python-tuf

mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00

Author	SHA1	Message	Date
Jussi Kukkonen	f4c70cc2d3	Update my maintainer email Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>	2022-09-05 13:39:22 +03:00
Lukas Pühringer	7a760691c6	Merge pull request #2095 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.22 build(deps): bump github/codeql-action from 2.1.21 to 2.1.22	2022-09-02 13:29:07 +02:00
dependabot[bot]	a2cbdd23a1	build(deps): bump github/codeql-action from 2.1.21 to 2.1.22 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.21 to 2.1.22. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`c7f292ea4f...b398f525a5`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-02 10:22:03 +00:00
Lukas Pühringer	0cb3547458	Merge pull request #2094 from theupdateframework/dependabot/pip/black-22.8.0 build(deps): bump black from 22.6.0 to 22.8.0	2022-09-01 12:21:04 +02:00
dependabot[bot]	5763f8377b	build(deps): bump black from 22.6.0 to 22.8.0 Bumps [black](https://github.com/psf/black) from 22.6.0 to 22.8.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.6.0...22.8.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-09-01 10:08:59 +00:00
Jussi Kukkonen	724450720e	Merge pull request #2092 from lukpueh/fix-spec-version-spec chore: fix error in spec version check workflow	2022-08-31 16:12:39 +03:00
Lukas Puehringer	b83c738373	chore: fix error in spec version check workflow Use `--upgrade` option to upgrade pip with pip in workflow, instead of non-existing `-u` option (-U would also be possible). Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-30 14:19:12 +02:00
Jussi Kukkonen	704747536f	Merge pull request #2001 from rdimitrov/dimitrovr/spec-bump-workflow chore: update the workflow responsible for notifying of new TUF spec release	2022-08-30 14:01:54 +03:00
Jussi Kukkonen	3a29fb384a	Merge pull request #2087 from theupdateframework/dependabot/pip/pylint-2.15.0 build(deps): bump pylint from 2.14.5 to 2.15.0	2022-08-30 13:50:20 +03:00
dependabot[bot]	10c6283645	build(deps): bump pylint from 2.14.5 to 2.15.0 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.14.5 to 2.15.0. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.14.5...v2.15.0) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-30 10:43:53 +00:00
Jussi Kukkonen	e4694edd70	Merge pull request #2090 from lukpueh/verify_release-http-timeout verify_release: add constant 5s HTTP timeout	2022-08-30 13:42:20 +03:00
Jussi Kukkonen	3d808937b0	Merge pull request #2091 from lukpueh/rm-setup.py build: remove obsolete setup.py	2022-08-30 11:46:34 +03:00
Lukas Puehringer	8942969226	build: remove obsolete setup.py setup.py was removed in favor of setup.cfg in #1626 and re-added later in #1832 to work around a Dependabot issue #1828. This issue seems to have been fixed upstream in dependabot/dependabot-core#5392. Fixes #2089 Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-30 10:03:45 +02:00
Lukas Puehringer	7baf1d3376	chore: misc setup-python changes in spec check job 1. update action/setup-python to latest version 2. pin major version to be used to 3.x 3. upgrade pip before using it 1 and 2 were suggested in #2089 Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-30 09:44:19 +02:00
Radoslav Dimitrov	53f1611b74	chore: limit the permissions for the job calling the version check workflow Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>	2022-08-30 09:37:01 +02:00
Radoslav Dimitrov	0e6b928d9a	chore: update the workflow responsible for notifying of new TUF spec release Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>	2022-08-30 09:36:59 +02:00
Lukas Puehringer	7b9cf4ac8e	verify_release: add constant 5s HTTP timeout Add 5 seconds HTTP timeout constant and use it for requests to GitHub. Setting timeout is recommended by requests docs and flagged by latest pylint: ``` W3101: Missing timeout argument for method 'requests.get' can cause your program to hang indefinitely (missing-timeout) ``` https://requests.readthedocs.io/en/latest/user/quickstart/#timeouts Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-30 09:06:17 +02:00
