54 commits

Author	SHA1	Message	Date
🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко)	e1dad8a51d	Merge pull request #332 from webknjaz/maintenance/runtime-pip-bump	2025-01-24 05:06:02 +01:00
Sviatoslav Sydorenko	8d4bfa7930	📦 Stop relying on pip-with-requires-python	2025-01-24 05:03:07 +01:00
Sviatoslav Sydorenko	eb1f8af093	📌 Bump main runtime to Python 3.13 🐍	2025-01-24 04:58:31 +01:00
Sviatoslav Sydorenko	72de13b11d	📌 Mass-upgrade transitive dependency pins	2025-01-24 03:41:37 +01:00
Sviatoslav Sydorenko	29f40bd9f9	📦 Enable metadata 2.4 support in Twine ... Ref: https://github.com/pypa/twine/pull/1180	2025-01-24 03:37:24 +01:00
Sviatoslav Sydorenko	10df67dae0	📦 Enable support for PEP 639 metadata ... This is achieved by upgrading Twine to v6.1.0. Prior to this version, Twine was unable to pick up and publish licensing information declared in the new `License-Expression` core packaging metadata [[1]] [[2]]. And now it does that. Resolves #325. [1]: https://packaging.python.org/en/latest/specifications/core-metadata/#license-expression [2]: https://peps.python.org/pep-0639/#spdx	2025-01-24 03:37:24 +01:00
Sviatoslav Sydorenko	67339c736f	📦 Only keep lower bounds @ input requirements ... This concerns both direct (`twine`) and indirect (`pkginfo`) deps, provided there's no broken versions to exclude.	2024-12-09 15:07:39 +01:00
Sviatoslav Sydorenko	a536fa9505	📌📦 Include jeepney & secretstorage pins ... It appears these have been missed when updating `cryptography`. This is probably dependabot's fault.	2024-12-07 02:25:27 +01:00
Sviatoslav Sydorenko	43caae4bb1	💅📦 Split transitive dep constraints ... This is a structural change allowing for better placement of direct dependencies and limiting the transitive ones.	2024-12-07 02:24:42 +01:00
William Woodruff	138a1215a3	📌📦 Pin pkginfo to v1.12 @ runtime deps ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-12-06 19:35:56 +01:00
William Woodruff	0e10725395	requirements: bump twine to ~= 6.0 ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-12-01 12:05:46 -05:00
William Woodruff	fe8d1484ba	requirements: bump pypi-attestations to 0.0.15 ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-11-06 17:53:10 -05:00
William Woodruff	335e8b00ae	bump sigstore==3.5.1 ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-10-28 14:29:41 -04:00
William Woodruff	1545e96dcb	requirements: bump sigstore, pypi-attestations ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-10-22 12:40:04 -04:00
William Woodruff	ce32325c61	requirements: bump pypi-attestations to 0.0.12 ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-09-19 18:14:50 +02:00
Facundo Tuesca	36978192ca	Add nudge message with magic link to create new Trusted Publisher ... PR #250 Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>	2024-09-05 17:25:58 +02:00
William Woodruff	8a08d61689	Expose PEP 740 attestations functionality ... PR #236 This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`. Ref: https://github.com/pypi/warehouse/issues/15871	2024-09-01 02:50:29 +02:00
William Woodruff	4d020ff0a9	requirements: re-compile requirements with latest twine ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-06-24 16:49:50 -04:00
dependabot[bot]	a54b9b8952	--- ... updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2024-05-21 05:26:31 +00:00
Sviatoslav Sydorenko	699cd6103f	⇪📦 Bump the runtime dep lockfile	2024-05-16 17:50:20 +02:00
dependabot[bot]	576aae3934	build(deps): bump idna from 3.6 to 3.7 in /requirements ... Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7) --- updated-dependencies: - dependency-name: idna dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-12 04:51:56 +00:00
Sviatoslav Sydorenko	81e9d935c8	Bump pip to v24.0 in runtime prerequisites lock	2024-03-08 00:20:54 +01:00
Sviatoslav Sydorenko	91527c4583	Regenerate lockfiles with pip-tools v7.4.1	2024-03-08 00:19:54 +01:00
Sviatoslav Sydorenko	3a817c6dce	Bump action runtime to CPython 3.12	2024-03-08 00:15:38 +01:00
Sviatoslav Sydorenko	d7af439579	Mass-bump transitive dependencies of runtime	2024-03-07 23:08:31 +01:00
