Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
5874 commits 28 branches 35 tags 23 MiB
Commit graph

5874 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
e359d21066
build(deps): bump pylint from 2.17.6 to 2.17.7 
Bumps [pylint](https://github.com/pylint-dev/pylint) from 2.17.6 to 2.17.7.
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](https://github.com/pylint-dev/pylint/compare/v2.17.6...v2.17.7)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-02 10:47:23 +00:00
Jussi Kukkonen
ba1f322559
Merge pull request #2474 from lukpueh/rm-obsolete-comments 
Remove obsolete comments from Python 2.7 times
 2023-09-28 13:36:27 +03:00
Lukas Pühringer
1d8b57ba71
Merge pull request #2458 from theupdateframework/dependabot/pip/coverage-7.3.1 
build(deps): bump coverage from 7.2.7 to 7.3.1
 2023-09-28 11:43:38 +02:00
Lukas Puehringer
9894d735a9 Remove obsolete comments from Python 2.7 times 
We longer run 2.7 tests (_test.yml) and we no longer need per-version
requirements files (main.txt).

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2023-09-28 11:40:29 +02:00
dependabot[bot]
81487170f3
build(deps): bump coverage from 7.2.7 to 7.3.1 
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.7 to 7.3.1.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.7...7.3.1)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-28 09:29:42 +00:00
Lukas Pühringer
ad1bbe65df
Merge pull request #2460 from jku/drop-3.7-support 
Drop support for Python 3.7
 2023-09-28 11:28:13 +02:00
Jussi Kukkonen
74f2cfe54b
Merge pull request #2470 from theupdateframework/dependabot/pip/pylint-2.17.6 
build(deps): bump pylint from 2.17.5 to 2.17.6
 2023-09-26 13:55:57 +03:00
dependabot[bot]
65efc693c3
build(deps): bump pylint from 2.17.5 to 2.17.6 
Bumps [pylint](https://github.com/pylint-dev/pylint) from 2.17.5 to 2.17.6.
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](https://github.com/pylint-dev/pylint/compare/v2.17.5...v2.17.6)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-26 10:49:01 +00:00
Jussi Kukkonen
b7c956cd01
Merge pull request #2469 from theupdateframework/dependabot/github_actions/actions/checkout-4.1.0 
build(deps): bump actions/checkout from 4.0.0 to 4.1.0
 2023-09-26 12:00:53 +03:00
dependabot[bot]
aaea6c29ab
build(deps): bump actions/checkout from 4.0.0 to 4.1.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](3df4ab11eb...8ade135a41)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-25 10:56:33 +00:00
Jussi Kukkonen
cf7489491d
Merge pull request #2465 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.8 
build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
 2023-09-25 13:50:06 +03:00
Jussi Kukkonen
457f046afa
Merge pull request #2467 from theupdateframework/dependabot/pip/urllib3-2.0.5 
build(deps): bump urllib3 from 2.0.4 to 2.0.5
 2023-09-25 13:49:31 +03:00
Jussi Kukkonen
bd4470b911
Merge pull request #2466 from theupdateframework/dependabot/pip/cryptography-41.0.4 
build(deps): bump cryptography from 41.0.3 to 41.0.4
 2023-09-25 13:48:32 +03:00
dependabot[bot]
f3e7461d2f
build(deps): bump urllib3 from 2.0.4 to 2.0.5 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.4...v2.0.5)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-20 10:11:08 +00:00
dependabot[bot]
2213107bb5
build(deps): bump cryptography from 41.0.3 to 41.0.4 
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3 to 41.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.4)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-20 10:11:02 +00:00
dependabot[bot]
c672dfb7eb
build(deps): bump github/codeql-action from 2.21.7 to 2.21.8 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](04daf014b5...6a28655e3d)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-19 10:32:26 +00:00
Jussi Kukkonen
c78d3bc182
Merge pull request #2464 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.7 
build(deps): bump github/codeql-action from 2.21.5 to 2.21.7
 2023-09-18 10:48:20 +03:00
dependabot[bot]
dcf81b8748
build(deps): bump github/codeql-action from 2.21.5 to 2.21.7 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.21.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](00e563ead9...04daf014b5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-15 10:30:45 +00:00
Jussi Kukkonen
e4a9ae6181
Merge pull request #2462 from theupdateframework/dependabot/pip/black-23.9.1 
build(deps): bump black from 23.7.0 to 23.9.1
 2023-09-12 14:33:16 +03:00
dependabot[bot]
cafd3f4ad6
build(deps): bump black from 23.7.0 to 23.9.1 
Bumps [black](https://github.com/psf/black) from 23.7.0 to 23.9.1.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.7.0...23.9.1)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-11 10:34:21 +00:00
Jussi Kukkonen
3bf8f5faed
Merge pull request #2461 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-3.1.0 
build(deps): bump actions/dependency-review-action from 3.0.8 to 3.1.0
 2023-09-08 16:37:53 +03:00
dependabot[bot]
325defd06d
build(deps): bump actions/dependency-review-action from 3.0.8 to 3.1.0 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.8 to 3.1.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](f6fff72a32...6c5ccdad46)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-08 10:34:37 +00:00
Jussi Kukkonen
c645e186dd
Merge pull request #2455 from theupdateframework/dependabot/github_actions/actions/checkout-4.0.0 
build(deps): bump actions/checkout from 3.6.0 to 4.0.0
 2023-09-07 16:03:17 +03:00
Jussi Kukkonen
63effe1f4c
Merge pull request #2457 from theupdateframework/dependabot/pip/build-1.0.3 
build(deps): bump build from 1.0.0 to 1.0.3
 2023-09-07 16:02:30 +03:00
Jussi Kukkonen
e87a3d0fbc
Merge pull request #2459 from theupdateframework/dependabot/github_actions/actions/upload-artifact-3.1.3 
build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3
 2023-09-07 16:02:03 +03:00
Jussi Kukkonen
e37769e252 Drop support for Python 3.7 
* Python 3.7 is EOL.
* Our runtime dependencies are still ok with 3.7
* Testing dependencies have started requiring 3.8

