Jussi Kukkonen
dfd2906302
Merge pull request #2546 from theupdateframework/dependabot/pip/build-and-release-dependencies-cdf6c30bf5
...
build(deps): bump the build-and-release-dependencies group with 1 update
2024-01-30 10:15:28 +02:00
Jussi Kukkonen
0de814bf2b
Merge pull request #2548 from theupdateframework/dependabot/pip/dependencies-5a0ba54c73
...
build(deps): bump the dependencies group with 1 update
2024-01-30 10:15:03 +02:00
dependabot[bot]
2016f24643
build(deps): bump the dependencies group with 1 update
...
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography ).
Updates `cryptography` from 41.0.7 to 42.0.1
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.7...42.0.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-29 21:16:26 +00:00
dependabot[bot]
959e5f7ce3
build(deps): bump the build-and-release-dependencies group with 1 update
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.21.0 to 1.21.1
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.21.0...hatchling-v1.21.1 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-29 21:12:47 +00:00
Jussi Kukkonen
aec57af4f8
Merge pull request #2545 from theupdateframework/dependabot/github_actions/action-dependencies-61aaf34304
...
build(deps): bump the action-dependencies group with 2 updates
2024-01-23 10:48:52 +02:00
dependabot[bot]
ef913dc364
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/upload-artifact` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8bhttps://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: action-dependencies
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-22 21:43:32 +00:00
Jussi Kukkonen
bbe2ca84a9
Merge pull request #2543 from theupdateframework/dependabot/github_actions/action-dependencies-515e419fdb
...
build(deps): bump the action-dependencies group with 2 updates
2024-01-16 10:11:14 +02:00
dependabot[bot]
8c70971dea
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/upload-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3ehttps://github.com/actions/download-artifact/releases )
- [Commits](f44cd7b40b...6b208ae046
2024-01-15 21:46:10 +00:00
Lukas Pühringer
69a07373ab
Merge pull request #2541 from lukpueh/fix-verify_release-build
...
build: constrain version in verify_release script
2024-01-12 10:59:32 +01:00
Lukas Puehringer
73cf25efe8
build: constrain version in verify_release script
...
In #2528 we added a workaround in cd.yml, which allows pinning the
build backend version AND having Dependabot autodupates for it.
This workaround also needs to be applied verify_release for reproducible
builds verification.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2024-01-11 16:26:29 +01:00
Jussi Kukkonen
e3dc0953ee
Merge pull request #2540 from theupdateframework/dependabot/pip/test-and-lint-dependencies-263ca8bcb0
...
build(deps): bump the test-and-lint-dependencies group with 1 update
2024-01-02 10:38:47 +02:00
dependabot[bot]
a924f2b886
build(deps): bump the test-and-lint-dependencies group with 1 update
...
Bumps the test-and-lint-dependencies group with 1 update: [coverage](https://github.com/nedbat/coveragepy ).
Updates `coverage` from 7.3.4 to 7.4.0
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.4...7.4.0 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 21:05:46 +00:00
Jussi Kukkonen
3f822a80e5
Merge pull request #2538 from theupdateframework/dependabot/pip/test-and-lint-dependencies-ea336aa95c
...
build(deps): bump the test-and-lint-dependencies group with 3 updates
2023-12-26 11:39:55 +02:00
dependabot[bot]
07f94f2154
build(deps): bump the test-and-lint-dependencies group with 3 updates
...
Bumps the test-and-lint-dependencies group with 3 updates: [coverage](https://github.com/nedbat/coveragepy ), [black](https://github.com/psf/black ) and [mypy](https://github.com/python/mypy ).
Updates `coverage` from 7.3.3 to 7.3.4
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.3...7.3.4 )
Updates `black` from 23.12.0 to 23.12.1
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.12.0...23.12.1 )
Updates `mypy` from 1.7.1 to 1.8.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.7.1...v1.8.0 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-25 21:03:19 +00:00
Jussi Kukkonen
a2a5d71818
Merge pull request #2537 from theupdateframework/dependabot/github_actions/action-dependencies-03d6f0ee26
...
build(deps): bump the action-dependencies group with 1 update
2023-12-20 16:35:53 +02:00
dependabot[bot]
a17f6f7c8d
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](7a1cd3216c...f44cd7b40b
2023-12-19 09:36:42 +00:00
Jussi Kukkonen
f1141f069b
Merge pull request #2536 from jku/add-coverage-to-test-group
...
