Jussi Kukkonen
dbaf325390
Merge pull request #2622 from theupdateframework/dependabot/github_actions/action-dependencies-e8df6e148d
...
build(deps): bump actions/checkout from 4.1.4 to 4.1.5 in the action-dependencies group
2024-05-07 11:36:01 +03:00
Jussi Kukkonen
eb97939e94
Merge pull request #2623 from theupdateframework/dependabot/pip/dependencies-8be74a356d
...
build(deps): bump cryptography from 42.0.5 to 42.0.7 in the dependencies group
2024-05-07 11:31:42 +03:00
dependabot[bot]
baea7fa1bd
build(deps): bump cryptography in the dependencies group
...
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography ).
Updates `cryptography` from 42.0.5 to 42.0.7
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/42.0.5...42.0.7 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-06 21:57:16 +00:00
dependabot[bot]
dd9bf7410a
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-06 21:50:18 +00:00
Lukas Pühringer
4a26a0c49c
Merge pull request #2617 from jku/sslib-main
...
WIP: Update to new securesystemslib API
2024-05-03 11:23:06 +02:00
Lukas Puehringer
3e549793e4
Remove SSlibSigner mention in docstring
...
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2024-05-03 11:18:27 +02:00
Jussi Kukkonen
a7b832b88f
Use securesystemslib 1.0.0
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-05-02 14:05:41 +03:00
Lukas Pühringer
878829bde6
Merge pull request #2621 from theupdateframework/dependabot/github_actions/action-dependencies-434113e9b9
...
build(deps): bump the action-dependencies group with 2 updates
2024-04-30 09:15:35 +02:00
dependabot[bot]
8607c56000
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fada )
Updates `actions/download-artifact` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9c19ed7fe5...65a9edc588 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-29 21:42:06 +00:00
Jussi Kukkonen
3d1b16cdfa
examples: Use Cryptosigner.private_bytes
...
private_bytes was just added to CryptoSigner, use it.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 14:44:18 +03:00
Jussi Kukkonen
38f309bbbf
WIP: Update to new securesystemslib API
...
* API changes covered:
* keys and interface modules removed
* SSlibSigner removed
* CryptoSigner added: this replaces the removed functionality
* DSSE "signatures" container type changed
* Currently pins a securesystemslib main branch commit:
this shoudl be reverted before merging, when securesystemslib
has made a release
* tests/generated_data/generate_md.py was simplified
* Encrypted test keys in tests/repository_data/keystore were replaced
with the unencrypted PEM versions of the same keys
* The public test keys in tests/repository_data/keystore were removed
as they were not used anymore
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 14:27:54 +03:00
Lukas Pühringer
970ddf9df0
Merge pull request #2602 from jku/awk-magic-changelog
...
workflows: Add awk magic to GH changelog generation
2024-04-25 10:22:10 +02:00
Jussi Kukkonen
f50693c625
workflows: Add awk magic to GH changelog generation
...
* Create a changelog file with awk
* Add both "dist" and "changelog" to artifact
* This changes the artifact handling: Now the dist
directory is inside the artifact (instead of the contents
of the directory being in the directory): this means the
default path now works for `download-artifact`
* Dump changelog into the release body
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 10:40:47 +03:00
Lukas Pühringer
411505d4b7
Merge pull request #2619 from jku/only-test-old-python-on-linux
...
workflows: Only test old Pythons on linux
2024-04-25 09:28:25 +02:00
Jussi Kukkonen
5f854b6440
workflows: Only test old Pythons on linux
...
* This fixes current CI (new mac runners do not have old pythons)
* This is also sensible: running the complete matrix seems wasteful
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-24 20:57:49 +03:00
Jussi Kukkonen
ffc1c3f41f
Merge pull request #2614 from theupdateframework/dependabot/github_actions/action-dependencies-fbc4b1338b
...
build(deps): bump the action-dependencies group with 3 updates
2024-04-23 10:59:17 +03:00
Jussi Kukkonen
8cfb484a23
Merge pull request #2615 from theupdateframework/dependabot/pip/build-and-release-dependencies-cdb6e24264
...
