dependabot[bot]
7302c5afe6
build(deps): bump black from 23.10.1 to 23.11.0
...
Bumps [black](https://github.com/psf/black ) from 23.10.1 to 23.11.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.10.1...23.11.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-08 10:16:12 +00:00
Jussi Kukkonen
8533ea95ac
Merge pull request #2505 from theupdateframework/dependabot/pip/charset-normalizer-3.3.2
...
build(deps): bump charset-normalizer from 3.3.1 to 3.3.2
2023-11-03 12:36:27 +02:00
dependabot[bot]
d11fc4be7b
build(deps): bump charset-normalizer from 3.3.1 to 3.3.2
...
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer ) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases )
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.1...3.3.2 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-03 10:31:44 +00:00
Lukas Pühringer
61ceb82c46
Merge pull request #2506 from jku/lint-on-oldest-supported-python
...
CI: Run lint on oldest supported Python version
2023-11-03 11:30:15 +01:00
Jussi Kukkonen
33778942a3
CI: Run lint on oldest supported Python version
...
* This was suggested as best practice by a pylint developer
* Seems better than CI randomly breaking when GitHub updates
Python version (and pylint starts applying new rules that we
can't follow because that would break old Python versions)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-11-03 12:00:25 +02:00
Jussi Kukkonen
a73355e168
Merge pull request #2504 from theupdateframework/dependabot/pip/cryptography-41.0.5
...
build(deps): bump cryptography from 41.0.4 to 41.0.5
2023-10-26 11:20:41 +03:00
dependabot[bot]
dba2ebe60e
build(deps): bump cryptography from 41.0.4 to 41.0.5
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.4 to 41.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.4...41.0.5 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 10:32:08 +00:00
Jussi Kukkonen
52e6ee6db0
Merge pull request #2501 from theupdateframework/dependabot/pip/pylint-3.0.2
2023-10-25 09:35:14 +03:00
Jussi Kukkonen
967974fec6
Merge pull request #2500 from theupdateframework/dependabot/pip/charset-normalizer-3.3.1
2023-10-25 09:32:28 +03:00
dependabot[bot]
a37693df9a
build(deps): bump pylint from 3.0.1 to 3.0.2
...
Bumps [pylint](https://github.com/pylint-dev/pylint ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/pylint-dev/pylint/releases )
- [Commits](https://github.com/pylint-dev/pylint/compare/v3.0.1...v3.0.2 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 06:31:55 +00:00
Jussi Kukkonen
dadca463ef
Merge pull request #2502 from theupdateframework/dependabot/pip/black-23.10.1
2023-10-25 09:30:38 +03:00
Jussi Kukkonen
aa0e2b6535
Merge pull request #2503 from theupdateframework/dependabot/github_actions/ossf/scorecard-action-2.3.1
2023-10-25 09:30:02 +03:00
dependabot[bot]
173fc82ef7
build(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902 )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-24 10:50:14 +00:00
dependabot[bot]
ca3e5ec5d8
build(deps): bump black from 23.10.0 to 23.10.1
...
Bumps [black](https://github.com/psf/black ) from 23.10.0 to 23.10.1.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.10.0...23.10.1 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-24 10:22:26 +00:00
dependabot[bot]
ccad78f889
build(deps): bump charset-normalizer from 3.3.0 to 3.3.1
...
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer ) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases )
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.0...3.3.1 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 10:20:59 +00:00
Jussi Kukkonen
fb73521982
Merge pull request #2497 from theupdateframework/dependabot/pip/black-23.10.0
...
build(deps): bump black from 23.9.1 to 23.10.0
2023-10-19 17:53:39 +03:00
dependabot[bot]
39e35e9d1d
build(deps): bump black from 23.9.1 to 23.10.0
...
Bumps [black](https://github.com/psf/black ) from 23.9.1 to 23.10.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.9.1...23.10.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-19 08:06:44 +00:00
Jussi Kukkonen
60770d1346
Merge pull request #2495 from theupdateframework/dependabot/pip/urllib3-2.0.7
...
build(deps): bump urllib3 from 2.0.6 to 2.0.7
2023-10-19 11:06:00 +03:00
Jussi Kukkonen
eda52147d1
Merge pull request #2496 from theupdateframework/dependabot/pip/mypy-1.6.1
...
build(deps): bump mypy from 1.6.0 to 1.6.1
2023-10-19 11:05:01 +03:00
Jussi Kukkonen
d132dd822a
Merge pull request #2498 from theupdateframework/dependabot/github_actions/actions/checkout-4.1.1
...