Stop supporting and testing Python 3.7.

We could just stop testing Python 3.7 (while claiming to still support
it) but that seems like it'll lead to trouble: we will inevitably use
some 3.8 feature and then won't notice because we don't test 3.7 any
more.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
 2023-09-07 15:52:36 +03:00
dependabot[bot]
811bf02fb0
build(deps): bump actions/checkout from 3.6.0 to 4.0.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](f43a0e5ff2...3df4ab11eb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-07 12:36:36 +00:00
dependabot[bot]
1c0c95f5f8
build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](0b7f8abb15...a8a3f3ad30)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-07 12:36:34 +00:00
Jussi Kukkonen
b84434afaa
Merge pull request #2453 from sumanth8495/develop 
workflows: Includes version comments in GH action uses-lines
 2023-09-07 15:35:58 +03:00
dependabot[bot]
d11e6872b9
build(deps): bump build from 1.0.0 to 1.0.3 
Bumps [build](https://github.com/pypa/build) from 1.0.0 to 1.0.3.
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/build/compare/1.0.0...1.0.3)

---
updated-dependencies:
- dependency-name: build
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-07 10:34:09 +00:00
sumanth8495
ade02cfb17 Missing version numbers are given, mentioned bugs are resolved. 
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
 2023-09-06 19:04:23 +05:30
Jussi Kukkonen
2e7da65c6b
Merge pull request #2456 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.29.0 
build(deps): bump securesystemslib[crypto,pynacl] from 0.28.0 to 0.29.0
 2023-09-06 15:12:22 +03:00
dependabot[bot]
b906393af8
build(deps): bump securesystemslib[crypto,pynacl] from 0.28.0 to 0.29.0 
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib) from 0.28.0 to 0.29.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases)
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.28.0...v0.29.0)

