python-tuf

mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00

Author	SHA1	Message	Date
Lukas Pühringer	de802b79cc	Merge pull request #2227 from theupdateframework/dependabot/github_actions/ossf/scorecard-action-2.1.0 build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.0	2022-12-16 10:15:28 +01:00
dependabot[bot]	ca67ed9f62	build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.0 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`99c53751e0...937ffa90d7`) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-15 10:04:26 +00:00
Lukas Pühringer	92afaaf50d	Merge pull request #2224 from theupdateframework/dependabot/pip/isort-5.11.2 build(deps): bump isort from 5.11.1 to 5.11.2	2022-12-14 11:15:15 +01:00
dependabot[bot]	09a4cc52fc	build(deps): bump isort from 5.11.1 to 5.11.2 Bumps [isort](https://github.com/pycqa/isort) from 5.11.1 to 5.11.2. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.11.1...5.11.2) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-14 10:02:10 +00:00
Lukas Pühringer	7291411ad9	Merge pull request #2222 from theupdateframework/dependabot/pip/isort-5.11.1 build(deps): bump isort from 5.10.1 to 5.11.1	2022-12-13 12:14:43 +01:00
Lukas Pühringer	9ccd4f8767	Merge pull request #2223 from theupdateframework/dependabot/github_actions/actions/checkout-3.2.0 build(deps): bump actions/checkout from 3.1.0 to 3.2.0	2022-12-13 12:11:40 +01:00
dependabot[bot]	98991d8f50	build(deps): bump actions/checkout from 3.1.0 to 3.2.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`93ea575cb5...755da8c3cf`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-13 10:04:50 +00:00
dependabot[bot]	8103632f76	build(deps): bump isort from 5.10.1 to 5.11.1 Bumps [isort](https://github.com/pycqa/isort) from 5.10.1 to 5.11.1. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.10.1...5.11.1) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-13 10:02:19 +00:00
Jussi Kukkonen	f2aa30a0a7	Merge pull request #2219 from theupdateframework/dependabot/pip/black-22.12.0 build(deps): bump black from 22.10.0 to 22.12.0	2022-12-13 09:38:58 +02:00
Jussi Kukkonen	32fec997fc	Merge pull request #2221 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.36 build(deps): bump github/codeql-action from 2.1.35 to 2.1.36	2022-12-12 14:54:44 +02:00
dependabot[bot]	9fd45d923d	build(deps): bump github/codeql-action from 2.1.35 to 2.1.36 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.36. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`b2a92eb56d...a669cc5936`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-12 10:07:12 +00:00
dependabot[bot]	ba7d79543a	build(deps): bump black from 22.10.0 to 22.12.0 Bumps [black](https://github.com/psf/black) from 22.10.0 to 22.12.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.10.0...22.12.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-12 10:02:39 +00:00
Jussi Kukkonen	bdf164e53f	Merge pull request #2214 from theupdateframework/dependabot/github_actions/actions/setup-python-4.3.1 build(deps): bump actions/setup-python from 4.3.0 to 4.3.1	2022-12-11 20:13:31 +02:00
dependabot[bot]	205769d9bf	build(deps): bump actions/setup-python from 4.3.0 to 4.3.1 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](`13ae5bb136...2c3dd9e7e2`) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-09 17:50:35 +00:00
Jussi Kukkonen	9548a4ca1d	Merge pull request #2213 from theupdateframework/dependabot/pip/certifi-2022.12.7 build(deps): bump certifi from 2022.9.24 to 2022.12.7	2022-12-09 19:42:08 +02:00
dependabot[bot]	a968504496	build(deps): bump certifi from 2022.9.24 to 2022.12.7 Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.9.24 to 2022.12.7. - [Release notes](https://github.com/certifi/python-certifi/releases) - [Commits](https://github.com/certifi/python-certifi/compare/2022.09.24...2022.12.07) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-09 17:38:12 +00:00
Jussi Kukkonen	a1a53ee507	Merge pull request #2217 from jku/deps-pinning-changes build: Change build dependency pinning strategy	2022-12-09 19:35:50 +02:00
