search

theupdateframework / tuf-on-ci

A TUF repository and signing tool
Other
19 stars 10 forks source link

build(deps): bump the pyproject-dependencies group across 2 directories with 11 updates #328

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Updates the requirements on securesystemslib[awskms,azurekms,gcpkms,pynacl,sigstore], tuf, mypy, ruff, boto3, botocore, grpcio-status, protobuf, securesystemslib, sigstore-rekor-types and securesystemslib[awskms,azurekms,gcpkms,hsm,sigstore] to permit the latest version. Updates securesystemslib[awskms,azurekms,gcpkms,pynacl,sigstore] to 1.0.0

Release notes

Sourced from securesystemslib[awskms,azurekms,gcpkms,pynacl,sigstore]'s releases.

v1.0.0

See CHANGELOG.md for details.

Changelog

Sourced from securesystemslib[awskms,azurekms,gcpkms,pynacl,sigstore]'s changelog.

securesystemslib v1.0.0

Securesystemslib API is now considered stable. The core functionality is provided in the Signer interface and the half a dozen integrated Signer implementations that can be found in the signer module. Smaller helper modules dsse, formats, hash and storage are also part of the API. Several legacy modules have been removed.

Added

  • Signer: add public_key attribute to interface (#756)
  • VaultSigner: Signer implementation for HashiCorp Vault (#800)
  • CryptoSigner: support ecdsa keytype that is no longer in spec (#711)
  • CryptoSigner: add private_bytes property (#799)
  • CryptoSigner: add "file2" signer uri (#759)
  • test: use localstack to test AWSSigner (#777)

Removed

  • CryptoSigner: remove "file" signer uri (#759)
  • migration script for legacy keys (#770)
  • SSlibSigner class and *_securesystemslib_key methods (#771)
  • legacy key key*, interface, util and schema modules (#772, #773, #776)
  • unused functions in hash, and formats module (#774, #776)
  • unused global key constants (#806)

Changed

  • SSlibKey: strengthen input validation (#780, #795)
  • AWSSigner: support default scheme and add stronger input validation (#724, #778)
  • dsse: change Envelope.signatures type to dict (#743)
  • vendor: update ed25519 copy (#793)
  • docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796)
  • test: improve and temporarily disable SigstoreSigner test (#779, #785)
  • ci: use dependabot groups, update weekly (#735)
  • ci: test macOS and Windows on latest Python only (#797)
  • Make securessystemslib.gpg internal (#792)

Fixed

  • Fix check-upstream-ed25519 workflow permission (#706)
  • SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794)

securesystemslib v0.31.0

Added

  • CryptoSigner: create from cryptography private key with new constructor (#675)
  • SSlibKey: create from cryptography public key with new from_crypto method (#678)
  • Release: auto-release with PyPI Trusted Publishing (#683)
  • Docs to migrate legacy key files (#658)

Removed

  • Removed SSlibKey.from_pem factory method in favor of from_crypto (#678)

... (truncated)

Commits
  • 1092ac6 Merge pull request #807 from lukpueh/release-1.0.0
  • fe34bac Update v1.0.0 entry in CHANGELOG
  • c682259 Release 1.0.0
  • 5789578 Merge pull request #800 from lukpueh/vault-signer
  • acae70a Add VaultSigner and tests
  • 66a56cb Merge pull request #804 from secure-systems-lab/dependabot/pip/dependencies-9...
  • c48a451 Merge pull request #803 from secure-systems-lab/dependabot/pip/test-and-lint-...
  • 557378e Merge pull request #806 from lukpueh/rm-stray-globals
  • 6975b81 Remove 3 stray global key type constants
  • 402c898 Merge pull request #802 from lukpueh/rm-stability-disclaimers
  • Additional commits viewable in compare view


Updates tuf from 3.1.1 to 5.0.0

Release notes

Sourced from tuf's releases.

v5.0.0

This release, most notably, marks stable securesystemslib v1.0.0 as minimum requirement. The update causes a minor break in the new DSSE API (see below) and affects users who also directly depend on securesystemslib. See the securesystemslib release notes and the updated python-tuf examples (#2617) for details. ngclient API remains backwards-compatible.

Changed

  • DSSE API: change SimpleEnvelope.signatures type to dict, remove SimpleEnvelope.signatures_dict (#2617)
  • ngclient: support app-specific user-agents (#2612)
  • Various build, test and lint improvements

v4.0.0

This release is a small API change for Metadata API users (see below). ngclient API is compatible but optional DSSE support has been added.