dependabot: Add coverage to test-and-lint group
2023-12-19 11:35:55 +02:00
Jussi Kukkonen
e878e083ce
Merge pull request #2533 from theupdateframework/dependabot/pip/build-and-release-dependencies-fc7e6ec015
...
build(deps): bump the build-and-release-dependencies group with 1 update
2023-12-19 10:24:20 +02:00
Jussi Kukkonen
65d58b1375
Merge pull request #2535 from theupdateframework/dependabot/pip/dependencies-82d57d2cf0
...
build(deps): bump the dependencies group with 1 update
2023-12-19 10:23:59 +02:00
Jussi Kukkonen
d593a82d6a
dependabot: Add coverage to test-and-lint group
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-19 10:20:30 +02:00
Jussi Kukkonen
5b4e0944d0
Merge pull request #2534 from theupdateframework/dependabot/pip/test-and-lint-dependencies-137aa31706
...
build(deps): bump the test-and-lint-dependencies group with 1 update
2023-12-19 10:15:56 +02:00
Jussi Kukkonen
9ffb7bd038
Merge pull request #2532 from theupdateframework/dependabot/github_actions/action-dependencies-7a33d65384
...
build(deps): bump the action-dependencies group with 3 updates
2023-12-19 10:15:45 +02:00
dependabot[bot]
0e34993d16
build(deps): bump the dependencies group with 1 update
...
Bumps the dependencies group with 1 update: [coverage](https://github.com/nedbat/coveragepy ).
Updates `coverage` from 7.3.2 to 7.3.3
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.2...7.3.3 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:59:12 +00:00
dependabot[bot]
745eff6676
build(deps): bump the test-and-lint-dependencies group with 1 update
...
Bumps the test-and-lint-dependencies group with 1 update: [isort](https://github.com/pycqa/isort ).
Updates `isort` from 5.13.1 to 5.13.2
- [Release notes](https://github.com/pycqa/isort/releases )
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pycqa/isort/compare/5.13.1...5.13.2 )
---
updated-dependencies:
- dependency-name: isort
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:57:54 +00:00
dependabot[bot]
c60dd9bc3a
build(deps): bump the build-and-release-dependencies group with 1 update
...
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch ).
Updates `hatchling` from 1.20.0 to 1.21.0
- [Release notes](https://github.com/pypa/hatch/releases )
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.20.0...hatchling-v1.21.0 )
---
updated-dependencies:
- dependency-name: hatchling
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: build-and-release-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:57:17 +00:00
dependabot[bot]
0ee4bb14d8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ), [actions/download-artifact](https://github.com/actions/download-artifact ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/upload-artifact` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32ehttps://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...7a1cd3216chttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 21:37:32 +00:00
Jussi Kukkonen
9b877d2971
Merge pull request #2531 from theupdateframework/dependabot/pip/test-and-lint-dependencies-ba4aa0f83e
...
build(deps): bump the test-and-lint-dependencies group with 3 updates
2023-12-13 15:50:26 +02:00
dependabot[bot]
bae72af900
build(deps): bump the test-and-lint-dependencies group with 3 updates
...
Bumps the test-and-lint-dependencies group with 3 updates: [black](https://github.com/psf/black ), [isort](https://github.com/pycqa/isort ) and [pylint](https://github.com/pylint-dev/pylint ).
Updates `black` from 23.11.0 to 23.12.0
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/23.11.0...23.12.0 )
Updates `isort` from 5.13.0 to 5.13.1
- [Release notes](https://github.com/pycqa/isort/releases )
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pycqa/isort/compare/5.13.0...5.13.1 )
Updates `pylint` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/pylint-dev/pylint/releases )
- [Commits](https://github.com/pylint-dev/pylint/compare/v3.0.2...v3.0.3 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: test-and-lint-dependencies
- dependency-name: isort
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
- dependency-name: pylint
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: test-and-lint-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-13 13:38:25 +00:00
Jussi Kukkonen
e07b7e443d
Merge pull request #2530 from jku/dependabot-groups
...
Dependabot: Use groups, update weekly
2023-12-13 15:34:46 +02:00
Jussi Kukkonen
fdcfb6a423
dependabot: Add hatchling to build dependencies group
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
2b1d4eb182
Dependabot: Use groups, update weekly
...