Jussi Kukkonen	b6c3b66ca6	build: Change build dependency pinning strategy * don't autoupgrade pip: let's consider pip to be part of platform? * pin build and tox in new requirements-build.txt: this mostly prevents tox from going to 4.x before we're ready * use requirements-build.txt as constraint when installing tox or build during CI & CD * use requirements-build.txt in requiremenets-dev.txt Note that coveralls is not pinned, not sure if it should be. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-09 18:10:03 +02:00
Lukas Pühringer	5cfde61c36	Merge pull request #2211 from jku/metafile-default-version Metadata API: set default version for MetaFile()	2022-12-07 17:43:01 +01:00
Jussi Kukkonen	9f2eb86d33	Merge pull request #2210 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.6.4 build(deps): bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4	2022-12-07 15:31:09 +02:00
Jussi Kukkonen	87502b0f38	Metadata API: set default version for MetaFile() This makes sense to me: if you create a new MetaFile, logically it is version 1). This does not change serialization in any way. Practical code becomes slightly nicer as metafiles = defaultdict(MetaFile) now works without lambdas. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-07 15:07:19 +02:00
dependabot[bot]	7f1ddebb71	build(deps): bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4 Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.6.1 to 1.6.4. - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](`5d1679fa6b...c7f29f7ade`) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-07 10:04:26 +00:00
Jussi Kukkonen	45271efe3b	Merge pull request #2208 from MVrachev/add-docstring Updater: add missing config docstring	2022-12-06 19:27:03 +02:00
Jussi Kukkonen	8c0dc4e447	Merge pull request #2205 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.6.1 build(deps): bump pypa/gh-action-pypi-publish from 1.5.1 to 1.6.1	2022-12-06 19:22:19 +02:00
Jussi Kukkonen	2eb9e63404	Merge pull request #2207 from theupdateframework/dependabot/pip/pylint-2.15.8 build(deps): bump pylint from 2.15.7 to 2.15.8	2022-12-06 19:17:57 +02:00
Martin Vrachev	c8d79a323c	Updater: add missing config docstring Signed-off-by: Martin Vrachev <mvrachev@vmware.com>	2022-12-06 17:50:13 +02:00
dependabot[bot]	e1d8d2aaec	build(deps): bump pylint from 2.15.7 to 2.15.8 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.7 to 2.15.8. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.7...v2.15.8) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-06 10:02:13 +00:00
dependabot[bot]	63c384d9d7	build(deps): bump pypa/gh-action-pypi-publish from 1.5.1 to 1.6.1 Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.5.1 to 1.6.1. - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](`37f50c210e...5d1679fa6b`) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-05 10:08:50 +00:00
Jussi Kukkonen	7c756efe00	Merge pull request #2204 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.35 build(deps): bump github/codeql-action from 2.1.33 to 2.1.35	2022-12-03 19:48:21 +02:00
dependabot[bot]	07940a1f92	build(deps): bump github/codeql-action from 2.1.33 to 2.1.35 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.33 to 2.1.35. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.1.33...b2a92eb56d8cb930006a1c6ed86b0782dd8a4297) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-02 10:04:16 +00:00
Jussi Kukkonen	2a02c8ba76	Merge pull request #2201 from gkum99/develop fixes #1568 Include python-tuf version in documentation	2022-11-30 20:06:17 +02:00
Lukas Pühringer	793ba82aea	Merge pull request #2200 from theupdateframework/dependabot/pip/pylint-2.15.7 build(deps): bump pylint from 2.15.6 to 2.15.7	2022-11-30 15:27:52 +01:00
gkum99	791879d6a6	fixes #1568 Include python-tuf version in documentation Signed-off-by: gkum99 <h20220014@goa.bits-pilani.ac.in>	2022-11-30 19:17:28 +05:30
dependabot[bot]	2357fc1d70	build(deps): bump pylint from 2.15.6 to 2.15.7 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.6 to 2.15.7. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.6...v2.15.7) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-11-30 10:03:39 +00:00