Added

  • Added optional DSSE support to Metadata API and ngclient (#2436)

Changed

  • Metadata API: Improved verification functionality for repository users (#2551):
    • This is an API change for Metadata API users ( Root.get_verification_result() and Targets.get_verification_result() specifically)
    • Root.get_root_verification_result() has been added to handle the special case of root verification
  • Started using UTC datetimes instead of naive datetimes internally (#2573)
  • Constrain securesystemslib dependency to <0.32.0 in preparation for future securesystemslib API changes
  • Various build, test and lint improvements
Changelog

Sourced from tuf's changelog.

v5.0.0

This release, most notably, marks stable securesystemslib v1.0.0 as minimum requirement. The update causes a minor break in the new DSSE API (see below) and affects users who also directly depend on securesystemslib. See the securesystemslib release notes and the updated python-tuf examples (#2617) for details. ngclient API remains backwards-compatible.

Changed

  • DSSE API: change SimpleEnvelope.signatures type to dict, remove SimpleEnvelope.signatures_dict (#2617)
  • ngclient: support app-specific user-agents (#2612)
  • Various build, test and lint improvements

v4.0.0

This release is a small API change for Metadata API users (see below). ngclient API is compatible but optional DSSE support has been added.

Added

  • Added optional DSSE support to Metadata API and ngclient (#2436)

Changed

  • Metadata API: Improved verification functionality for repository users (#2551):
    • This is an API change for Metadata API users ( Root.get_verification_result() and Targets.get_verification_result() specifically)
    • Root.get_root_verification_result() has been added to handle the special case of root verification
  • Started using UTC datetimes instead of naive datetimes internally (#2573)
  • Constrain securesystemslib dependency to <0.32.0 in preparation for future securesystemslib API changes
  • Various build, test and lint improvements
Commits
  • 1b0c9f7 Merge pull request #2630 from lukpueh/release-v5
  • d3d2ac1 Update docs/CHANGELOG.md
  • bce5039 Rlease v5.0.0
  • c890b7e Merge pull request #2628 from theupdateframework/dependabot/pip/test-and-lint...
  • 6e24f4d Merge pull request #2629 from theupdateframework/dependabot/github_actions/ac...
  • 02464e9 build(deps): bump ossf/scorecard-action in the action-dependencies group
  • a5ba1a1 build(deps): bump ruff in the test-and-lint-dependencies group
  • 87e418c Merge pull request #2627 from jku/finish-ruff-integration
  • 419bfe3 linting: Enable all Ruff rulesets by default
  • d855d1c Merge pull request #2626 from theupdateframework/dependabot/pip/test-and-lint...
  • Additional commits viewable in compare view


Updates mypy from 1.9.0 to 1.10.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.10

We’ve just uploaded mypy 1.10 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support TypeIs (PEP 742)

Mypy now supports TypeIs (PEP 742), which allows functions to narrow the type of a value, similar to isinstance(). Unlike TypeGuard, TypeIs can narrow in both the if and else branches of an if statement:

from typing_extensions import TypeIs

def is_str(s: object) -> TypeIs[str]:
return isinstance(s, str)


def f(o: str | int) -> None:
if is_str(o):
# Type of o is 'str'
...
else:
# Type of o is 'int'
...

TypeIs will be added to the typing module in Python 3.13, but it can be used on earlier Python versions by importing it from typing_extensions.

This feature was contributed by Jelle Zijlstra (PR 16898).

Support TypeVar Defaults (PEP 696)

PEP 696 adds support for type parameter defaults. Example:

from typing import Generic
from typing_extensions import TypeVar

</tr></table>

... (truncated)

Commits


Updates ruff from 0.3.5 to 0.4.4

Release notes

Sourced from ruff's releases.

v0.4.4

Changes

Preview features

  • [pycodestyle] Ignore end-of-line comments when determining blank line rules (#11342)
  • [pylint] Detect pathlib.Path.open calls in unspecified-encoding (PLW1514) (#11288)
  • [flake8-pyi] Implement PYI059 (generic-not-last-base-class) (#11233)
  • [flake8-pyi] Implement PYI062 (duplicate-literal-member) (#11269)

Rule changes

  • [flake8-boolean-trap] Allow passing booleans as positional-only arguments in code such as set(True) (#11287)
  • [flake8-bugbear] Ignore enum classes in cached-instance-method (B019) (#11312)

Server

  • Expand tildes when resolving Ruff server configuration file (#11283)
  • Fix ruff server hanging after Neovim closes (#11291)
  • Editor settings are used by default if no file-based configuration exists (#11266)

Bug fixes

  • [pylint] Consider with statements for too-many-branches (PLR0912) (#11321)
  • [flake8-blind-except, tryceratops] Respect logged and re-raised expressions in nested statements (BLE001, TRY201) (#11301)
  • Recognise assignments such as __all__ = builtins.list(["foo", "bar"]) as valid __all__ definitions (#11335)

