dependabot[bot]
21061fc239
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312https://github.com/actions/download-artifact/releases )
- [Commits](6b208ae046...eaceaf801f
2024-02-12 21:39:13 +00:00
dependabot[bot]
60bb1d6f69
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.2.0 to 4.3.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-29 21:47:11 +00:00
dependabot[bot]
ef913dc364
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/upload-artifact` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8bhttps://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-22 21:43:32 +00:00
dependabot[bot]
8c70971dea
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3ehttps://github.com/actions/download-artifact/releases )
- [Commits](f44cd7b40b...6b208ae046
2024-01-15 21:46:10 +00:00
dependabot[bot]
a17f6f7c8d
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](7a1cd3216c...f44cd7b40b
2023-12-19 09:36:42 +00:00
dependabot[bot]
0ee4bb14d8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ), [actions/download-artifact](https://github.com/actions/download-artifact ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/upload-artifact` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32ehttps://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...7a1cd3216chttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:37:32 +00:00
Lukas Puehringer
dd9b5e0da2
build: add workaround to auto-update build system
...
Dependabot does not support `build-system.requires`. To get
reproducibility and auto-updates, we pin the version in a regular
requirements file and use it as constraint during build.
fixes : #2529
upstream issue: dependabot/dependabot-core#8465
h/t @jku
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 12:32:00 +01:00
dependabot[bot]
9cb3eb582b
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](65d7f2d534...0a5c615913
2023-12-07 10:56:23 +00:00
dependabot[bot]
9704d5bb44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.10 to 1.8.11.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](b7f401de30...2f6f737ca5
2023-12-04 08:04:44 +00:00
E3E
4e1d8a7ad3
enable python 3.12
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2023-12-02 23:28:34 -05:00
dependabot[bot]
4d6a9310ee
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
2023-11-20 10:13:14 +00:00
Jussi Kukkonen
33778942a3
CI: Run lint on oldest supported Python version
...
* This was suggested as best practice by a pylint developer
* Seems better than CI randomly breaking when GitHub updates
Python version (and pylint starts applying new rules that we
can't follow because that would break old Python versions)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-11-03 12:00:25 +02:00
dependabot[bot]
173fc82ef7
build(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902
2023-10-24 10:50:14 +00:00
dependabot[bot]
2764851c88
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-18 10:10:55 +00:00
Jussi Kukkonen
d5c953d575
workflows: Partially revert action versions
...
Commit f0058259
2023-10-09 18:40:56 +03:00
Jussi Kukkonen
00b67c0a67
Merge pull request #2479 from jku/dont-pin-code-scanner-actions
...
workflows: Stop pinning actions that are not security relevant
2023-10-09 11:03:45 +03:00
dependabot[bot]
cf3445c22f
build(deps): bump actions/setup-python from 4.7.0 to 4.7.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.0 to 4.7.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](61a6322f88...65d7f2d534
2023-10-03 11:01:32 +00:00
Jussi Kukkonen
f005825955
workflows: Stop pinning actions that are not security relevant
...
These workflows have no real security relevance (runtime build or test)
in the sense that a compromise in the dependencies could compromise
python-tuf security:
* scorecards
* dependency-review
* codeql-analysis
Stop pinning the actions used in them (except the common actions that
are used everyewhere like actions/checkout: use the same version of
those everywhere). The benefit here is fewer Dependabot PRs: If we had
done this from the start we'd have skipped ~70 PRs by now.
The interesting permissions used in these workflows are
* security-events: write
This can add things onto the "Security" tab in GitHub
* id-token: write
This allows OIDC authentication, but only as this specific workflow
These permissions look completely acceptable to me.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-10-02 13:34:24 +03:00
Lukas Puehringer
9894d735a9
Remove obsolete comments from Python 2.7 times
...
We longer run 2.7 tests (_test.yml) and we no longer need per-version
requirements files (main.txt).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-09-28 11:40:29 +02:00
Lukas Pühringer
ad1bbe65df
Merge pull request #2460 from jku/drop-3.7-support
...
Drop support for Python 3.7
2023-09-28 11:28:13 +02:00
dependabot[bot]
aaea6c29ab
build(deps): bump actions/checkout from 4.0.0 to 4.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-25 10:56:33 +00:00
dependabot[bot]
c672dfb7eb
build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04daf014b5...6a28655e3d
2023-09-19 10:32:26 +00:00
dependabot[bot]
dcf81b8748
build(deps): bump github/codeql-action from 2.21.5 to 2.21.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.5 to 2.21.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](00e563ead9...04daf014b5
2023-09-15 10:30:45 +00:00
dependabot[bot]
325defd06d
build(deps): bump actions/dependency-review-action from 3.0.8 to 3.1.0
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.8 to 3.1.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f6fff72a32...6c5ccdad46
2023-09-08 10:34:37 +00:00
Jussi Kukkonen
c645e186dd
Merge pull request #2455 from theupdateframework/dependabot/github_actions/actions/checkout-4.0.0
...
build(deps): bump actions/checkout from 3.6.0 to 4.0.0
2023-09-07 16:03:17 +03:00
Jussi Kukkonen
e37769e252
Drop support for Python 3.7
...
