dependabot[bot]
a17f6f7c8d
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](7a1cd3216c...f44cd7b40b )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-19 09:36:42 +00:00
Jussi Kukkonen
f1141f069b
Merge pull request #2536 from jku/add-coverage-to-test-group
...
dependabot: Add coverage to test-and-lint group
2023-12-19 11:35:55 +02:00
Jussi Kukkonen
e878e083ce
Merge pull request #2533 from theupdateframework/dependabot/pip/build-and-release-dependencies-fc7e6ec015
...
build(deps): bump the build-and-release-dependencies group with 1 update
2023-12-19 10:24:20 +02:00
Jussi Kukkonen
65d58b1375
Merge pull request #2535 from theupdateframework/dependabot/pip/dependencies-82d57d2cf0
...
build(deps): bump the dependencies group with 1 update
2023-12-19 10:23:59 +02:00
Jussi Kukkonen
d593a82d6a
dependabot: Add coverage to test-and-lint group
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-19 10:20:30 +02:00
Jussi Kukkonen
5b4e0944d0
Merge pull request #2534 from theupdateframework/dependabot/pip/test-and-lint-dependencies-137aa31706
...
build(deps): bump the test-and-lint-dependencies group with 1 update
2023-12-19 10:15:56 +02:00
Jussi Kukkonen
9ffb7bd038
Merge pull request #2532 from theupdateframework/dependabot/github_actions/action-dependencies-7a33d65384
...
build(deps): bump the action-dependencies group with 3 updates
2023-12-19 10:15:45 +02:00
dependabot[bot]
0e34993d16
build(deps): bump the dependencies group with 1 update
...
Bumps the dependencies group with 1 update: [coverage](https://github.com/nedbat/coveragepy ).
Updates `coverage` from 7.3.2 to 7.3.3
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.2...7.3.3 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:59:12 +00:00
dependabot[bot]
745eff6676
build(deps): bump the test-and-lint-dependencies group with 1 update
...
Bumps the test-and-lint-dependencies group with 1 update: [isort](https://github.com/pycqa/isort ).
Updates `isort` from 5.13.1 to 5.13.2
- [Release notes](https://github.com/pycqa/isort/releases )
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pycqa/isort/compare/5.13.1...5.13.2 )
---
updated-dependencies:
- dependency-name: isort
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:57:54 +00:00
dependabot[bot]
c60dd9bc3a
build(deps): bump the build-and-release-dependencies group with 1 update
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.20.0 to 1.21.0
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.20.0...hatchling-v1.21.0 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:57:17 +00:00
dependabot[bot]
0ee4bb14d8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ), [actions/download-artifact](https://github.com/actions/download-artifact ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/upload-artifact` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32e )
Updates `actions/download-artifact` from 3.0.2 to 4.0.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...7a1cd3216c )
Updates `github/codeql-action` from 2 to 3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:37:32 +00:00
Jussi Kukkonen
9b877d2971
Merge pull request #2531 from theupdateframework/dependabot/pip/test-and-lint-dependencies-ba4aa0f83e
...
build(deps): bump the test-and-lint-dependencies group with 3 updates
2023-12-13 15:50:26 +02:00
dependabot[bot]
bae72af900
build(deps): bump the test-and-lint-dependencies group with 3 updates
...
Bumps the test-and-lint-dependencies group with 3 updates: [black](https://github.com/psf/black ), [isort](https://github.com/pycqa/isort ) and [pylint](https://github.com/pylint-dev/pylint ).
Updates `black` from 23.11.0 to 23.12.0
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.11.0...23.12.0 )
Updates `isort` from 5.13.0 to 5.13.1
- [Release notes](https://github.com/pycqa/isort/releases )
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pycqa/isort/compare/5.13.0...5.13.1 )
Updates `pylint` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/pylint-dev/pylint/releases )
- [Commits](https://github.com/pylint-dev/pylint/compare/v3.0.2...v3.0.3 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
- dependency-name: isort
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-13 13:38:25 +00:00
Jussi Kukkonen
e07b7e443d
Merge pull request #2530 from jku/dependabot-groups
...
