.0 to 1.9.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.8.0...1.9.0 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-12 09:43:24 +00:00
Lukas Pühringer
e1b52e7fd8
Merge pull request #2580 from theupdateframework/dependabot/pip/test-and-lint-dependencies-c17666fe2e
...
build(deps): bump the test-and-lint-dependencies group with 1 update
2024-03-12 09:40:40 +01:00
Lukas Pühringer
38f7f06075
Merge pull request #2584 from theupdateframework/dependabot/github_actions/action-dependencies-7aaf6e754f
...
build(deps): bump the action-dependencies group with 1 update
2024-03-12 09:24:04 +01:00
dependabot[bot]
87d1778c03
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.8.12 to 1.8.14
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](e53eb8b103...81e9d935c8 )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-11 21:41:44 +00:00
Lukas Pühringer
22080157f4
Merge pull request #2582 from jku/more-flake-linters
...
Enable more linters (flake8-bugbear and flake8-datetimez)
2024-03-11 10:59:10 +01:00
Jussi Kukkonen
d95cff9a70
lint: Enable flake8-bugbear and flake8-datetimez
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-08 15:02:45 +02:00
Jussi Kukkonen
289950a17c
updater: Minor improvements to error handling
...
In RequestsFetcher it makes sense to raise "from e" but in
updater the error we raise is not related to the original
error: use "from None".
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-08 15:00:42 +02:00
Jussi Kukkonen
27cc46f61d
Metadata API: Refactor strptime call
...
This makes flake8-datetimez happier but has no effect on the result:
DTZ007 The use of `datetime.datetime.strptime()` without %z must be
followed by `.replace(tzinfo=)` or `.astimezone()
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-08 14:59:04 +02:00
Jussi Kukkonen
10841c6a23
tox: Add auto-format and and auto-fix
...
"tox -e fix" will fix whatever ruff knows how to fix automatically.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-07 12:01:03 +02:00
Jussi Kukkonen
d86f8ad85f
Merge pull request #2579 from theupdateframework/dependabot/pip/build-and-release-dependencies-89af8b0dd3
...
build(deps): bump the build-and-release-dependencies group with 1 update
2024-03-07 11:50:18 +02:00
Jussi Kukkonen
ff497c7324
Merge pull request #2573 from Mansur908/develop
...
change utcnow() to now(timezone.utc)
2024-03-07 10:16:29 +02:00
Jussi Kukkonen
884cae9660
lint: Update formatting for ruff 3.x
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-03-07 10:05:36 +02:00
Jussi Kukkonen
92dfff90b8
Merge pull request #2581 from theupdateframework/dependabot/github_actions/action-dependencies-75146c7076
...
build(deps): bump the action-dependencies group with 1 update
2024-03-05 11:02:25 +02:00
dependabot[bot]
20660262a7
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](87c55149d9...c850b930e6 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-04 21:16:03 +00:00
dependabot[bot]
5c0b3ac104
build(deps): bump the test-and-lint-dependencies group with 1 update
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.2.2 to 0.3.0
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.2.2...v0.3.0 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-04 21:05:59 +00:00
dependabot[bot]
c3517370e8
build(deps): bump the build-and-release-dependencies group with 1 update
...
Bumps the build-and-release-dependencies group with 1 update: [build](https://github.com/pypa/build ).
Updates `build` from 1.0.3 to 1.1.1
- [Release notes](https://github.com/pypa/build/releases )
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/build/compare/1.0.3...1.1.1 )
---
updated-dependencies:
- dependency-name: build
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-04 21:05:27 +00:00
Jussi Kukkonen
09291239c8
Merge pull request #2578 from jku/improve-dev-docs
...
Improve dev docs
2024-02-29 19:44:30 +02:00
Jussi Kukkonen
f82e0bb88d
docs: Incorporate review suggestions
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-29 15:54:18 +02:00
Jussi Kukkonen
dceced7acd
tests: Avoid UTC alias
...
Older Pythons do not have this alias, use timezone.utc
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-29 15:45:56 +02:00
Jussi Kukkonen
de9633dab7
Metadata API: convenience tweak to expires setter
...
Practically were changing API if we start requiring that
expires is non-naive because this no longer works:
metadata.signed.expires = datetime(3000,1,1)
We can make this work without API breaks though:
* it the input is naive, just use UTC
* if the input is not naive or UTC, raise
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-29 15:36:54 +02:00