Contributors

v0.4.3

Changes

Enhancements

  • Add support for PEP 696 syntax (#11120)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.4.4

Preview features

  • [pycodestyle] Ignore end-of-line comments when determining blank line rules (#11342)
  • [pylint] Detect pathlib.Path.open calls in unspecified-encoding (PLW1514) (#11288)
  • [flake8-pyi] Implement PYI059 (generic-not-last-base-class) (#11233)
  • [flake8-pyi] Implement PYI062 (duplicate-literal-member) (#11269)

Rule changes

  • [flake8-boolean-trap] Allow passing booleans as positional-only arguments in code such as set(True) (#11287)
  • [flake8-bugbear] Ignore enum classes in cached-instance-method (B019) (#11312)

Server

  • Expand tildes when resolving Ruff server configuration file (#11283)
  • Fix ruff server hanging after Neovim closes (#11291)
  • Editor settings are used by default if no file-based configuration exists (#11266)

Bug fixes

  • [pylint] Consider with statements for too-many-branches (PLR0912) (#11321)
  • [flake8-blind-except, tryceratops] Respect logged and re-raised expressions in nested statements (BLE001, TRY201) (#11301)
  • Recognise assignments such as __all__ = builtins.list(["foo", "bar"]) as valid __all__ definitions (#11335)

0.4.3

Enhancements

  • Add support for PEP 696 syntax (#11120)

Preview features

  • [refurb] Use function range for reimplemented-operator diagnostics (#11271)
  • [refurb] Ignore methods in reimplemented-operator (FURB118) (#11270)
  • [refurb] Implement fstring-number-format (FURB116) (#10921)
  • [ruff] Implement redirected-noqa (RUF101) (#11052)
  • [pyflakes] Distinguish between first-party and third-party imports for fix suggestions (#11168)

Rule changes

  • [flake8-bugbear] Ignore non-abstract class attributes when enforcing B024 (#11210)
  • [flake8-logging] Include inline instantiations when detecting loggers (#11154)
  • [pylint] Also emit PLR0206 for properties with variadic parameters (#11200)
  • [ruff] Detect duplicate codes as part of unused-noqa (RUF100) (#10850)

Formatter

  • Avoid multiline expression if format specifier is present (#11123)

... (truncated)

Commits
  • 3e8878a Bump version to v0.4.4 (#11352)
  • b6b4ad9 [red-knot] @​override lint rule (#11282)
  • dd42961 [pylint] Detect pathlib.Path.open calls in unspecified-encoding (`PLW15...
  • c80c171 [red-knot] Vendor typeshed's stdlib (#11340)
  • e2fe177 Revert "Simplify arithmetic operation in logical lines checker (#11346)" (#11...
  • e9d1cdd Simplify arithmetic operation in logical lines checker (#11346)
  • dfe4291 Improve ruff_python_semantic::all::extract_all_names() (#11335)
  • 4541337 [red-knot] Remove \<Db: SemanticDb> contraints in favor of dynamic dispatch ...
  • 8e9ddee Ignore end-of-line comments when determining blank line rules (#11342)
  • 702d2fa Make B024 and B027 documentation more nuanced (#11341)
  • Additional commits viewable in compare view


Updates boto3 from 1.34.104 to 1.34.105

Changelog

Sourced from boto3's changelog.

1.34.105

  • api-change:connect: [botocore] Amazon Connect provides enhanced search capabilities for flows & flow modules on the Connect admin website and programmatically using APIs. You can search for flows and flow modules by name, description, type, status, and tags, to filter and identify a specific flow in your Connect instances.
  • api-change:s3: [botocore] Updated a few x-id in the http uri traits
Commits


Updates botocore from 1.34.104 to 1.34.105

Changelog

Sourced from botocore's changelog.

1.34.105

  • api-change:connect: Amazon Connect provides enhanced search capabilities for flows & flow modules on the Connect admin website and programmatically using APIs. You can search for flows and flow modules by name, description, type, status, and tags, to filter and identify a specific flow in your Connect instances.
  • api-change:s3: Updated a few x-id in the http uri traits
Commits


