build(deps): bump tuf from 3.1.1 to 4.0.0 in /repo

[dependabot[bot]]

Bumps tuf from 3.1.1 to 4.0.0.

Release notes

Sourced from tuf's releases.

v4.0.0

This release is a small API change for Metadata API users (see below). ngclient API is compatible but optional DSSE support has been added.

Added

• Added optional DSSE support to Metadata API and ngclient (#2436)

Changed

• Metadata API: Improved verification functionality for repository users (#2551):
  • This is an API change for Metadata API users ( Root.get_verification_result() and Targets.get_verification_result() specifically)
  • Root.get_root_verification_result() has been added to handle the special case of root verification
• Started using UTC datetimes instead of naive datetimes internally (#2573)
• Constrain securesystemslib dependency to <0.32.0 in preparation for future securesystemslib API changes
• Various build, test and lint improvements

Changelog

Sourced from tuf's changelog.

v4.0.0

This release is a small API change for Metadata API users (see below). ngclient API is compatible but optional DSSE support has been added.

Added

• Added optional DSSE support to Metadata API and ngclient (#2436)

Changed

• Metadata API: Improved verification functionality for repository users (#2551):
  • This is an API change for Metadata API users ( Root.get_verification_result() and Targets.get_verification_result() specifically)
  • Root.get_root_verification_result() has been added to handle the special case of root verification
• Started using UTC datetimes instead of naive datetimes internally (#2573)
• Constrain securesystemslib dependency to <0.32.0 in preparation for future securesystemslib API changes
• Various build, test and lint improvements

Commits

• 2d6fc74 Merge pull request #2601 from jku/release-v4
• 928702a Release v4.0.0
• 892c789 Merge pull request #2600 from lukpueh/set-max-sslib-version
• bc3ebd8 Constrain securesystemslib dependency to <0.32.0
• 5947bd0 Merge pull request #2594 from theupdateframework/dependabot/pip/build-and-rel...
• afa4619 Merge pull request #2596 from theupdateframework/dependabot/github_actions/ac...
• 7c5cae3 Merge pull request #2595 from theupdateframework/dependabot/pip/test-and-lint...
• ad2c98a Merge pull request #2593 from theupdateframework/dependabot/pip/dependencies-...
• 6cd2d22 build(deps): bump the dependencies group with 1 update
• 9f4906b build(deps): bump the test-and-lint-dependencies group with 1 update
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #306.

[dependabot[bot]]

Superseded by #306.