dependabot[bot]
dfd05630b9
build(deps): bump mypy from 0.971 to 0.982
...
Bumps [mypy](https://github.com/python/mypy ) from 0.971 to 0.982.
- [Release notes](https://github.com/python/mypy/releases )
- [Commits](https://github.com/python/mypy/compare/v0.971...v0.982 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-04 10:34:14 +00:00
Lukas Pühringer
a4d53bedde
Merge pull request #2125 from theupdateframework/dependabot/github_actions/actions/github-script-6.3.1
...
build(deps): bump actions/github-script from 6.2.0 to 6.3.1
2022-10-03 11:48:42 +02:00
dependabot[bot]
903ad61a8e
build(deps): bump actions/github-script from 6.2.0 to 6.3.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.2.0 to 6.3.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](c713e510db...7dff1a8764
2022-10-03 09:39:02 +00:00
Jussi Kukkonen
16b959fcbe
Merge pull request #2123 from theupdateframework/dependabot/pip/coverage-6.5.0
...
build(deps): bump coverage from 6.4.4 to 6.5.0
2022-10-03 10:44:09 +03:00
Jussi Kukkonen
c65cd779b3
Merge pull request #2124 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.26
...
build(deps): bump github/codeql-action from 2.1.25 to 2.1.26
2022-10-03 10:37:10 +03:00
Joshua Lock
4349ff0a8e
Merge pull request #2122 from joshuagl/joshuagl/verify_deep
...
Do a deep comparison of files in verify_release
2022-09-30 16:30:45 +01:00
dependabot[bot]
99b9246db7
build(deps): bump github/codeql-action from 2.1.25 to 2.1.26
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.25 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](86f3159a69...e0e5ded33c
2022-09-30 10:18:27 +00:00
dependabot[bot]
6e1ff0234d
build(deps): bump coverage from 6.4.4 to 6.5.0
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 6.4.4 to 6.5.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/6.4.4...6.5.0 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-30 10:07:55 +00:00
Joshua Lock
4c8e965169
verify_release: do a deep comparison of the files
...
dircmp[1] does a shallow[2] comparison of files, that is only the file
type, size and modification time are compared -- not the file size or
contents. Therefore, switch to using cmp with the shallow option set to
False to perform a full comparison of the local files and retrieved files.
1. https://docs.python.org/3/library/filecmp.html?filecmp.dircmp#filecmp.dircmp
2. https://docs.python.org/3/library/filecmp.html?filecmp.dircmp#filecmp.cmp
Signed-off-by: Joshua Lock <jlock@vmware.com>
2022-09-29 20:47:21 +01:00
Jussi Kukkonen
e9fc0c0e0a
Merge pull request #2119 from MVrachev/bump-spec-version
...
Bump supported spec version to 1.0.31
2022-09-27 10:09:06 +03:00
Jussi Kukkonen
f8ea69b4ca
Merge pull request #2118 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.4.0
...
build(deps): bump actions/dependency-review-action from 2.1.0 to 2.4.0
2022-09-27 10:06:38 +03:00
Jussi Kukkonen
5e13fc8c92
Merge pull request #2117 from theupdateframework/dependabot/pip/certifi-2022.9.24
...
build(deps): bump certifi from 2022.9.14 to 2022.9.24
2022-09-27 10:05:25 +03:00
Martin Vrachev
26e748e0c1
Bump supported spec version to 1.0.31
...
Bump the supported specification version to 1.0.31 and additionally
update the generated test metadata as it has to be up to date with the
latest changes.
The new changes in the specification version 1.0.31 clarify the
requirement for the new root version as compared to the old root version
in step 5.3.5:
https://theupdateframework.github.io/specification/latest/#update-root
We already do what the specification suggests in the new changes, so
no other changes are required.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-09-26 17:56:15 +03:00
dependabot[bot]
e7ab8d56b6
build(deps): bump actions/dependency-review-action from 2.1.0 to 2.4.0
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.1.0 to 2.4.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](23d1ffffb6...375c537008
2022-09-26 10:56:29 +00:00
dependabot[bot]
7fc26cf71d
build(deps): bump certifi from 2022.9.14 to 2022.9.24
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2022.9.14 to 2022.9.24.