build(deps): bump hatchling from 1.23.0 to 1.24.2 in the build-and-release-dependencies group
2024-04-23 10:58:22 +03:00
Jussi Kukkonen
c12c4300e2
Merge pull request #2616 from theupdateframework/dependabot/pip/test-and-lint-dependencies-79885ab03b
...
build(deps): bump ruff from 0.3.7 to 0.4.1 in the test-and-lint-dependencies group
2024-04-23 10:57:55 +03:00
dependabot[bot]
46e9ccae99
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.3.7 to 0.4.1
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.7...v0.4.1 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-22 21:46:15 +00:00
dependabot[bot]
3a2c7b413a
build(deps): bump hatchling in the build-and-release-dependencies group
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.23.0 to 1.24.2
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.23.0...hatchling-v1.24.2 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-22 21:44:58 +00:00
dependabot[bot]
0e5833afb8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1 )
Updates `actions/upload-artifact` from 4.3.1 to 4.3.3
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fd )
Updates `actions/download-artifact` from 4.1.4 to 4.1.6
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](c850b930e6...9c19ed7fe5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-22 21:40:01 +00:00
Jussi Kukkonen
f165c76fc2
Merge pull request #2613 from NicholasTanz/enableRulesets
...
Enable rulesets (BLE and RUF)
2024-04-22 16:19:55 +03:00
Jussi Kukkonen
9db9277849
Merge pull request #2610 from jku/simplify-tests
...
workflows: Simplify testing
2024-04-22 15:09:44 +03:00
Jussi Kukkonen
74882c52ec
Merge pull request #2612 from jku/support-app-user-agent
...
Support app-specific user-agents
2024-04-22 15:08:08 +03:00
Jussi Kukkonen
fb581453ab
tests: Add a test for custom application user agent
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-22 14:54:43 +03:00
E3E
52601e2bd8
add RUF and BLE rulesets; ignore some broad exceptions (BLE001) and RUF012
...
Signed-off-by: E3E <ntanzill@purdue.edu>
2024-04-21 01:37:40 -04:00
Jussi Kukkonen
fe2068697c
Support app-specific user-agents
...
* application user-agent can be set with UpdaterConfig object
* Setting will affect the default fetcher only
* the application user-agent will be prefixed to the ngclient
default user-agent
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-19 17:55:29 +03:00
Jussi Kukkonen
7d57ab65d2
workflows: Simplify testing
...
* Don't try to handle sslib main test within the matrix
* Put it in a separate workflow
* Include the new workflow in CI but not in CD
* Bonus: Make cache-dependency-path more complete
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-16 10:32:08 +03:00
Jussi Kukkonen
c6256875f0
Merge pull request #2608 from theupdateframework/dependabot/pip/test-and-lint-dependencies-b976d329b1
...
build(deps): bump ruff from 0.3.5 to 0.3.7 in the test-and-lint-dependencies group
2024-04-16 09:29:08 +03:00
Jussi Kukkonen
67e00ce176
Merge pull request #2609 from theupdateframework/dependabot/pip/dependencies-a98e789dc2
...
build(deps): bump idna from 3.6 to 3.7 in the dependencies group
2024-04-16 09:28:07 +03:00
Jussi Kukkonen
22a6ce578f
Merge pull request #2607 from theupdateframework/dependabot/pip/build-and-release-dependencies-6c3538640a
...
build(deps): bump hatchling from 1.22.4 to 1.23.0 in the build-and-release-dependencies group
2024-04-16 09:26:15 +03:00
dependabot[bot]
c4404776e9
build(deps): bump idna from 3.6 to 3.7 in the dependencies group
...
Bumps the dependencies group with 1 update: [idna](https://github.com/kjd/idna ).
Updates `idna` from 3.6 to 3.7
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:21:22 +00:00
dependabot[bot]
0321caae3d
build(deps): bump ruff in the test-and-lint-dependencies group
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.3.5 to 0.3.7
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.5...v0.3.7 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:20:07 +00:00
dependabot[bot]
c248dd9fbe
build(deps): bump hatchling in the build-and-release-dependencies group
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.22.4 to 1.23.0
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.22.4...hatchling-v1.23.0 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:19:42 +00:00
Lukas Pühringer
f1f1ed3bc7
Merge pull request #2606 from jku/drop-persist-temp-file
...