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
2023-10-19 11:04:27 +03:00
dependabot[bot]
2764851c88
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-18 10:10:55 +00:00
dependabot[bot]
57354a517e
build(deps): bump mypy from 1.6.0 to 1.6.1
...
Bumps [mypy](https://github.com/python/mypy ) from 1.6.0 to 1.6.1.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.6.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-18 10:06:42 +00:00
dependabot[bot]
89bb82271a
build(deps): bump urllib3 from 2.0.6 to 2.0.7
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.6 to 2.0.7.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-18 10:06:37 +00:00
Lukas Pühringer
f04dc716cb
Merge pull request #2492 from lukpueh/release-3.1.0
...
Release python-tuf 3.1.0
2023-10-16 09:15:10 +02:00
Jussi Kukkonen
ed521c0e20
Merge pull request #2490 from theupdateframework/dependabot/pip/mypy-1.6.0
...
build(deps): bump mypy from 1.5.1 to 1.6.0
2023-10-13 14:09:13 +03:00
Lukas Puehringer
c0c21ca52f
Release python-tuf 3.1.0
...
* Update changelog
* Bump version
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-10-13 10:23:07 +02:00
Jussi Kukkonen
6fed68bcce
Merge pull request #2491 from lukpueh/rm-obsolete-fixtures
2023-10-11 16:43:49 +03:00
Lukas Puehringer
438518f68c
tests: remove unused and obsolete test metadata
...
- metadata.staged: related to a removed tutorial and outdated deployment
recommendation
- project: related to the removed developer_tool (#1790 )
- map.json: related to TAP4, which is not supported by python-tuf
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-10-11 15:09:09 +02:00
dependabot[bot]
f8562879a0
build(deps): bump mypy from 1.5.1 to 1.6.0
...
Bumps [mypy](https://github.com/python/mypy ) from 1.5.1 to 1.6.0.
- [Commits](https://github.com/python/mypy/compare/v1.5.1...v1.6.0 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-11 10:03:35 +00:00
Lukas Pühringer
038ecd65dc
Merge pull request #2488 from jku/revert-scorecard-pinning
...
workflows: Partially revert action versions
2023-10-10 09:20:02 +02:00
Jussi Kukkonen
d5c953d575
workflows: Partially revert action versions
...
Commit f0058259 started not pinning hashes for actions that are used in
workflows that have no runtime or build security impact.
The change does not work for scorecard as scorecard does not tag "v2":
so we have to pin it. Luckily scorecard does not do that many releases.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-10-09 18:40:56 +03:00
Jussi Kukkonen
00b67c0a67
Merge pull request #2479 from jku/dont-pin-code-scanner-actions
...
workflows: Stop pinning actions that are not security relevant
2023-10-09 11:03:45 +03:00
Jussi Kukkonen
c7f3f6b5da
Merge pull request #2484 from theupdateframework/dependabot/github_actions/actions/setup-python-4.7.1
...
build(deps): bump actions/setup-python from 4.7.0 to 4.7.1
2023-10-09 11:00:31 +03:00
Jussi Kukkonen
37503f0804
Merge pull request #2482 from theupdateframework/dependabot/pip/coverage-7.3.2
...
build(deps): bump coverage from 7.3.1 to 7.3.2
2023-10-09 10:56:38 +03:00
Jussi Kukkonen
34b7c4bc04
Merge pull request #2486 from theupdateframework/dependabot/pip/pylint-3.0.1
...
build(deps): bump pylint from 2.17.7 to 3.0.1
2023-10-09 10:55:43 +03:00
dependabot[bot]
f26e2b24c9
build(deps): bump pylint from 2.17.7 to 3.0.1
...
Bumps [pylint](https://github.com/pylint-dev/pylint ) from 2.17.7 to 3.0.1.
