aiogithubapi
aiogithubapi copied to clipboard
ludeeus
Bump tuf from 2.1.0 to 3.1.1
Bumps tuf from 2.1.0 to 3.1.1.
Release notes
Sourced from tuf's releases.
v3.1.1
This is a security fix release to address advisory GHSA-77hh-43cm-v8j6. The issue does not affect
tuf.ngclientusers, but could affecttuf.api.metadatausers.Changed
- Added additional input validation to tuf.api.metadata.Targets.get_delegated_role()
v3.1.0
See CHANGELOG.md for details.
v3.0.0
See CHANGELOG.md for details.
Changelog
Sourced from tuf's changelog.
v3.1.1
This is a security fix release to address advisory GHSA-77hh-43cm-v8j6. The issue does not affect tuf.ngclient users, but could affect tuf.api.metadata users.
Changed
- Added additional input validation to
tuf.api.metadata.Targets.get_delegated_role()v3.1.0
Added
- Metadata API: move verify_delegate() to Root/Targets (#2378)
- verify_delegate() on Metadata is now deprecated
- Metadata API: add get_verification_result() as verbose alternative for verify_delegate() (#2481)
- Metadata API: add MetaFile.from_data() convenience factory (#2273)
Changed
- Metadata API: change Root.roles type hint to Dict (#2411)
- Various minor improvements in tests (#2447, #2491), docs (#2390, #2392, #2474) and build (#2389, #2453, #2479, #2488)
Removed
- build: Python 3.7 support (#2460)
v3.0.0
The notable change in this release is #2165: The tuf.api.metadata.Key class implementation was moved to Securesystemslib with minor API changes. These changes require no action in tuf.ngclient users but may require small changes in tuf.api.metadata using repository implementations that create keys.
As a result of these changes, both signing and verification are now fully extensible, see Securesystemslib signer API for details.
tuf.repository remains an unstable module in 3.0.0.
Added
- Build: Use pydocstyle to lint docstrings (#2283, #2281)
- Examples: Add Repository uploader/signer tool example (#2241)
- Metadata API: Add TargetFile.get_prefixed_paths() (#2166)
- ngclient: Export TargetFile (#2279)
- repository: Add strictly typed accessors and context managers (#2311)
- Release: Use PyPI Trusted Publishing https://docs.pypi.org/trusted-publishers/ (#2371)
... (truncated)
Commits
e8410e1Merge pull request #2557 from jku/series/3.1b59bf13Release 3.1.1fd438c8CI: Run lint on oldest supported Python version77cb66bMetadata API: Fix role lookup for succinct delegation929174ctests: Add test for Targets.get_delegated_role()f04dc71Merge pull request #2492 from lukpueh/release-3.1.0ed521c0Merge pull request #2490 from theupdateframework/dependabot/pip/mypy-1.6.0c0c21caRelease python-tuf 3.1.06fed68bMerge pull request #2491 from lukpueh/rm-obsolete-fixtures438518ftests: remove unused and obsolete test metadata- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.