- [Release notes](https://github.com/certifi/python-certifi/releases )
- [Commits](https://github.com/certifi/python-certifi/compare/2022.09.14...2022.09.24 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-26 10:16:37 +00:00
Jussi Kukkonen
39b67bcc6e
Merge pull request #2113 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.25
...
build(deps): bump github/codeql-action from 2.1.24 to 2.1.25
2022-09-23 10:28:27 +03:00
dependabot[bot]
849a44d655
build(deps): bump github/codeql-action from 2.1.24 to 2.1.25
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.24 to 2.1.25.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](904260d7d9...86f3159a69
2022-09-22 10:33:20 +00:00
Jussi Kukkonen
367b75f396
Merge pull request #2110 from theupdateframework/dependabot/pip/pylint-2.15.3
...
build(deps): bump pylint from 2.15.2 to 2.15.3
2022-09-20 13:15:09 +03:00
Jussi Kukkonen
210af730f5
Merge pull request #2107 from theupdateframework/dependabot/pip/certifi-2022.9.14
...
build(deps): bump certifi from 2022.6.15.1 to 2022.9.14
2022-09-20 13:14:23 +03:00
dependabot[bot]
d135d26eb0
build(deps): bump pylint from 2.15.2 to 2.15.3
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.2 to 2.15.3.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.2...v2.15.3 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-20 10:07:05 +00:00
dependabot[bot]
20f4327238
build(deps): bump certifi from 2022.6.15.1 to 2022.9.14
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2022.6.15.1 to 2022.9.14.
- [Release notes](https://github.com/certifi/python-certifi/releases )
- [Commits](https://github.com/certifi/python-certifi/compare/2022.06.15.1...2022.09.14 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-19 14:03:22 +00:00
Jussi Kukkonen
ab7e56d1c0
Merge pull request #2106 from theupdateframework/dependabot/pip/idna-3.4
...
build(deps): bump idna from 3.3 to 3.4
2022-09-19 17:02:31 +03:00
Jussi Kukkonen
401204c1b9
Merge pull request #2109 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.24
...
build(deps): bump github/codeql-action from 2.1.22 to 2.1.24
2022-09-19 16:58:56 +03:00
dependabot[bot]
6b89263932
build(deps): bump github/codeql-action from 2.1.22 to 2.1.24
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.22 to 2.1.24.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b398f525a5...904260d7d9
2022-09-19 10:21:33 +00:00
dependabot[bot]
675989c654
build(deps): bump idna from 3.3 to 3.4
...
Bumps [idna](https://github.com/kjd/idna ) from 3.3 to 3.4.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.3...v3.4 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-14 10:23:50 +00:00
Lukas Pühringer
92b61733e5
Merge pull request #2104 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.24.0
...
build(deps): bump securesystemslib[crypto,pynacl] from 0.23.0 to 0.24.0
2022-09-14 12:23:01 +02:00
dependabot[bot]
86192afe6d
build(deps): bump securesystemslib[crypto,pynacl] from 0.23.0 to 0.24.0
...
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib ) from 0.23.0 to 0.24.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases )
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/master/CHANGELOG.md )
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.23.0...v0.24.0 )
---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-14 10:08:59 +00:00
Lukas Pühringer
955a2dd4eb
Merge pull request #2102 from theupdateframework/dependabot/pip/certifi-2022.6.15.1
...
build(deps): bump certifi from 2022.6.15 to 2022.6.15.1
2022-09-13 10:02:35 +02:00
Lukas Pühringer
42e5824fa8
Merge pull request #2103 from theupdateframework/dependabot/github_actions/actions/checkout-3.0.2
...
build(deps): bump actions/checkout from 3.0.0 to 3.0.2
2022-09-13 09:41:26 +02:00
dependabot[bot]
afd47391f4
build(deps): bump actions/checkout from 3.0.0 to 3.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...2541b1294d2704b0964813337f33b291d3f8596b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-09 10:25:06 +00:00
dependabot[bot]
0f48fa8f05
build(deps): bump certifi from 2022.6.15 to 2022.6.15.1
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2022.6.15 to 2022.6.15.1.