Dependabot: Use groups, update weekly
2023-12-13 15:34:46 +02:00
Jussi Kukkonen
fdcfb6a423
dependabot: Add hatchling to build dependencies group
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
2b1d4eb182
Dependabot: Use groups, update weekly
...
All dependencies are now checked weekly and those weekly updates
are grouped into 4 groups:
* critical python build/release deps
* python test and lint deps (only pinned for test repro)
* all other python dependencies
* All github action dependencies
This is not quite the division that was hashed out in #2014 , mostly for
practical reasons:
* GitHub actions are already practically split by pinning strategy so they
don't really need further groups:
* Non-security-relevant actions are pinned by tags
* Other actions are pinned by hash
* The dependency grouping is quite limited
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
6c25c353f0
Merge pull request #2528 from lukpueh/upgrade-hatchling
...
build: Upgrade hatchling to 1.20.0
2023-12-13 13:55:54 +02:00
Lukas Puehringer
dd9b5e0da2
build: add workaround to auto-update build system
...
Dependabot does not support `build-system.requires`. To get
reproducibility and auto-updates, we pin the version in a regular
requirements file and use it as constraint during build.
fixes : #2529
upstream issue: dependabot/dependabot-core#8465
h/t @jku
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 12:32:00 +01:00
Lukas Puehringer
7c5f5d2517
build: Upgrade hatchling to 1.20.0
...
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 09:49:15 +01:00
Jussi Kukkonen
8fbf0c7d2f
Merge pull request #2514 from theupdateframework/dependabot/pip/idna-3.6
...
build(deps): bump idna from 3.4 to 3.6
2023-12-12 14:57:13 +02:00
Jussi Kukkonen
3419e7d0a0
Merge pull request #2524 from lukpueh/upgrade-hatchling
...
build: Upgrade hatchling to 1.19.1
2023-12-12 14:10:57 +02:00
Lukas Puehringer
00be49b6b5
build: Upgrade hatchling to 1.19.1
...
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-12 11:20:09 +01:00
dependabot[bot]
7a2f4e2734
build(deps): bump idna from 3.4 to 3.6
...
Bumps [idna](https://github.com/kjd/idna ) from 3.4 to 3.6.
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.6 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:11:44 +00:00
Jussi Kukkonen
a1a2f2bcbe
Merge pull request #2515 from theupdateframework/dependabot/pip/cryptography-41.0.7
...
build(deps): bump cryptography from 41.0.5 to 41.0.7
2023-12-12 11:11:03 +02:00
Jussi Kukkonen
892b778d47
Merge pull request #2521 from theupdateframework/dependabot/github_actions/actions/setup-python-5.0.0
...
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
2023-12-12 11:10:44 +02:00
Jussi Kukkonen
7183e55b87
Merge pull request #2513 from theupdateframework/dependabot/pip/mypy-1.7.1
...
build(deps): bump mypy from 1.7.0 to 1.7.1
2023-12-12 11:10:08 +02:00
dependabot[bot]
cbbae8ae79
build(deps): bump mypy from 1.7.0 to 1.7.1
...
Bumps [mypy](https://github.com/python/mypy ) from 1.7.0 to 1.7.1.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:06:50 +00:00
Jussi Kukkonen
06c68f1f00
Merge pull request #2523 from theupdateframework/dependabot/pip/bandit-1.7.6
...
build(deps): bump bandit from 1.7.5 to 1.7.6
2023-12-12 11:05:52 +02:00
dependabot[bot]
3aa00723e3
build(deps): bump bandit from 1.7.5 to 1.7.6
...
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6 )
---
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 08:25:31 +00:00
Jussi Kukkonen
0dc514d821
Merge pull request #2522 from theupdateframework/dependabot/pip/isort-5.13.0
...
build(deps): bump isort from 5.12.0 to 5.13.0
2023-12-12 10:23:04 +02:00
dependabot[bot]
2db6b4ab5a
build(deps): bump isort from 5.12.0 to 5.13.0
...