---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 12:01:46 +00:00
Jussi Kukkonen
a7bb129757
Merge pull request #2454 from theupdateframework/dependabot/pip/build-1.0.0 
build(deps): bump build from 0.10.0 to 1.0.0
 2023-09-06 14:24:16 +03:00
sumanth8495
1f676a8e34 version numbers are commented respectively 
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
 2023-09-06 13:10:40 +05:30
dependabot[bot]
40b610d2f4
build(deps): bump build from 0.10.0 to 1.0.0 
Bumps [build](https://github.com/pypa/build) from 0.10.0 to 1.0.0.
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/build/compare/0.10.0...1.0.0)

---
updated-dependencies:
- dependency-name: build
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 10:54:31 +00:00
sumanth8495
e3772c7082 workflows: Includes version comments in GH action uses-lines 
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
 2023-09-02 18:44:15 +05:30
Jussi Kukkonen
dd2de41dde
Merge pull request #2450 from theupdateframework/dependabot/github_actions/actions/checkout-3.6.0 
build(deps): bump actions/checkout from 3.5.3 to 3.6.0
 2023-08-31 14:03:09 +03:00
dependabot[bot]
82c223cafe
build(deps): bump actions/checkout from 3.5.3 to 3.6.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](c85c95e3d7...f43a0e5ff2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-31 09:14:00 +00:00
Jussi Kukkonen
0aede29b0f
Merge pull request #2451 from theupdateframework/dependabot/github_actions/github/codeql-action-2.21.5 
build(deps): bump github/codeql-action from 2.21.4 to 2.21.5
 2023-08-31 12:13:20 +03:00
dependabot[bot]
2e82328f69
build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.4 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](a09933a12a...00e563ead9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 10:32:24 +00:00
Lukas Pühringer
a871f648e5
Merge pull request #2378 from jku/move-verify-delegate-v2 
Move verify_delegate() to Root/Targets
 2023-08-21 13:27:01 +02:00
Jussi Kukkonen
e6f397d2ae
Merge pull request #2448 from theupdateframework/dependabot/pip/mypy-1.5.1 
build(deps): bump mypy from 1.5.0 to 1.5.1
 2023-08-17 15:52:19 +03:00
Jussi Kukkonen
7924f8851d
Merge pull request #2447 from lukpueh/fix-sslibsigner-test 
tests: adopt sslib changes in test_sign_failures
 2023-08-17 15:51:36 +03:00
dependabot[bot]
108a8c1a34
build(deps): bump mypy from 1.5.0 to 1.5.1 
Bumps [mypy](https://github.com/python/mypy) from 1.5.0 to 1.5.1.
- [Commits](https://github.com/python/mypy/compare/v1.5.0...v1.5.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-17 10:44:21 +00:00
Lukas Pühringer
00a6ac7f0a
Merge pull request #2273 from VickyMerzOwn/develop 
enhancement: Add from_data() method to MetaFile
 2023-08-16 17:21:41 +02:00
Lukas Puehringer
d45d65521b tests: adopt sslib changes in test_sign_failures 
fixes #2444

SSlibSigner was changed recently (secure-stystems-lab/securesystemslib#604)
to fail on bad input data (keydict) at init instead of when signing.

The patched test used to trigger expects a Signer.sign error from an
SSlibSigner, which is no longer possible.

To still get the desired error, the test uses a custom signer, which
does raise on sign.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
 2023-08-16 16:36:27 +02:00
Satvik Vemuganti
d3c0e614c1 Merge branch 'develop' of github.com:VickyMerzOwn/python-tuf into develop 2023-08-16 08:56:57 +05:30
Satvik Vemuganti
7a3a76321e Merge branch 'develop' of github.com:VickyMerzOwn/python-tuf into develop 
Signed-off-by: Satvik Vemuganti <vemugantisesha@iitbhilai.ac.in>
 2023-08-16 08:56:37 +05:30
Satvik Vemuganti
ea62543e88
Merge branch 'theupdateframework:develop' into develop 2023-08-16 06:18:12 +05:30