Commit graph

6224 commits

Author SHA1 Message Date
dependabot[bot]
a17f6f7c8d
build(deps): bump the action-dependencies group with 1 update
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/download-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](7a1cd3216c...f44cd7b40b)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-19 09:36:42 +00:00
Jussi Kukkonen
f1141f069b
Merge pull request #2536 from jku/add-coverage-to-test-group
dependabot: Add coverage to test-and-lint group
2023-12-19 11:35:55 +02:00
Jussi Kukkonen
e878e083ce
Merge pull request #2533 from theupdateframework/dependabot/pip/build-and-release-dependencies-fc7e6ec015
build(deps): bump the build-and-release-dependencies group with 1 update
2023-12-19 10:24:20 +02:00
Jussi Kukkonen
65d58b1375
Merge pull request #2535 from theupdateframework/dependabot/pip/dependencies-82d57d2cf0
build(deps): bump the dependencies group with 1 update
2023-12-19 10:23:59 +02:00
Jussi Kukkonen
d593a82d6a dependabot: Add coverage to test-and-lint group
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-19 10:20:30 +02:00
Jussi Kukkonen
5b4e0944d0
Merge pull request #2534 from theupdateframework/dependabot/pip/test-and-lint-dependencies-137aa31706
build(deps): bump the test-and-lint-dependencies group with 1 update
2023-12-19 10:15:56 +02:00
Jussi Kukkonen
9ffb7bd038
Merge pull request #2532 from theupdateframework/dependabot/github_actions/action-dependencies-7a33d65384
build(deps): bump the action-dependencies group with 3 updates
2023-12-19 10:15:45 +02:00
dependabot[bot]
0e34993d16
build(deps): bump the dependencies group with 1 update
Bumps the dependencies group with 1 update: [coverage](https://github.com/nedbat/coveragepy).


Updates `coverage` from 7.3.2 to 7.3.3
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.2...7.3.3)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:59:12 +00:00
dependabot[bot]
745eff6676
build(deps): bump the test-and-lint-dependencies group with 1 update
Bumps the test-and-lint-dependencies group with 1 update: [isort](https://github.com/pycqa/isort).


Updates `isort` from 5.13.1 to 5.13.2
- [Release notes](https://github.com/pycqa/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pycqa/isort/compare/5.13.1...5.13.2)

---
updated-dependencies:
- dependency-name: isort
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:57:54 +00:00
dependabot[bot]
c60dd9bc3a
build(deps): bump the build-and-release-dependencies group with 1 update
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch).


Updates `hatchling` from 1.20.0 to 1.21.0
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.20.0...hatchling-v1.21.0)

---
updated-dependencies:
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:57:17 +00:00
dependabot[bot]
0ee4bb14d8
build(deps): bump the action-dependencies group with 3 updates
Bumps the action-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/upload-artifact` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](a8a3f3ad30...c7d193f32e)

Updates `actions/download-artifact` from 3.0.2 to 4.0.0
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](9bc31d5ccc...7a1cd3216c)

Updates `github/codeql-action` from 2 to 3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: action-dependencies
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: action-dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:37:32 +00:00
Jussi Kukkonen
9b877d2971
Merge pull request #2531 from theupdateframework/dependabot/pip/test-and-lint-dependencies-ba4aa0f83e
build(deps): bump the test-and-lint-dependencies group with 3 updates
2023-12-13 15:50:26 +02:00
dependabot[bot]
bae72af900
build(deps): bump the test-and-lint-dependencies group with 3 updates
Bumps the test-and-lint-dependencies group with 3 updates: [black](https://github.com/psf/black), [isort](https://github.com/pycqa/isort) and [pylint](https://github.com/pylint-dev/pylint).