* Python 3.7 is EOL.
* Our runtime dependencies are still ok with 3.7
* Testing dependencies have started requiring 3.8
Stop supporting and testing Python 3.7.
We could just stop testing Python 3.7 (while claiming to still support
it) but that seems like it'll lead to trouble: we will inevitably use
some 3.8 feature and then won't notice because we don't test 3.7 any
more.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-09-07 15:52:36 +03:00
dependabot[bot]
811bf02fb0
build(deps): bump actions/checkout from 3.6.0 to 4.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...3df4ab11eb
2023-09-07 12:36:36 +00:00
dependabot[bot]
1c0c95f5f8
build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...a8a3f3ad30
2023-09-07 12:36:34 +00:00
sumanth8495
ade02cfb17
Missing version numbers are given, mentioned bugs are resolved.
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-06 19:04:23 +05:30
sumanth8495
1f676a8e34
version numbers are commented respectively
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-06 13:10:40 +05:30
sumanth8495
e3772c7082
workflows: Includes version comments in GH action uses-lines
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-02 18:44:15 +05:30
dependabot[bot]
82c223cafe
build(deps): bump actions/checkout from 3.5.3 to 3.6.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
2023-08-31 09:14:00 +00:00
dependabot[bot]
2e82328f69
build(deps): bump github/codeql-action from 2.21.4 to 2.21.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.4 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a09933a12a...00e563ead9
2023-08-29 10:32:24 +00:00
Jussi Kukkonen
016e16c1a9
Merge pull request #2446 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.8
...
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8
2023-08-15 16:17:49 +03:00
dependabot[bot]
69568c52fa
build(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.7 to 3.0.8.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](7d90b4f05f...f6fff72a32
2023-08-15 10:08:36 +00:00
dependabot[bot]
11c67cc04d
build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.3 to 2.21.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5b6282e01c...a09933a12a
2023-08-15 10:08:34 +00:00
Jussi Kukkonen
44632b4866
Merge pull request #2441 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.10
...
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
2023-08-11 14:20:59 +03:00
Jussi Kukkonen
bb8663aced
Merge pull request #2437 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.7
...
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7
2023-08-11 13:50:07 +03:00
dependabot[bot]
7f1b4f372b
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.8 to 1.8.10.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f8c70e705f...b7f401de30
2023-08-11 10:38:06 +00:00
dependabot[bot]
52b8c685e0
build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](1360a344cc...7d90b4f05f
2023-08-10 10:47:08 +00:00
dependabot[bot]
e11fe641ac
build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.2 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0ba4244466...5b6282e01c
2023-08-09 10:10:30 +00:00
dependabot[bot]
34507c46ae
build(deps): bump github/codeql-action from 2.21.1 to 2.21.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.1 to 2.21.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6ca1aa8c19...0ba4244466
2023-07-31 10:57:23 +00:00
dependabot[bot]
f17c3b13ac
build(deps): bump github/codeql-action from 2.21.0 to 2.21.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.0 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1813ca74c3...6ca1aa8c19
2023-07-27 10:09:15 +00:00
dependabot[bot]
9ae7c20760
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.4 to 2.21.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](489225d82a...1813ca74c3
2023-07-20 10:30:25 +00:00
Lukas Pühringer
3262767aec
Merge pull request #2423 from theupdateframework/dependabot/github_actions/actions/setup-python-4.7.0
...
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
2023-07-17 14:02:29 +02:00
Lukas Pühringer
9e18fd733d
Merge pull request #2422 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.8
...
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
2023-07-17 13:52:45 +02:00
dependabot[bot]
c6c9644a1f
build(deps): bump github/codeql-action from 2.20.1 to 2.20.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.1 to 2.20.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f6e388ebf0...489225d82a
2023-07-17 10:55:18 +00:00
dependabot[bot]
44dbf4bc02
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](bd6b4b6205...61a6322f88
2023-07-14 10:23:57 +00:00
dependabot[bot]
459c865d44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.7 to 1.8.8.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f5622bde02...f8c70e705f
2023-07-12 10:49:20 +00:00
dependabot[bot]
9a90005c08
build(deps): bump pypa/gh-action-pypi-publish from 1.8.6 to 1.8.7
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.6 to 1.8.7.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](a56da0b891...f5622bde02
2023-06-27 10:58:39 +00:00