Bumps [isort](https://github.com/pycqa/isort ) from 5.12.0 to 5.13.0.
- [Release notes](https://github.com/pycqa/isort/releases )
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pycqa/isort/compare/5.12.0...5.13.0 )
---
updated-dependencies:
- dependency-name: isort
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-11 10:39:11 +00:00
dependabot[bot]
9cb3eb582b
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](65d7f2d534...0a5c615913 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 10:56:23 +00:00
Jussi Kukkonen
f711997a08
Merge pull request #2519 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.31.0
...
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
2023-12-04 16:08:19 +01:00
dependabot[bot]
5ac1af75f0
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
...
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib ) from 0.30.0 to 0.31.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases )
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md )
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.30.0...v0.31.0 )
---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 10:57:44 +00:00
Jussi Kukkonen
06ef16b548
Merge pull request #2516 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.11
...
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
2023-12-04 09:54:22 +01:00
dependabot[bot]
9704d5bb44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.10 to 1.8.11.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](b7f401de30...2f6f737ca5 )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 08:04:44 +00:00
dependabot[bot]
9e6fe7c62d
build(deps): bump cryptography from 41.0.5 to 41.0.7
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.5 to 41.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.5...41.0.7 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 08:03:49 +00:00
Jussi Kukkonen
e989c14ee9
Merge pull request #2518 from NicholasTanz/enable_python3.12
...
build: Enable python 3.12
2023-12-04 09:02:09 +01:00
Jussi Kukkonen
823342a51e
Merge pull request #2517 from lukpueh/upgrade-hatchling
...
build: Upgrade hatchling to latest release
2023-12-04 08:53:24 +01:00
E3E
4e1d8a7ad3
enable python 3.12
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2023-12-02 23:28:34 -05:00
Lukas Puehringer
a61172a155
build: Upgrade hatchling to latest release
...
This is not tracked by dependabot so needs manual updates.
Manually tested by building with previous and new hatchling version
and diffing unzipped/untared wheel and sdist.
There were no unexpected changes.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-11-30 10:25:23 +01:00
Lukas Pühringer
c92cd28b38
Merge pull request #2512 from theupdateframework/dependabot/pip/certifi-2023.11.17
...
build(deps): bump certifi from 2023.7.22 to 2023.11.17
2023-11-21 12:51:51 +01:00
Lukas Pühringer
1b5949834a
Merge pull request #2509 from theupdateframework/dependabot/pip/urllib3-2.1.0
...
build(deps): bump urllib3 from 2.0.7 to 2.1.0
2023-11-21 12:51:03 +01:00
Lukas Pühringer
0b44de7cc9
Merge pull request #2508 from theupdateframework/dependabot/pip/mypy-1.7.0
...
build(deps): bump mypy from 1.6.1 to 1.7.0
2023-11-21 12:49:20 +01:00
Jussi Kukkonen
8ccaffe0fa
Merge pull request #2511 from theupdateframework/dependabot/github_actions/actions/github-script-7.0.1
...
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
2023-11-20 13:19:15 +02:00
dependabot[bot]
c5153c6f72
build(deps): bump certifi from 2023.7.22 to 2023.11.17
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2023.7.22 to 2023.11.17.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.07.22...2023.11.17 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:33:47 +00:00
dependabot[bot]
4d6a9310ee
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:13:14 +00:00
dependabot[bot]
a4ebaa405d
build(deps): bump urllib3 from 2.0.7 to 2.1.0
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.7 to 2.1.0.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.7...2.1.0 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-14 10:18:41 +00:00
dependabot[bot]
1d60002916
build(deps): bump mypy from 1.6.1 to 1.7.0
...
Bumps [mypy](https://github.com/python/mypy ) from 1.6.1 to 1.7.0.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.6.1...v1.7.0 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-13 10:34:31 +00:00
Jussi Kukkonen
6a682f4df8
Merge pull request #2507 from theupdateframework/dependabot/pip/black-23.11.0
...
build(deps): bump black from 23.10.1 to 23.11.0
2023-11-13 10:50:23 +02:00