python-tuf

mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00

Author	SHA1	Message	Date
Lukas Pühringer	ea448eaed7	Merge pull request #2237 from theupdateframework/dependabot/pip/isort-5.11.3 build(deps): bump isort from 5.11.2 to 5.11.3	2022-12-19 13:28:43 +01:00
dependabot[bot]	f87d5805ca	build(deps): bump isort from 5.11.2 to 5.11.3 Bumps [isort](https://github.com/pycqa/isort) from 5.11.2 to 5.11.3. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.11.2...5.11.3) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-19 10:30:54 +00:00
Lukas Pühringer	b998297fba	Merge pull request #2238 from theupdateframework/dependabot/pip/pylint-2.15.9 build(deps): bump pylint from 2.15.8 to 2.15.9	2022-12-19 11:30:03 +01:00
Lukas Pühringer	0f404d96f4	Merge pull request #2236 from theupdateframework/dependabot/pip/tox-3.28.0 build(deps): bump tox from 3.27.1 to 3.28.0	2022-12-19 11:29:14 +01:00
dependabot[bot]	7e1c58df9d	build(deps): bump pylint from 2.15.8 to 2.15.9 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.8 to 2.15.9. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.8...v2.15.9) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-19 10:02:58 +00:00
dependabot[bot]	53c673ef12	build(deps): bump tox from 3.27.1 to 3.28.0 Bumps [tox](https://github.com/tox-dev/tox) from 3.27.1 to 3.28.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/3.28.0/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/3.27.1...3.28.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-19 10:02:49 +00:00
Lukas Pühringer	216ae641f7	Merge pull request #2193 from jku/repository-lib Repository module and example	2022-12-19 09:28:05 +01:00
Jussi Kukkonen	fd02226acb	repository: Improve dosctrings Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-17 23:09:11 +02:00
Lukas Pühringer	c6f8b5817b	Merge pull request #2197 from jku/client-robustness ngclient: Fail gracefully on missing role	2022-12-16 10:23:08 +01:00
Lukas Pühringer	99b200eff8	Merge pull request #2226 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.37 build(deps): bump github/codeql-action from 2.1.36 to 2.1.37	2022-12-16 10:19:00 +01:00
Lukas Pühringer	de802b79cc	Merge pull request #2227 from theupdateframework/dependabot/github_actions/ossf/scorecard-action-2.1.0 build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.0	2022-12-16 10:15:28 +01:00
dependabot[bot]	ca67ed9f62	build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.0 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](`99c53751e0...937ffa90d7`) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-15 10:04:26 +00:00
dependabot[bot]	8f3f5713c6	build(deps): bump github/codeql-action from 2.1.36 to 2.1.37 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.36 to 2.1.37. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`a669cc5936...959cbb7472`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-15 10:04:23 +00:00
Jussi Kukkonen	48865aede9	repository: Remove sign_only argument from close() This is only needed for threshold signing and not even used in the example: leave it to the implementations to handle for now. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-14 20:05:56 +02:00
Jussi Kukkonen	9e9c156288	repository: remove init argument from open() This no longer seems needed: if the metadata store does not contain a single version of role, then open() can assume it is initializing. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-14 19:53:43 +02:00
Lukas Pühringer	92afaaf50d	Merge pull request #2224 from theupdateframework/dependabot/pip/isort-5.11.2 build(deps): bump isort from 5.11.1 to 5.11.2	2022-12-14 11:15:15 +01:00
dependabot[bot]	09a4cc52fc	build(deps): bump isort from 5.11.1 to 5.11.2 Bumps [isort](https://github.com/pycqa/isort) from 5.11.1 to 5.11.2. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.11.1...5.11.2) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-14 10:02:10 +00:00
Lukas Pühringer	7291411ad9	Merge pull request #2222 from theupdateframework/dependabot/pip/isort-5.11.1 build(deps): bump isort from 5.10.1 to 5.11.1	2022-12-13 12:14:43 +01:00
Lukas Pühringer	9ccd4f8767	Merge pull request #2223 from theupdateframework/dependabot/github_actions/actions/checkout-3.2.0 build(deps): bump actions/checkout from 3.1.0 to 3.2.0	2022-12-13 12:11:40 +01:00
dependabot[bot]	98991d8f50	build(deps): bump actions/checkout from 3.1.0 to 3.2.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`93ea575cb5...755da8c3cf`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-13 10:04:50 +00:00
dependabot[bot]	8103632f76	build(deps): bump isort from 5.10.1 to 5.11.1 Bumps [isort](https://github.com/pycqa/isort) from 5.10.1 to 5.11.1. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.10.1...5.11.1) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-13 10:02:19 +00:00
Jussi Kukkonen	f2aa30a0a7	Merge pull request #2219 from theupdateframework/dependabot/pip/black-22.12.0 build(deps): bump black from 22.10.0 to 22.12.0	2022-12-13 09:38:58 +02:00
Jussi Kukkonen	32fec997fc	Merge pull request #2221 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.36 build(deps): bump github/codeql-action from 2.1.35 to 2.1.36	2022-12-12 14:54:44 +02:00
dependabot[bot]	9fd45d923d	build(deps): bump github/codeql-action from 2.1.35 to 2.1.36 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.36. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`b2a92eb56d...a669cc5936`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-12 10:07:12 +00:00
dependabot[bot]	ba7d79543a	build(deps): bump black from 22.10.0 to 22.12.0 Bumps [black](https://github.com/psf/black) from 22.10.0 to 22.12.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.10.0...22.12.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-12 10:02:39 +00:00
Jussi Kukkonen	bdf164e53f	Merge pull request #2214 from theupdateframework/dependabot/github_actions/actions/setup-python-4.3.1 build(deps): bump actions/setup-python from 4.3.0 to 4.3.1	2022-12-11 20:13:31 +02:00
