Satvik Vemuganti
363a320932
Merge branch 'develop' of github.com:VickyMerzOwn/python-tuf into develop
2023-08-16 06:15:10 +05:30
Satvik Vemuganti
ad117d9579
enhancement: Adds from_data() method to MetaFile
...
Signed-off-by: Satvik Vemuganti <vemugantisesha@iitbhilai.ac.in>
2023-08-16 06:08:34 +05:30
Jussi Kukkonen
016e16c1a9
Merge pull request #2446 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.8
...
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8
2023-08-15 16:17:49 +03:00
Jussi Kukkonen
5afc4c825f
Merge pull request #2445 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.4
...
build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
2023-08-15 16:17:05 +03:00
dependabot[bot]
69568c52fa
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.7 to 3.0.8.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](7d90b4f05f...f6fff72a32 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-15 10:08:36 +00:00
dependabot[bot]
11c67cc04d
build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.3 to 2.21.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5b6282e01c...a09933a12a )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-15 10:08:34 +00:00
Satvik Vemuganti
8df79be84c
enhancement: Adds from_data() method to MetaFile
...
Signed-off-by: Satvik Vemuganti <vemugantisesha@iitbhilai.ac.in>
2023-08-14 17:58:09 +05:30
Jussi Kukkonen
44632b4866
Merge pull request #2441 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.10
...
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
2023-08-11 14:20:59 +03:00
Jussi Kukkonen
bb8663aced
Merge pull request #2437 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.7
...
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7
2023-08-11 13:50:07 +03:00
dependabot[bot]
7f1b4f372b
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.8 to 1.8.10.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f8c70e705f...b7f401de30 )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-11 10:38:06 +00:00
Jussi Kukkonen
ab2ca04139
Merge pull request #2440 from theupdateframework/dependabot/pip/mypy-1.5.0
...
build(deps): bump mypy from 1.3.0 to 1.5.0
2023-08-11 13:32:15 +03:00
dependabot[bot]
3a03633510
build(deps): bump mypy from 1.3.0 to 1.5.0
...
Bumps [mypy](https://github.com/python/mypy ) from 1.3.0 to 1.5.0.
- [Commits](https://github.com/python/mypy/compare/v1.3.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-11 10:19:02 +00:00
Jussi Kukkonen
d83a391ec3
Merge pull request #2435 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.3
...
build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
2023-08-11 12:34:11 +03:00
dependabot[bot]
52b8c685e0
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](1360a344cc...7d90b4f05f )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-10 10:47:08 +00:00
dependabot[bot]
e11fe641ac
build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.2 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0ba4244466...5b6282e01c )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-09 10:10:30 +00:00
Lukas Pühringer
a6fb0d7ddd
Merge pull request #2434 from theupdateframework/dependabot/pip/cryptography-41.0.3
...
build(deps): bump cryptography from 41.0.2 to 41.0.3
2023-08-03 14:02:58 +02:00
dependabot[bot]
280feaa75c
build(deps): bump cryptography from 41.0.2 to 41.0.3
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.2 to 41.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-02 10:01:59 +00:00
Lukas Puehringer
15dd931609
Metadata API: make new verify_delegate unaware of Metadata
...
Change new _Delegator.verify_delegate to take payload bytes and
signatures instead of a Metadata object and a payload serializer.
This allows using verify_delegate for payloads that do not come in
a Metadata container, but e.g. in a DSSE envelope (see #2385 ).
Usage becomes a bit more cumbersome, but still feels reasonable with the
recently added shortcut for default canonical bytes representation of
Metadata.signed.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-08-01 15:31:59 +02:00
Lukas Puehringer
fc6c91a711
Metadata API: add Metadata.signed_bytes property
...
- Add shortcut to canonical json representation of self.signed
- Use in tests and Metadata.sign
- Do not use in _Delegator.verify_delegate (will be updated in subsequent
commit).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-08-01 15:28:12 +02:00
Jussi Kukkonen
635a2870bd
Metadata API: Bump deprecation version to next likely candidate
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
e51c0beee3
tests: Move lint disable to inside block as intended
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
ca6434b081
Metadata API: Improve docstrings
...
Remove duplicate docstrings: these are already documented in
_DelegatorMixin and sphinx will find them there.
Tweak a few other strings to remove duplication in the sentence.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Metadata API: Improve dosctrings
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
0184edcab1
Metadata API: Annotation syntax tweak
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
2ace345afe
metadata: Rename _Delegator to _DelegatorMixin
...
Make it clearer that this is not part of the main inheritance path.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
a69ddf1f04
ngclient,tests,examples: Use new verify_delegate()
...
Avoid Metadata.verify_delegate() now that it's deprecated.
Note that this commit does not try to make any code cleanups
that are now possible: this is the minimal change to use the new
API.
Future improvements can make code in TrustedMetadataSet and
Updater slightly easier to read: as an example there's no need for
TrustedMetadataSet to actually store or expose actual Metadata in its
cache -- Signed is all that's needed.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
55f6824c24
Move verify_delegate() to Root/Targets
...
This makes logical sense and makes a lot of code using
verify_delegate() a little easier since there is no need to keep a
reference to the containing metadata anymore.