Jussi Kukkonen	4cb5b35a26	Merge pull request #2088 from theupdateframework/dependabot/github_actions/actions/github-script-6.2.0 build(deps): bump actions/github-script from 6.1.1 to 6.2.0	2022-08-29 14:01:06 +03:00
dependabot[bot]	de8f97f283	build(deps): bump actions/github-script from 6.1.1 to 6.2.0 Bumps [actions/github-script](https://github.com/actions/github-script) from 6.1.1 to 6.2.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](`d50f485531...c713e510db`) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-29 10:24:16 +00:00
Lukas Pühringer	f381244b28	Merge pull request #2086 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.21 build(deps): bump github/codeql-action from 2.1.20 to 2.1.21	2022-08-29 10:31:27 +02:00
dependabot[bot]	3d1786da74	build(deps): bump github/codeql-action from 2.1.20 to 2.1.21 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.20 to 2.1.21. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`7fee4ca032...c7f292ea4f`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-26 10:16:29 +00:00
Lukas Pühringer	f0145ccd3e	Merge pull request #2084 from theupdateframework/dependabot/pip/urllib3-1.26.12 build(deps): bump urllib3 from 1.26.11 to 1.26.12	2022-08-24 13:34:12 +02:00
Lukas Pühringer	ae8b222b94	Merge pull request #2085 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.20 build(deps): bump github/codeql-action from 2.1.19 to 2.1.20	2022-08-24 13:32:04 +02:00
dependabot[bot]	90a2ec4804	build(deps): bump github/codeql-action from 2.1.19 to 2.1.20 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.19 to 2.1.20. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`f5d217be74...7fee4ca032`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-24 10:18:21 +00:00
dependabot[bot]	2ba18e2fcb	build(deps): bump urllib3 from 1.26.11 to 1.26.12 Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.11 to 1.26.12. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.11...1.26.12) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-23 10:06:46 +00:00
Lukas Pühringer	ea478521c1	Merge pull request #2083 from theupdateframework/dependabot/pip/charset-normalizer-2.1.1 build(deps): bump charset-normalizer from 2.1.0 to 2.1.1	2022-08-22 13:04:08 +02:00
dependabot[bot]	9e244690e3	build(deps): bump charset-normalizer from 2.1.0 to 2.1.1 Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.1.0 to 2.1.1. - [Release notes](https://github.com/ousret/charset_normalizer/releases) - [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/ousret/charset_normalizer/compare/2.1.0...2.1.1) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-22 10:05:56 +00:00
Lukas Pühringer	0e04e3307f	Merge pull request #2080 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.19 build(deps): bump github/codeql-action from 2.1.18 to 2.1.19	2022-08-22 09:07:24 +02:00
Lukas Pühringer	fbef252466	Merge pull request #2081 from theupdateframework/dependabot/github_actions/actions/dependency-review-action-2.1.0 build(deps): bump actions/dependency-review-action from 2.0.4 to 2.1.0	2022-08-22 09:04:26 +02:00
dependabot[bot]	789dcef5f1	build(deps): bump actions/dependency-review-action from 2.0.4 to 2.1.0 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.4 to 2.1.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](`94145f3150...23d1ffffb6`) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-19 10:14:19 +00:00
dependabot[bot]	4528289ea2	build(deps): bump github/codeql-action from 2.1.18 to 2.1.19 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.18 to 2.1.19. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`2ca79b6fa8...f5d217be74`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-19 10:14:16 +00:00
Jussi Kukkonen	7210487281	Merge pull request #2079 from theupdateframework/dependabot/pip/coverage-6.4.4 build(deps): bump coverage from 6.4.3 to 6.4.4	2022-08-18 19:15:24 +03:00