Lukas Pühringer	368dadfd1b	Merge pull request #2198 from theupdateframework/dependabot/pip/cryptography-38.0.4 build(deps): bump cryptography from 38.0.3 to 38.0.4	2022-11-29 10:34:37 +01:00
dependabot[bot]	d079b5b144	build(deps): bump cryptography from 38.0.3 to 38.0.4 Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.3 to 38.0.4. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/38.0.3...38.0.4) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-11-28 10:02:55 +00:00
Jussi Kukkonen	56dbe67ebc	Merge pull request #2192 from theupdateframework/dependabot/pip/urllib3-1.26.13 build(deps): bump urllib3 from 1.26.12 to 1.26.13	2022-11-28 11:23:11 +02:00
Jussi Kukkonen	6ce8bb824f	Merge pull request #2194 from ameypd/develop Fixes #1862, added way to see full stack trace on error situations	2022-11-25 16:25:26 +02:00
ameypd	fc0d53aae2	Fixes #1862 , added way to see full stack trace on error situations Signed-off-by: ameypd <h20220013@goa.bits-pilani.ac.in>	2022-11-25 19:41:49 +05:30
dependabot[bot]	d11a469e33	build(deps): bump urllib3 from 1.26.12 to 1.26.13 Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.12 to 1.26.13. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/1.26.13/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.12...1.26.13) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-11-24 10:01:46 +00:00
Jussi Kukkonen	fcf6cf679f	Merge pull request #2190 from jku/scorecards workflows: Add Scorecards workflow	2022-11-22 18:23:53 +02:00
Jussi Kukkonen	f29d8471c8	workflows: Add Scorecards workflow This is a modifed version of the workflow from the project itself: * Not using personal access tokens because I believe they are a security issue (this means Branch-Protection check will be incorrect) * Not uploading results to actions cache: Maybe there's a point but I don't see it as the SARIF files are not very human readable This should give us some code scanning alerts in the security tab on Github. This is not really what I'm interested in though so I've enabled the upload to https://api.securityscorecards.dev/. The results json on there is not exactly readable but it is good enough to check what the current results are -- and deps.dev should use those results after some delay I believe. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-11-22 18:15:56 +02:00
Lukas Pühringer	650796ee8d	Merge pull request #2182 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.0.1 build(deps): bump actions/dependency-review-action from 3.0.0 to 3.0.1	2022-11-21 12:10:14 +01:00
Lukas Pühringer	802fb98ff6	Merge pull request #2188 from jku/enable-urllib-annotations pyproject: Stop disabling urllib3 import checks in mypy	2022-11-21 11:55:08 +01:00
Lukas Pühringer	81021149eb	Merge pull request #2189 from theupdateframework/dependabot/pip/pylint-2.15.6 build(deps): bump pylint from 2.15.5 to 2.15.6	2022-11-21 11:53:08 +01:00
dependabot[bot]	a93182dfa0	build(deps): bump pylint from 2.15.5 to 2.15.6 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.5 to 2.15.6. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.5...v2.15.6) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-11-21 10:07:07 +00:00
Jussi Kukkonen	49488530cb	pyproject: Stop disabling urllib3 import checks in mypy Double reasoning for this one: * urllib3 now does have annotations * since we don't import requests annotations (to avoid depending on typeshed) urllib3 annotations are never needed: we don't use urllib3 directly Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-11-21 11:59:36 +02:00
Jussi Kukkonen	6856854f74	Merge pull request #2176 from theupdateframework/dependabot/pip/mypy-0.991 build(deps): bump mypy from 0.982 to 0.991	2022-11-21 10:39:06 +02:00
dependabot[bot]	b6133cc7bb	build(deps): bump mypy from 0.982 to 0.991 Bumps [mypy](https://github.com/python/mypy) from 0.982 to 0.991. - [Release notes](https://github.com/python/mypy/releases) - [Commits](https://github.com/python/mypy/compare/v0.982...v0.991) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-11-21 08:34:44 +00:00
Jussi Kukkonen	077602e3bb	Merge pull request #2187 from rogdex24/develop verify_release: PEP 484 compliant annotations - Issue #2171	2022-11-21 10:32:25 +02:00

1 2 3 4 5 ...

5444 commits