The implementation is in practice in a new class but that's an
implementation detail that allows sharing between Targets and Root.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-08-01 13:08:13 +02:00
Jussi Kukkonen
12d0c3cd1e
Merge pull request #2432 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.2
...
build(deps): bump github/codeql-action from 2.21.1 to 2.21.2
2023-07-31 20:48:20 +03:00
dependabot[bot]
34507c46ae
build(deps): bump github/codeql-action from 2.21.1 to 2.21.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.1 to 2.21.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6ca1aa8c19...0ba4244466 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-31 10:57:23 +00:00
Jussi Kukkonen
9a2c2c59d2
Merge pull request #2430 from theupdateframework/dependabot/pip/pylint-2.17.5
...
build(deps): bump pylint from 2.17.4 to 2.17.5
2023-07-27 13:37:42 +03:00
Jussi Kukkonen
671142087f
Merge pull request #2431 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.1
...
build(deps): bump github/codeql-action from 2.21.0 to 2.21.1
2023-07-27 13:36:44 +03:00
dependabot[bot]
f17c3b13ac
build(deps): bump github/codeql-action from 2.21.0 to 2.21.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.0 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1813ca74c3...6ca1aa8c19 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-27 10:09:15 +00:00
dependabot[bot]
7e3307cf7e
build(deps): bump pylint from 2.17.4 to 2.17.5
...
Bumps [pylint](https://github.com/pylint-dev/pylint ) from 2.17.4 to 2.17.5.
- [Release notes](https://github.com/pylint-dev/pylint/releases )
- [Commits](https://github.com/pylint-dev/pylint/compare/v2.17.4...v2.17.5 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-26 10:10:44 +00:00
Jussi Kukkonen
11801fff88
Merge pull request #2429 from theupdateframework/dependabot/pip/requirements/certifi-2023.7.22
...
build(deps): bump certifi from 2023.5.7 to 2023.7.22 in /requirements
2023-07-26 09:53:03 +03:00
dependabot[bot]
3d8d8e97d5
build(deps): bump certifi from 2023.5.7 to 2023.7.22 in /requirements
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2023.5.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-25 23:04:21 +00:00
Jussi Kukkonen
ea253de53b
Merge pull request #2426 from theupdateframework/dependabot/pip/urllib3-2.0.4
...
build(deps): bump urllib3 from 2.0.3 to 2.0.4
2023-07-24 09:45:02 +03:00
Jussi Kukkonen
2077ee269f
Merge pull request #2427 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.0
...
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
2023-07-24 09:44:22 +03:00
dependabot[bot]
9ae7c20760
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.4 to 2.21.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](489225d82a...1813ca74c3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-20 10:30:25 +00:00
dependabot[bot]
ce43204729
build(deps): bump urllib3 from 2.0.3 to 2.0.4
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.4 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-20 10:21:42 +00:00
Lukas Pühringer
3262767aec
Merge pull request #2423 from theupdateframework/dependabot/github_actions/actions/setup-python-4.7.0
...
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
2023-07-17 14:02:29 +02:00
Lukas Pühringer
9e18fd733d
Merge pull request #2422 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.8
...
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
2023-07-17 13:52:45 +02:00
Lukas Pühringer
1a664344a2
Merge pull request #2419 from theupdateframework/dependabot/pip/charset-normalizer-3.2.0
...
build(deps): bump charset-normalizer from 3.1.0 to 3.2.0
2023-07-17 13:47:27 +02:00
Lukas Pühringer
3ab6214892
Merge pull request #2425 from theupdateframework/dependabot/github_actions/github/codeql-action-2.20.4
...
build(deps): bump github/codeql-action from 2.20.1 to 2.20.4
2023-07-17 13:34:38 +02:00
dependabot[bot]
557f2345bb
build(deps): bump charset-normalizer from 3.1.0 to 3.2.0
...
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases )
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.1.0...3.2.0 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-17 11:12:27 +00:00
Lukas Pühringer
77d810d119
Merge pull request #2421 from theupdateframework/dependabot/pip/cryptography-41.0.2
...
build(deps): bump cryptography from 41.0.1 to 41.0.2
2023-07-17 13:11:30 +02:00
Lukas Pühringer
5be55a8f16
Merge pull request #2420 from theupdateframework/dependabot/pip/black-23.7.0
...
build(deps): bump black from 23.3.0 to 23.7.0
2023-07-17 13:08:03 +02:00
dependabot[bot]
c6c9644a1f
build(deps): bump github/codeql-action from 2.20.1 to 2.20.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.1 to 2.20.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f6e388ebf0...489225d82a )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-17 10:55:18 +00:00
dependabot[bot]
44dbf4bc02
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](bd6b4b6205...61a6322f88 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-14 10:23:57 +00:00
dependabot[bot]
459c865d44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.7 to 1.8.8.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f5622bde02...f8c70e705f )
---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-12 10:49:20 +00:00
dependabot[bot]
6249a37ffd
build(deps): bump cryptography from 41.0.1 to 41.0.2
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.1 to 41.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.1...41.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-11 10:41:31 +00:00
dependabot[bot]
97aa5fc6cd
build(deps): bump black from 23.3.0 to 23.7.0
...
Bumps [black](https://github.com/psf/black ) from 23.3.0 to 23.7.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.3.0...23.7.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-11 10:41:26 +00:00