Metadata API: Stop using a deprecated method
2024-04-15 15:51:52 +02:00
Jussi Kukkonen
3605eaf2fb
Metadata API: Stop using a deprecated method
...
persist_temp_file() is deprecated, and seemingly not very useful.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-12 22:41:12 +03:00
Jussi Kukkonen
2d6fc743a4
Merge pull request #2601 from jku/release-v4
...
Release v4.0.0
2024-04-04 11:27:12 +03:00
Jussi Kukkonen
928702a8ac
Release v4.0.0
...
This is a major bump only because of Metadata API, ngclient is
compatible with 3.x.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-04 10:25:18 +03:00
Lukas Pühringer
892c789374
Merge pull request #2600 from lukpueh/set-max-sslib-version
...
Constrain securesystemslib dependency to <0.32.0
2024-04-03 18:42:38 +02:00
Lukas Puehringer
bc3ebd8e1e
Constrain securesystemslib dependency to <0.32.0
...
There are several breaking changes coming up in securesystemslib on its
way to 1.0.
To not disrupt tuf users this patch constrains securesystemslib to not
update the current minor version..
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2024-04-03 17:46:57 +02:00
Jussi Kukkonen
5947bd0155
Merge pull request #2594 from theupdateframework/dependabot/pip/build-and-release-dependencies-0bd4b864f7
...
build(deps): bump the build-and-release-dependencies group with 2 updates
2024-04-02 12:01:15 +03:00
Jussi Kukkonen
afa46195d3
Merge pull request #2596 from theupdateframework/dependabot/github_actions/action-dependencies-77fe302159
...
build(deps): bump the action-dependencies group with 2 updates
2024-04-02 11:44:18 +03:00
Jussi Kukkonen
7c5cae36cb
Merge pull request #2595 from theupdateframework/dependabot/pip/test-and-lint-dependencies-87f5007267
...
build(deps): bump the test-and-lint-dependencies group with 1 update
2024-04-02 11:43:44 +03:00
Jussi Kukkonen
ad2c98aeec
Merge pull request #2593 from theupdateframework/dependabot/pip/dependencies-f63015d7f8
...
build(deps): bump the dependencies group with 1 update
2024-04-02 11:42:38 +03:00
dependabot[bot]
6cd2d22ad2
build(deps): bump the dependencies group with 1 update
...
Bumps the dependencies group with 1 update: [pycparser](https://github.com/eliben/pycparser ).
Updates `pycparser` from 2.21 to 2.22
- [Release notes](https://github.com/eliben/pycparser/releases )
- [Changelog](https://github.com/eliben/pycparser/blob/main/CHANGES )
- [Commits](https://github.com/eliben/pycparser/compare/release_v2.21...release_v2.22 )
---
updated-dependencies:
- dependency-name: pycparser
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:09:47 +00:00
dependabot[bot]
9f4906bbd1
build(deps): bump the test-and-lint-dependencies group with 1 update
...
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff ).
Updates `ruff` from 0.3.3 to 0.3.5
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.3...v0.3.5 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:08:30 +00:00
Jussi Kukkonen
26e6a956f8
Merge pull request #2592 from jku/even-more-rulesets
...
lint: Enable more ruff rulesets
2024-04-02 11:06:08 +03:00
Jussi Kukkonen
009e1ddbf4
lint: Enable more ruff ulesets
...
Minor fixes were needed, the only possibly interesting one is
the one in RequestsFetcher (use "yield from").
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-02 11:02:48 +03:00
dependabot[bot]
38aeadfe1a
build(deps): bump the build-and-release-dependencies group with 2 updates
...
Bumps the build-and-release-dependencies group with 2 updates: [build](https://github.com/pypa/build ) and [hatchling](https://github.com/pypa/hatch ).
Updates `build` from 1.1.1 to 1.2.1
- [Release notes](https://github.com/pypa/build/releases )
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/build/compare/1.1.1...1.2.1 )
Updates `hatchling` from 1.22.2 to 1.22.4
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.22.2...hatchling-v1.22.4 )
---
updated-dependencies:
- dependency-name: build
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:02:39 +00:00
dependabot[bot]
feaaeab865
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3 )
Updates `actions/setup-python` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](0a5c615913...82c7e631bb )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:02:13 +00:00