- [Release notes](https://github.com/pylint-dev/pylint/releases )
- [Commits](https://github.com/pylint-dev/pylint/compare/v2.17.7...v3.0.1 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-06 10:48:03 +00:00
Jussi Kukkonen
4ba5436a50
Merge pull request #2485 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.30.0
...
build(deps): bump securesystemslib[crypto,pynacl] from 0.29.0 to 0.30.0
2023-10-04 13:51:51 +03:00
dependabot[bot]
2e9321e3bd
build(deps): bump securesystemslib[crypto,pynacl] from 0.29.0 to 0.30.0
...
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib ) from 0.29.0 to 0.30.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases )
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md )
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.29.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-04 10:29:02 +00:00
Lukas Pühringer
e24faf213c
Merge pull request #2481 from lukpueh/signing-status
...
Metadata API: add get_verification_result method
2023-10-04 11:40:54 +02:00
dependabot[bot]
cf3445c22f
build(deps): bump actions/setup-python from 4.7.0 to 4.7.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.0 to 4.7.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](61a6322f88...65d7f2d534 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-03 11:01:32 +00:00
dependabot[bot]
b6fc566a6e
build(deps): bump coverage from 7.3.1 to 7.3.2
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 7.3.1 to 7.3.2.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.1...7.3.2 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-03 10:16:45 +00:00
Lukas Puehringer
a55756327b
Metadata API: add get_verification_result method
...
The method returns detailed information about signature verification of
a delegated role metadata.
Its implementation is taken from the verify_delegate method and slightly
updated. verify_delegate now is a thin wrapper on top of
get_verification_result.
fixes #2449
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Co-authored-by: Jussi Kukkonen <jkukkonen@google.com>
2023-10-03 12:05:39 +02:00
Jussi Kukkonen
87f9f9134e
Merge pull request #2480 from theupdateframework/dependabot/pip/requirements/urllib3-2.0.6
...
build(deps): bump urllib3 from 2.0.5 to 2.0.6 in /requirements
2023-10-03 09:55:04 +03:00
dependabot[bot]
2549321b96
build(deps): bump urllib3 from 2.0.5 to 2.0.6 in /requirements
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.5 to 2.0.6.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/v2.0.5...2.0.6 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-03 00:23:50 +00:00
Jussi Kukkonen
1856ff980f
Merge pull request #2476 from theupdateframework/dependabot/pip/cffi-1.16.0
...
build(deps): bump cffi from 1.15.1 to 1.16.0
2023-10-02 14:08:43 +03:00
dependabot[bot]
1ed83c9fe3
build(deps): bump cffi from 1.15.1 to 1.16.0
...
Bumps [cffi](https://github.com/python-cffi/cffi ) from 1.15.1 to 1.16.0.
- [Release notes](https://github.com/python-cffi/cffi/releases )
- [Commits](https://github.com/python-cffi/cffi/compare/v1.15.1...v1.16.0 )
---
updated-dependencies:
- dependency-name: cffi
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 11:01:33 +00:00
Jussi Kukkonen
4a4128190f
Merge pull request #2477 from theupdateframework/dependabot/pip/charset-normalizer-3.3.0
...
build(deps): bump charset-normalizer from 3.2.0 to 3.3.0
2023-10-02 14:00:07 +03:00
Jussi Kukkonen
3c1cf659b6
Merge pull request #2478 from theupdateframework/dependabot/pip/pylint-2.17.7
...
build(deps): bump pylint from 2.17.6 to 2.17.7
2023-10-02 13:59:05 +03:00
dependabot[bot]
e359d21066
build(deps): bump pylint from 2.17.6 to 2.17.7
...
Bumps [pylint](https://github.com/pylint-dev/pylint ) from 2.17.6 to 2.17.7.
- [Release notes](https://github.com/pylint-dev/pylint/releases )
- [Commits](https://github.com/pylint-dev/pylint/compare/v2.17.6...v2.17.7 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 10:47:23 +00:00
dependabot[bot]
0c569eb3ae
build(deps): bump charset-normalizer from 3.2.0 to 3.3.0
...
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases )
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.2.0...3.3.0 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 10:47:08 +00:00