chore(deps): bump tuf from 1.0.0 to 2.1.0 #36

dependabot · 2023-01-30T10:22:43Z

Bumps tuf from 1.0.0 to 2.1.0.

Release notes

v2.1.0

See CHANGELOG.md for details.

v2.0.0

See CHANGELOG.md for details.

v1.1.0

See CHANGELOG.md for details.

Changelog

v2.1.0

Added

repo: experimental repository module and example (#2193)

ngclient: expose default requests fetcher (#2277)

workflow: OpenSSF scorecard (#2190)

build: Python 3.11 support (#2157)

docs: security policy (#2098, #2178)

blog: signer API (#2276)

blog: security audit (#2155, #2156)

Changed

Metadata API: bump specification version 1.0.31 (#2119)

Metadata API: allow zero length metadata files (#2137)

Metadata API: add default value for MetaFile version (#2211)

Metadata API, ngclient: decrease logger verbosity (#2243)

ngclient: define API explicitly (#2233)

ngclient: improve example client output (#2194)

ngclient: support URLs without host part (#2075)

ngclient: update metaclass syntax (#2215)

ngclient: fail gracefully on missing role (#2197)

ngclient: improve type annotations in TrustedMetadataSet (#2250)

doc: misc improvements (2097, #2130, #2183, #2185, #2201, #2208, #2230, #2278)

build: misc improvements (#2090, #2091, #2122, #2187, #2188, #2217, #2252)

workflow: misc improvements (#2001, #2092, #2147, #2159, #2173)

v2.0.0

This release, most notably, adds support for TAP 15 - succinct hash bin delegation, which results in a few backwards-incompatible changes in the Metadata API.

NOTE: While TAP 15 has been accepted it is not yet part of the TUF specification. Therefore, adopters should be prepared for potential changes to the implementation in future and for a lack of support for TAP 15 in other TUF implementations.

Added

Metadata API: TAP 15 - succinct hash bin delegation (#2010, #2031, #2038, #2039)

build: CodeQL analysis action (#1932)

build: Dependency review action (#1974)

blog: ngclient design (#1914)

blog: tricky test cases (#1941, #2027)

Changed

Metadata API: BREAKING CHANGES in Root and Targets class (#2010)

Argument order changed in add_key() and remove_key()

remove_key() renamed to revoke_key()

Metadata API: Update supported spec version to 1.0.30 (#2035)

ngclient: Use trusted timestamp role if new timestamp has equal version (#2024)

docs: Misc improvements (#1983, #2002, #2004, #2041, #2051, #2064)

... (truncated)

Commits

daa41a9 Merge pull request #2280 from lukpueh/release-2.1.0
9811ac3 python-tuf 2.1.0
a6460c6 Merge pull request #2278 from fridex/pydocstyle-first-line-period-rebase
5d347b8 Fix pydocstyle D400: first line should end with a period
7f04a6e Merge pull request #2276 from jku/securesystemslib-blog
388768d Add new blog post about the signer API
e6a3e9e Merge pull request #2277 from jku/expose-default-fetcher
bfd7f20 Merge pull request #2275 from theupdateframework/dependabot/pip/coverage-7.1.0
889b218 Add comment explaining public status to the module itself
236bc9f docs: Tweak API docs to include RequestsFetcher
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [tuf](https://github.com/theupdateframework/python-tuf) from 1.0.0 to 2.1.0. - [Release notes](https://github.com/theupdateframework/python-tuf/releases) - [Changelog](https://github.com/theupdateframework/python-tuf/blob/develop/docs/CHANGELOG.md) - [Commits](theupdateframework/python-tuf@v1.0.0...v2.1.0) --- updated-dependencies: - dependency-name: tuf dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2023-05-10T11:02:13Z

Superseded by #61.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 30, 2023

dependabot bot closed this May 10, 2023

dependabot bot deleted the dependabot/pip/tuf-2.1.0 branch May 10, 2023 11:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump tuf from 1.0.0 to 2.1.0 #36

chore(deps): bump tuf from 1.0.0 to 2.1.0 #36

dependabot bot commented on behalf of github Jan 30, 2023

dependabot bot commented on behalf of github May 10, 2023

chore(deps): bump tuf from 1.0.0 to 2.1.0 #36

chore(deps): bump tuf from 1.0.0 to 2.1.0 #36

Conversation

dependabot bot commented on behalf of github Jan 30, 2023

v2.1.0

v2.0.0

v1.1.0

v2.1.0

Added

Changed

v2.0.0

Added

Changed

dependabot bot commented on behalf of github May 10, 2023