All dependencies are now checked weekly and those weekly updates
are grouped into 4 groups:
* critical python build/release deps
* python test and lint deps (only pinned for test repro)
* all other python dependencies
* All github action dependencies
This is not quite the division that was hashed out in #2014 , mostly for
practical reasons:
* GitHub actions are already practically split by pinning strategy so they
don't really need further groups:
* Non-security-relevant actions are pinned by tags
* Other actions are pinned by hash
* The dependency grouping is quite limited
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-12-13 13:56:07 +02:00
Jussi Kukkonen
6c25c353f0
Merge pull request #2528 from lukpueh/upgrade-hatchling
...
build: Upgrade hatchling to 1.20.0
2023-12-13 13:55:54 +02:00
Lukas Puehringer
dd9b5e0da2
build: add workaround to auto-update build system
...
Dependabot does not support `build-system.requires`. To get
reproducibility and auto-updates, we pin the version in a regular
requirements file and use it as constraint during build.
fixes : #2529
upstream issue: dependabot/dependabot-core#8465
h/t @jku
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 12:32:00 +01:00
Lukas Puehringer
7c5f5d2517
build: Upgrade hatchling to 1.20.0
...
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-13 09:49:15 +01:00
Jussi Kukkonen
8fbf0c7d2f
Merge pull request #2514 from theupdateframework/dependabot/pip/idna-3.6
...
build(deps): bump idna from 3.4 to 3.6
2023-12-12 14:57:13 +02:00
Jussi Kukkonen
3419e7d0a0
Merge pull request #2524 from lukpueh/upgrade-hatchling
...
build: Upgrade hatchling to 1.19.1
2023-12-12 14:10:57 +02:00
Lukas Puehringer
00be49b6b5
build: Upgrade hatchling to 1.19.1
...
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-12-12 11:20:09 +01:00
dependabot[bot]
7a2f4e2734
build(deps): bump idna from 3.4 to 3.6
...
Bumps [idna](https://github.com/kjd/idna ) from 3.4 to 3.6.
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.6 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:11:44 +00:00
Jussi Kukkonen
a1a2f2bcbe
Merge pull request #2515 from theupdateframework/dependabot/pip/cryptography-41.0.7
...
build(deps): bump cryptography from 41.0.5 to 41.0.7
2023-12-12 11:11:03 +02:00
Jussi Kukkonen
892b778d47
Merge pull request #2521 from theupdateframework/dependabot/github_actions/actions/setup-python-5.0.0
...
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
2023-12-12 11:10:44 +02:00
Jussi Kukkonen
7183e55b87
Merge pull request #2513 from theupdateframework/dependabot/pip/mypy-1.7.1
...
build(deps): bump mypy from 1.7.0 to 1.7.1
2023-12-12 11:10:08 +02:00
dependabot[bot]
cbbae8ae79
build(deps): bump mypy from 1.7.0 to 1.7.1
...
Bumps [mypy](https://github.com/python/mypy ) from 1.7.0 to 1.7.1.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 09:06:50 +00:00
Jussi Kukkonen
06c68f1f00
Merge pull request #2523 from theupdateframework/dependabot/pip/bandit-1.7.6
...
build(deps): bump bandit from 1.7.5 to 1.7.6
2023-12-12 11:05:52 +02:00
dependabot[bot]
3aa00723e3
build(deps): bump bandit from 1.7.5 to 1.7.6
...
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.7.5 to 1.7.6.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6 )
---
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 08:25:31 +00:00
Jussi Kukkonen
0dc514d821
Merge pull request #2522 from theupdateframework/dependabot/pip/isort-5.13.0
...
build(deps): bump isort from 5.12.0 to 5.13.0
2023-12-12 10:23:04 +02:00
dependabot[bot]
2db6b4ab5a
build(deps): bump isort from 5.12.0 to 5.13.0
...
Bumps [isort](https://github.com/pycqa/isort ) from 5.12.0 to 5.13.0.
- [Release notes](https://github.com/pycqa/isort/releases )
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pycqa/isort/compare/5.12.0...5.13.0 )
---
updated-dependencies:
- dependency-name: isort
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-11 10:39:11 +00:00
dependabot[bot]
9cb3eb582b
build(deps): bump actions/setup-python from 4.7.1 to 5.0.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.7.1 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](65d7f2d534...0a5c615913
2023-12-07 10:56:23 +00:00
Jussi Kukkonen
f711997a08
Merge pull request #2519 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.31.0
...
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
2023-12-04 16:08:19 +01:00
dependabot[bot]
5ac1af75f0
build(deps): bump securesystemslib[crypto,pynacl] from 0.30.0 to 0.31.0
...
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib ) from 0.30.0 to 0.31.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases )
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md )
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.30.0...v0.31.0 )
---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 10:57:44 +00:00
Jussi Kukkonen
06ef16b548
Merge pull request #2516 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.11
...
build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11
2023-12-04 09:54:22 +01:00