Updates `black` from 23.11.0 to 23.12.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.11.0...23.12.0)

Updates `isort` from 5.13.0 to 5.13.1
- [Release notes](https://github.com/pycqa/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pycqa/isort/compare/5.13.0...5.13.1)

Updates `pylint` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](https://github.com/pylint-dev/pylint/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
- dependency-name: isort
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-13 13:38:25 +00:00
Jussi Kukkonen
e07b7e443d
Merge pull request #2530 from jku/dependabot-groups
Dependabot: Use groups, update weekly
2023-12-13 15:34:46 +02:00
Jussi Kukkonen
fdcfb6a423 dependabot: Add hatchling to build dependencies group
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
2b1d4eb182 Dependabot: Use groups, update weekly
All dependencies are now checked weekly and those weekly updates
are grouped into 4 groups:
  * critical python build/release deps
  * python test and lint deps (only pinned for test repro)
  * all other python dependencies
  * All github action dependencies

This is not quite the division that was hashed out in #2014, mostly for
practical reasons:
* GitHub actions are already practically split by pinning strategy so they
  don't really need further groups:
  * Non-security-relevant actions are pinned by tags
  * Other actions are pinned by hash
* The dependency grouping is quite limited

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
6c25c353f0
Merge pull request #2528 from lukpueh/upgrade-hatchling
build: Upgrade hatchling to 1.20.0
2023-12-13 13:55:54 +02:00
Lukas Puehringer
dd9b5e0da2 build: add workaround to auto-update build system
Dependabot does not support `build-system.requires`. To get
reproducibility and auto-updates, we pin the version in a regular
requirements file and use it as constraint during build.

fixes: #2529
upstream issue: dependabot/dependabot-core#8465
h/t @jku

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 12:32:00 +01:00
Lukas Puehringer
7c5f5d2517 build: Upgrade hatchling to 1.20.0
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 09:49:15 +01:00
Jussi Kukkonen
8fbf0c7d2f
Merge pull request #2514 from theupdateframework/dependabot/pip/idna-3.6
build(deps): bump idna from 3.4 to 3.6
2023-12-12 14:57:13 +02:00
Jussi Kukkonen
3419e7d0a0
Merge pull request #2524 from lukpueh/upgrade-hatchling
build: Upgrade hatchling to 1.19.1
2023-12-12 14:10:57 +02:00
Lukas Puehringer
00be49b6b5 build: Upgrade hatchling to 1.19.1
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-12 11:20:09 +01:00
dependabot[bot]
7a2f4e2734
build(deps): bump idna from 3.4 to 3.6
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.6.
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.6)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:11:44 +00:00
Jussi Kukkonen
a1a2f2bcbe
Merge pull request #2515 from theupdateframework/dependabot/pip/cryptography-41.0.7
build(deps): bump cryptography from 41.0.5 to 41.0.7
2023-12-12 11:11:03 +02:00
Jussi Kukkonen
892b778d47
Merge pull request #2521 from theupdateframework/dependabot/github_actions/actions/setup-python-5.0.0
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
2023-12-12 11:10:44 +02:00
Jussi Kukkonen
7183e55b87
Merge pull request #2513 from theupdateframework/dependabot/pip/mypy-1.7.1
build(deps): bump mypy from 1.7.0 to 1.7.1
2023-12-12 11:10:08 +02:00
dependabot[bot]
cbbae8ae79
build(deps): bump mypy from 1.7.0 to 1.7.1
Bumps [mypy](https://github.com/python/mypy) from 1.7.0 to 1.7.1.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:06:50 +00:00
Jussi Kukkonen
06c68f1f00
Merge pull request #2523 from theupdateframework/dependabot/pip/bandit-1.7.6
build(deps): bump bandit from 1.7.5 to 1.7.6
2023-12-12 11:05:52 +02:00
dependabot[bot]
3aa00723e3
build(deps): bump bandit from 1.7.5 to 1.7.6
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 08:25:31 +00:00
Jussi Kukkonen
0dc514d821
Merge pull request #2522 from theupdateframework/dependabot/pip/isort-5.13.0
build(deps): bump isort from 5.12.0 to 5.13.0
2023-12-12 10:23:04 +02:00
dependabot[bot]
2db6b4ab5a
build(deps): bump isort from 5.12.0 to 5.13.0
Bumps [isort](https://github.com/pycqa/isort) from 5.12.0 to 5.13.0.
- [Release notes](https://github.com/pycqa/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pycqa/isort/compare/5.12.0...5.13.0)