dependabot[bot]	205769d9bf	build(deps): bump actions/setup-python from 4.3.0 to 4.3.1 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](`13ae5bb136...2c3dd9e7e2`) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-09 17:50:35 +00:00
Jussi Kukkonen	9548a4ca1d	Merge pull request #2213 from theupdateframework/dependabot/pip/certifi-2022.12.7 build(deps): bump certifi from 2022.9.24 to 2022.12.7	2022-12-09 19:42:08 +02:00
dependabot[bot]	a968504496	build(deps): bump certifi from 2022.9.24 to 2022.12.7 Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.9.24 to 2022.12.7. - [Release notes](https://github.com/certifi/python-certifi/releases) - [Commits](https://github.com/certifi/python-certifi/compare/2022.09.24...2022.12.07) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-09 17:38:12 +00:00
Jussi Kukkonen	a1a53ee507	Merge pull request #2217 from jku/deps-pinning-changes build: Change build dependency pinning strategy	2022-12-09 19:35:50 +02:00
Jussi Kukkonen	b6c3b66ca6	build: Change build dependency pinning strategy * don't autoupgrade pip: let's consider pip to be part of platform? * pin build and tox in new requirements-build.txt: this mostly prevents tox from going to 4.x before we're ready * use requirements-build.txt as constraint when installing tox or build during CI & CD * use requirements-build.txt in requiremenets-dev.txt Note that coveralls is not pinned, not sure if it should be. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-09 18:10:03 +02:00
Lukas Pühringer	5cfde61c36	Merge pull request #2211 from jku/metafile-default-version Metadata API: set default version for MetaFile()	2022-12-07 17:43:01 +01:00
Jussi Kukkonen	9f2eb86d33	Merge pull request #2210 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.6.4 build(deps): bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4	2022-12-07 15:31:09 +02:00
Jussi Kukkonen	87502b0f38	Metadata API: set default version for MetaFile() This makes sense to me: if you create a new MetaFile, logically it is version 1). This does not change serialization in any way. Practical code becomes slightly nicer as metafiles = defaultdict(MetaFile) now works without lambdas. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-07 15:07:19 +02:00
dependabot[bot]	7f1ddebb71	build(deps): bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4 Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.6.1 to 1.6.4. - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](`5d1679fa6b...c7f29f7ade`) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-07 10:04:26 +00:00
Jussi Kukkonen	45271efe3b	Merge pull request #2208 from MVrachev/add-docstring Updater: add missing config docstring	2022-12-06 19:27:03 +02:00
Jussi Kukkonen	8c0dc4e447	Merge pull request #2205 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.6.1 build(deps): bump pypa/gh-action-pypi-publish from 1.5.1 to 1.6.1	2022-12-06 19:22:19 +02:00
Jussi Kukkonen	2eb9e63404	Merge pull request #2207 from theupdateframework/dependabot/pip/pylint-2.15.8 build(deps): bump pylint from 2.15.7 to 2.15.8	2022-12-06 19:17:57 +02:00
Martin Vrachev	c8d79a323c	Updater: add missing config docstring Signed-off-by: Martin Vrachev <mvrachev@vmware.com>	2022-12-06 17:50:13 +02:00
dependabot[bot]	e1d8d2aaec	build(deps): bump pylint from 2.15.7 to 2.15.8 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.7 to 2.15.8. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.7...v2.15.8) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-06 10:02:13 +00:00
Jussi Kukkonen	c1bb46b6c2	repository: Improve docstrings Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-05 13:45:27 +02:00
Jussi Kukkonen	3e4ef61e46	examples: Tweak client README Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-05 12:34:54 +02:00
dependabot[bot]	63c384d9d7	build(deps): bump pypa/gh-action-pypi-publish from 1.5.1 to 1.6.1 Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.5.1 to 1.6.1. - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](`37f50c210e...5d1679fa6b`) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-05 10:08:50 +00:00
Jussi Kukkonen	7c756efe00	Merge pull request #2204 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.35 build(deps): bump github/codeql-action from 2.1.33 to 2.1.35	2022-12-03 19:48:21 +02:00
Jussi Kukkonen	fdf0affcad	repository: Address review comments This is a collection of comment, documentation and logging fixes. The noteworthy part is making it clear that repository is not stable API yet: I think this is a good idea. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-03 11:34:21 +02:00
Jussi Kukkonen	0f94c03756	repository: Handle linting issues Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-02 13:40:58 +02:00
Jussi Kukkonen	69cb140cb3	examples: Add README for repository example Tweak comments as well Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-12-02 13:33:14 +02:00
dependabot[bot]	07940a1f92	build(deps): bump github/codeql-action from 2.1.33 to 2.1.35 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.33 to 2.1.35. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.1.33...b2a92eb56d8cb930006a1c6ed86b0782dd8a4297) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-12-02 10:04:16 +00:00
Jussi Kukkonen	87c74a83bc	examples: Maintain a meta info cache This is not required for the demo but is more realistic: we keep a cache of targets versions so that we can produce a new snapshot whenever one is needed, without accessing all of the targets metadata to do so. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-11-30 21:19:43 +02:00
Jussi Kukkonen	dd36b73ca9	repository: insert copies of MetaFile into metadata Otherwise the metafile cache and the metadata object end up pointing to same instances which starts breaking later. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-11-30 21:05:57 +02:00

1 2 3 4 5 ...

5470 commits