- [Release notes](https://github.com/certifi/python-certifi/releases )
- [Commits](https://github.com/certifi/python-certifi/compare/2022.06.15...2022.06.15.1 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-09 10:07:34 +00:00
Lukas Pühringer
f0e08bac6d
Merge pull request #2098 from mnm678/securitymd
...
Add SECURITY.md
2022-09-09 10:06:04 +02:00
Marina Moore
9c099972ed
move security.md to docs folder
...
Signed-off-by: Marina Moore <mnm678@gmail.com>
2022-09-08 15:12:13 -04:00
Marina Moore
693c50b3dd
Apply suggestions from code review
...
Co-authored-by: Joshua Lock <jlock@vmware.com>
Signed-off-by: Marina Moore <mnm678@gmail.com>
2022-09-08 15:10:56 -04:00
Marina Moore
ffa365c8e8
Remove duplicate security text from README and link to SECURITY.md
...
Signed-off-by: Marina Moore <mnm678@gmail.com>
2022-09-08 15:10:56 -04:00
Marina Moore
1f746bd25d
Add SECURITY.md
...
The text here is copied from the README
Signed-off-by: Marina Moore <mnm678@gmail.com>
2022-09-08 15:10:56 -04:00
Lukas Pühringer
60e2b55ec8
Merge pull request #2100 from theupdateframework/dependabot/pip/cryptography-38.0.1
...
build(deps): bump cryptography from 37.0.4 to 38.0.1
2022-09-08 13:07:46 +02:00
Lukas Pühringer
548701c252
Merge pull request #2101 from theupdateframework/dependabot/pip/pylint-2.15.2
...
build(deps): bump pylint from 2.15.0 to 2.15.2
2022-09-08 13:03:20 +02:00
dependabot[bot]
d0cd91d8bd
build(deps): bump pylint from 2.15.0 to 2.15.2
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.0 to 2.15.2.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.0...v2.15.2 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-08 10:08:31 +00:00
dependabot[bot]
b5f670431b
build(deps): bump cryptography from 37.0.4 to 38.0.1
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 37.0.4 to 38.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/37.0.4...38.0.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-08 10:08:23 +00:00
Lukas Pühringer
7fc4558698
Merge pull request #2097 from jku/email-change
...
Update my maintainer email
2022-09-07 09:49:10 +02:00
Jussi Kukkonen
f4c70cc2d3
Update my maintainer email
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-09-05 13:39:22 +03:00
Lukas Pühringer
7a760691c6
Merge pull request #2095 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.22
...
build(deps): bump github/codeql-action from 2.1.21 to 2.1.22
2022-09-02 13:29:07 +02:00
dependabot[bot]
a2cbdd23a1
build(deps): bump github/codeql-action from 2.1.21 to 2.1.22
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.21 to 2.1.22.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c7f292ea4f...b398f525a5
2022-09-02 10:22:03 +00:00
Lukas Pühringer
0cb3547458
Merge pull request #2094 from theupdateframework/dependabot/pip/black-22.8.0
...
build(deps): bump black from 22.6.0 to 22.8.0
2022-09-01 12:21:04 +02:00
dependabot[bot]
5763f8377b
build(deps): bump black from 22.6.0 to 22.8.0
...
Bumps [black](https://github.com/psf/black ) from 22.6.0 to 22.8.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/22.6.0...22.8.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-01 10:08:59 +00:00
Jussi Kukkonen
724450720e
Merge pull request #2092 from lukpueh/fix-spec-version-spec
...
chore: fix error in spec version check workflow
2022-08-31 16:12:39 +03:00
Lukas Puehringer
b83c738373
chore: fix error in spec version check workflow
...
Use `--upgrade` option to upgrade pip with pip in workflow, instead
of non-existing `-u` option (-U would also be possible).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-08-30 14:19:12 +02:00
Jussi Kukkonen
704747536f
Merge pull request #2001 from rdimitrov/dimitrovr/spec-bump-workflow
...
chore: update the workflow responsible for notifying of new TUF spec release
2022-08-30 14:01:54 +03:00
Jussi Kukkonen
3a29fb384a
Merge pull request #2087 from theupdateframework/dependabot/pip/pylint-2.15.0
...
build(deps): bump pylint from 2.14.5 to 2.15.0
2022-08-30 13:50:20 +03:00