dependabot[bot]	4215593904	build(deps): bump coverage from 6.4.3 to 6.4.4 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.3 to 6.4.4. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/6.4.3...6.4.4) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-17 10:06:42 +00:00
Jussi Kukkonen	3a178df7dc	Merge pull request #2078 from theupdateframework/dependabot/github_actions/actions/github-script-6.1.1 build(deps): bump actions/github-script from 6.1.0 to 6.1.1	2022-08-16 11:52:20 +03:00
Lukas Pühringer	7ada2af384	Merge pull request #2076 from lukpueh/release-2.0.0 python-tuf 2.0.0	2022-08-16 09:51:37 +02:00
Lukas Puehringer	6874747268	python-tuf 2.0.0 * Update Changelog * bump version Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu> Co-authored-by: Joshua Lock <jlock@vmware.com>	2022-08-16 09:36:40 +02:00
dependabot[bot]	e27dce0f5f	build(deps): bump actions/github-script from 6.1.0 to 6.1.1 Bumps [actions/github-script](https://github.com/actions/github-script) from 6.1.0 to 6.1.1. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](`7a5c598405...d50f485531`) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-15 10:19:37 +00:00
Lukas Pühringer	a773e8f695	Merge pull request #2038 from MVrachev/tap15-example Add an example script about succinct roles usage	2022-08-12 12:11:42 +02:00
Lukas Puehringer	e9ef5b60b9	Minor restructure in TAP 15 example Generate keys for all roles in one place and rename to better distinguish delegating targets key from bins key. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-11 16:57:29 +02:00
Lukas Pühringer	50960c4076	Minor rewords in TAP 15 example Apply minor rewording suggestions from code review. Co-authored-by: Lois Anne DeLong <lad278@nyu.edu> Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>	2022-08-11 16:54:31 +02:00
Lukas Pühringer	d9153ee4cd	Merge pull request #2069 from theupdateframework/dependabot/pip/coverage-6.4.3 build(deps): bump coverage from 6.4.2 to 6.4.3	2022-08-09 11:23:15 +02:00
Jussi Kukkonen	3308c29f44	Merge pull request #2031 from MVrachev/tap15-download-target-test Tests: download a target with succinct_roles enabled	2022-08-08 19:05:39 +03:00
Jussi Kukkonen	01b30ccd2d	tests: Improve succinct download test * move to the test file that contains all the other download tests * don't write 1000 files: it can be slow in CI * Compare file content to what was originally written (also read the whole file content) * Remove try-except that seems unused Signed-off-by: Jussi Kukkonen <jku@goto.fi>	2022-08-08 18:58:37 +03:00
dependabot[bot]	390fde1fdb	build(deps): bump coverage from 6.4.2 to 6.4.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.2 to 6.4.3. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/6.4.2...6.4.3) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-08 10:17:26 +00:00
Jussi Kukkonen	7da578f680	Merge pull request #2060 from theupdateframework/dependabot/pip/mypy-0.971 build(deps): bump mypy from 0.961 to 0.971	2022-08-08 11:09:44 +03:00
Jussi Kukkonen	7c31e48ce2	Merge pull request #2068 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.18 build(deps): bump github/codeql-action from 2.1.17 to 2.1.18	2022-08-08 11:08:59 +03:00
dependabot[bot]	d442fa2d56	build(deps): bump github/codeql-action from 2.1.17 to 2.1.18 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.17 to 2.1.18. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`0c670bbf04...2ca79b6fa8`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-04 10:27:31 +00:00
Lukas Pühringer	4502406dd9	Merge pull request #2067 from theupdateframework/dependabot/github_actions/actions/setup-python-4.2.0 build(deps): bump actions/setup-python from 4.1.0 to 4.2.0	2022-08-03 12:25:50 +02:00
dependabot[bot]	c524984be4	build(deps): bump actions/setup-python from 4.1.0 to 4.2.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](`c4e89fac7e...b55428b188`) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-03 10:19:48 +00:00
Lukas Pühringer	3108998f75	Merge pull request #2066 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.17 build(deps): bump github/codeql-action from 2.1.16 to 2.1.17	2022-08-01 12:11:25 +02:00

1 2 3 4 5 ...

5275 commits