Updates grpcio-status from 1.62.2 to 1.63.0

Updates protobuf from 4.25.3 to 5.26.1

Commits
  • 2434ef2 Updating version.json and repo version numbers to: 26.1
  • 49253b1 Merge pull request #16308 from protocolbuffers/cp-26x-3
  • 9bf69ec Fix validateFeatures to be called after resolved features are actually set to...
  • b752bc2 Merge pull request #16307 from protocolbuffers/cp-26x-2
  • f7d2326 Merge pull request #16309 from protocolbuffers/cp-26x-4
  • 2e51ff6 Cherry-pick required label handling in JRuby field descriptor from https://gi...
  • a2f5303 Update cmake stalenes
  • 6a177d2 Merge branch '26.x' into cp-26x-4
  • 2d3d8ba Expand cpp_features_proto_srcs visibility
  • e1092ee Merge pull request #16294 from protocolbuffers/cp-26x
  • Additional commits viewable in compare view


Updates securesystemslib from 0.31.0 to 1.0.0

Release notes

Sourced from securesystemslib's releases.

v1.0.0

See CHANGELOG.md for details.

Changelog

Sourced from securesystemslib's changelog.

securesystemslib v1.0.0

Securesystemslib API is now considered stable. The core functionality is provided in the Signer interface and the half a dozen integrated Signer implementations that can be found in the signer module. Smaller helper modules dsse, formats, hash and storage are also part of the API. Several legacy modules have been removed.

Added

  • Signer: add public_key attribute to interface (#756)
  • VaultSigner: Signer implementation for HashiCorp Vault (#800)
  • CryptoSigner: support ecdsa keytype that is no longer in spec (#711)
  • CryptoSigner: add private_bytes property (#799)
  • CryptoSigner: add "file2" signer uri (#759)
  • test: use localstack to test AWSSigner (#777)

Removed

  • CryptoSigner: remove "file" signer uri (#759)
  • migration script for legacy keys (#770)
  • SSlibSigner class and *_securesystemslib_key methods (#771)
  • legacy key key*, interface, util and schema modules (#772, #773, #776)
  • unused functions in hash, and formats module (#774, #776)
  • unused global key constants (#806)

Changed

  • SSlibKey: strengthen input validation (#780, #795)
  • AWSSigner: support default scheme and add stronger input validation (#724, #778)
  • dsse: change Envelope.signatures type to dict (#743)
  • vendor: update ed25519 copy (#793)
  • docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796)
  • test: improve and temporarily disable SigstoreSigner test (#779, #785)
  • ci: use dependabot groups, update weekly (#735)
  • ci: test macOS and Windows on latest Python only (#797)
  • Make securessystemslib.gpg internal (#792)

Fixed

  • Fix check-upstream-ed25519 workflow permission (#706)
  • SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794)
Commits
  • 1092ac6 Merge pull request #807 from lukpueh/release-1.0.0
  • fe34bac Update v1.0.0 entry in CHANGELOG
  • c682259 Release 1.0.0
  • 5789578 Merge pull request #800 from lukpueh/vault-signer
  • acae70a Add VaultSigner and tests
  • 66a56cb Merge pull request #804 from secure-systems-lab/dependabot/pip/dependencies-9...
  • c48a451 Merge pull request #803 from secure-systems-lab/dependabot/pip/test-and-lint-...
  • 557378e Merge pull request #806 from lukpueh/rm-stray-globals
  • 6975b81 Remove 3 stray global key type constants
  • 402c898 Merge pull request #802 from lukpueh/rm-stability-disclaimers
  • Additional commits viewable in compare view


Updates sigstore-rekor-types from 0.0.11 to 0.0.13

Release notes

Sourced from sigstore-rekor-types's releases.

v0.0.13

What's Changed

Full Changelog: https://github.com/trailofbits/sigstore-rekor-types/compare/v0.0.12...v0.0.13

v0.0.12

What's Changed

New Contributors

Full Changelog: https://github.com/trailofbits/sigstore-rekor-types/compare/v0.0.11...v0.0.12

Commits
  • cb51dc2 rekor_types: 0.0.13
  • 0bbbec8 bump rekor to 1.3.6 (#26)
  • 7637117 build(deps): bump actions/deploy-pages from 4.0.4 to 4.0.5 (#37)
  • 86ca37e build(deps-dev): update ruff requirement from <0.3.4 to <0.3.5 (#38)
  • a1fa8f3 build(deps-dev): update ruff requirement from <0.3.3 to <0.3.4 (#36)
  • 734dd39 build(deps-dev): update ruff requirement from <0.3.1 to <0.3.3 (#34)
  • dcd6305 build(deps): bump pypa/gh-action-pypi-publish from 1.8.12 to 1.8.14 (#35)
  • b5391b1 build(deps-dev): update ruff requirement from <0.2.3 to <0.3.1 (#32)
  • 8d5a1c2 build(deps): bump pypa/gh-action-pypi-publish from 1.8.11 to 1.8.12 (#33)
  • 2ef01cc build(deps-dev): update ruff requirement from <0.2.2 to <0.2.3 (#31)
  • Additional commits viewable in compare view


Updates tuf to 5.0.0

Release notes

Sourced from tuf's releases.

v5.0.0

This release, most notably, marks stable securesystemslib v1.0.0 as minimum requirement. The update causes a minor break in the new DSSE API (see below) and affects users who also directly depend on securesystemslib. See the securesystemslib release notes and the updated python-tuf examples (#2617) for details. ngclient API remains backwards-compatible.