---
updated-dependencies:
- dependency-name: isort
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-11 10:39:11 +00:00
dependabot[bot]
9cb3eb582b
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](65d7f2d534...0a5c615913)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 10:56:23 +00:00
Jussi Kukkonen
f711997a08
Merge pull request #2519 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.31.0
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
2023-12-04 16:08:19 +01:00
dependabot[bot]
5ac1af75f0
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib) from 0.30.0 to 0.31.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases)
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 10:57:44 +00:00
Jussi Kukkonen
06ef16b548
Merge pull request #2516 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.11
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
2023-12-04 09:54:22 +01:00
dependabot[bot]
9704d5bb44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.10 to 1.8.11.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](b7f401de30...2f6f737ca5)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 08:04:44 +00:00
dependabot[bot]
9e6fe7c62d
build(deps): bump cryptography from 41.0.5 to 41.0.7
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.5 to 41.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.5...41.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 08:03:49 +00:00
Jussi Kukkonen
e989c14ee9
Merge pull request #2518 from NicholasTanz/enable_python3.12
build: Enable python 3.12
2023-12-04 09:02:09 +01:00
Jussi Kukkonen
823342a51e
Merge pull request #2517 from lukpueh/upgrade-hatchling
build: Upgrade hatchling to latest release
2023-12-04 08:53:24 +01:00
E3E
4e1d8a7ad3 enable python 3.12
Signed-off-by: E3E <ntanzill@purdue.edu>
2023-12-02 23:28:34 -05:00
Lukas Puehringer
a61172a155 build: Upgrade hatchling to latest release
This is not tracked by dependabot so needs manual updates.

Manually tested by building with previous and new hatchling version
and diffing unzipped/untared wheel and sdist.

There were no unexpected changes.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-11-30 10:25:23 +01:00
Lukas Pühringer
c92cd28b38
Merge pull request #2512 from theupdateframework/dependabot/pip/certifi-2023.11.17
build(deps): bump certifi from 2023.7.22 to 2023.11.17
2023-11-21 12:51:51 +01:00
Lukas Pühringer
1b5949834a
Merge pull request #2509 from theupdateframework/dependabot/pip/urllib3-2.1.0
build(deps): bump urllib3 from 2.0.7 to 2.1.0
2023-11-21 12:51:03 +01:00
Lukas Pühringer
0b44de7cc9
Merge pull request #2508 from theupdateframework/dependabot/pip/mypy-1.7.0
build(deps): bump mypy from 1.6.1 to 1.7.0
2023-11-21 12:49:20 +01:00
Jussi Kukkonen
8ccaffe0fa
Merge pull request #2511 from theupdateframework/dependabot/github_actions/actions/github-script-7.0.1
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
2023-11-20 13:19:15 +02:00
dependabot[bot]
c5153c6f72
build(deps): bump certifi from 2023.7.22 to 2023.11.17
Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2023.11.17.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.07.22...2023.11.17)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:33:47 +00:00
dependabot[bot]
4d6a9310ee
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](d7906e4ad0...60a0d83039)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:13:14 +00:00
dependabot[bot]
a4ebaa405d
build(deps): bump urllib3 from 2.0.7 to 2.1.0
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.7 to 2.1.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.7...2.1.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-14 10:18:41 +00:00
dependabot[bot]
1d60002916
build(deps): bump mypy from 1.6.1 to 1.7.0
Bumps [mypy](https://github.com/python/mypy) from 1.6.1 to 1.7.0.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.6.1...v1.7.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-13 10:34:31 +00:00
Jussi Kukkonen
6a682f4df8
Merge pull request #2507 from theupdateframework/dependabot/pip/black-23.11.0
build(deps): bump black from 23.10.1 to 23.11.0
2023-11-13 10:50:23 +02:00