Changed

  • DSSE API: change SimpleEnvelope.signatures type to dict, remove SimpleEnvelope.signatures_dict (#2617)
  • ngclient: support app-specific user-agents (#2612)
  • Various build, test and lint improvements

v4.0.0

This release is a small API change for Metadata API users (see below). ngclient API is compatible but optional DSSE support has been added.

Added

  • Added optional DSSE support to Metadata API and ngclient (#2436)

Changed

  • Metadata API: Improved verification functionality for repository users (#2551):
    • This is an API change for Metadata API users ( Root.get_verification_result() and Targets.get_verification_result() specifically)
    • Root.get_root_verification_result() has been added to handle the special case of root verification
  • Started using UTC datetimes instead of naive datetimes internally (#2573)
  • Constrain securesystemslib dependency to <0.32.0 in preparation for future securesystemslib API changes
  • Various build, test and lint improvements
Changelog

Sourced from tuf's changelog.

v5.0.0

This release, most notably, marks stable securesystemslib v1.0.0 as minimum requirement. The update causes a minor break in the new DSSE API (see below) and affects users who also directly depend on securesystemslib. See the securesystemslib release notes and the updated python-tuf examples (#2617) for details. ngclient API remains backwards-compatible.

Changed

  • DSSE API: change SimpleEnvelope.signatures type to dict, remove SimpleEnvelope.signatures_dict (#2617)
  • ngclient: support app-specific user-agents (#2612)
  • Various build, test and lint improvements

v4.0.0

This release is a small API change for Metadata API users (see below). ngclient API is compatible but optional DSSE support has been added.

Added

  • Added optional DSSE support to Metadata API and ngclient (#2436)

Changed

  • Metadata API: Improved verification functionality for repository users (#2551):
    • This is an API change for Metadata API users ( Root.get_verification_result() and Targets.get_verification_result() specifically)
    • Root.get_root_verification_result() has been added to handle the special case of root verification
  • Started using UTC datetimes instead of naive datetimes internally (#2573)
  • Constrain securesystemslib dependency to <0.32.0 in preparation for future securesystemslib API changes
  • Various build, test and lint improvements
Commits
  • 1b0c9f7 Merge pull request #2630 from lukpueh/release-v5
  • d3d2ac1 Update docs/CHANGELOG.md
  • bce5039 Rlease v5.0.0
  • c890b7e Merge pull request #2628 from theupdateframework/dependabot/pip/test-and-lint...
  • 6e24f4d Merge pull request #2629 from theupdateframework/dependabot/github_actions/ac...
  • 02464e9 build(deps): bump ossf/scorecard-action in the action-dependencies group
  • a5ba1a1 build(deps): bump ruff in the test-and-lint-dependencies group
  • 87e418c Merge pull request #2627 from jku/finish-ruff-integration
  • 419bfe3 linting: Enable all Ruff rulesets by default
  • d855d1c Merge pull request #2626 from theupdateframework/dependabot/pip/test-and-lint...
  • Additional commits viewable in compare view


Updates mypy from 1.9.0 to 1.10.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.10

We’ve just uploaded mypy 1.10 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support TypeIs (PEP 742)

Mypy now supports TypeIs (PEP 742), which allows functions to narrow the type of a value, similar to isinstance(). Unlike TypeGuard, TypeIs can narrow in both the if and else branches of an if statement:

from typing_extensions import TypeIs

def is_str(s: object) -> TypeIs[str]:
return isinstance(s, str)


def f(o: str | int) -> None:
if is_str(o):
# Type of o is 'str'
...
else:
# Type of o is 'int'
...

TypeIs will be added to the typing module in Python 3.13, but it can be used on earlier Python versions by importing it from typing_extensions.

This feature was contributed by Jelle Zijlstra (PR 16898).

Support TypeVar Defaults (PEP 696)

PEP 696 adds support for type parameter defaults. Example:

from typing import Generic
from typing_extensions import TypeVar

</tr></table>

... (truncated)

Commits
  • 3faf0fc Remove +dev for version for release 1.10
jku commented 2 months ago

see #330

dependabot[bot] commented 2 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.