Sviatoslav Sydorenko	e90ddca975	Bump readme-renderer to v43.0	2024-03-07 23:07:33 +01:00
Sviatoslav Sydorenko	dae7fa3e8d	Bump Twine to v5.0.0	2024-03-07 23:05:40 +01:00
Sviatoslav Sydorenko	0fe04ae7d9	Bump id to v1.3.0	2024-03-07 23:04:40 +01:00
Sviatoslav Sydorenko	444e17980b	Bump cryptography to v42.0.5	2024-03-07 23:02:36 +01:00
Sviatoslav Sydorenko	820be4e5e3	Normalize pip-tools' header comment @ runtime.txt ... It's currently not prefixed with `requirements/` in most places and that what Dependabot keeps using.	2024-03-07 23:00:46 +01:00
SigureMo	b065889f7f	revert other bumps	2024-03-06 19:20:47 +08:00
SigureMo	00a7cd17a2	re-gen on Linux and run command in requirements/	2024-03-06 01:59:27 +00:00
SigureMo	2972d54cda	bump pkginfo only	2024-03-05 18:16:00 +08:00
SigureMo	f6a1bcf881	Revert "build(deps): re-generate requirements to support Metadata-version=2.3" ... This reverts commit e6ed2a4dfb.	2024-03-05 18:07:49 +08:00
SigureMo	e6ed2a4dfb	build(deps): re-generate requirements to support Metadata-version=2.3	2024-03-05 12:56:14 +08:00
dependabot[bot]	c13b4aa8c5	build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements ... Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.2 to 42.0.4. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/42.0.2...42.0.4) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-02-21 20:44:40 +00:00
dependabot[bot]	751e5b80a4	build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements ... Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.0 to 42.0.2. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/42.0.0...42.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-02-17 00:58:14 +00:00
dependabot[bot]	a524841e7b	build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements ... Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.6 to 42.0.0. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-02-06 03:03:07 +00:00
Sviatoslav Sydorenko	2fa448ab0c	Merge PRs #190, #184, #185, #189 and #194 into unstable/v1	2023-11-29 03:23:56 +01:00
dependabot[bot]	41f3f53c75	Bump cryptography from 41.0.3 to 41.0.6 in /requirements ... Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-11-28 23:56:20 +00:00
dependabot[bot]	70a33caeb9	Bump pip from 22.3.1 to 23.3 in /requirements ... Bumps [pip](https://github.com/pypa/pip) from 22.3.1 to 23.3. - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/pip/compare/22.3.1...23.3) --- updated-dependencies: - dependency-name: pip dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-11-02 21:42:46 +00:00
dependabot[bot]	102f507b75	Bump urllib3 from 2.0.6 to 2.0.7 in /requirements ... Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-17 21:02:57 +00:00
dependabot[bot]	75ca4c1f12	Bump urllib3 from 2.0.3 to 2.0.6 in /requirements ... Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.3 to 2.0.6. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.6) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-10-02 23:58:34 +00:00
dependabot[bot]	adef75a5a6	Bump cryptography from 41.0.2 to 41.0.3 in /requirements ... Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.2 to 41.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-08-02 02:15:59 +00:00
dependabot[bot]	c185b8ee4e	Bump certifi from 2023.5.7 to 2023.7.22 in /requirements ... Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.5.7 to 2023.7.22. - [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-25 23:36:57 +00:00
Quentin Pradet	a5d57af63c	Bump runtime dependencies	2023-07-11 09:31:13 +04:00
dependabot[bot]	5684530096	Bump cryptography from 39.0.1 to 41.0.0 in /requirements ... Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 41.0.0. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/39.0.1...41.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-06-02 20:16:33 +00:00
dependabot[bot]	c803c91ef0	Bump requests from 2.28.1 to 2.31.0 in /requirements ... Bumps [requests](https://github.com/psf/requests) from 2.28.1 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.28.1...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-23 05:16:54 +00:00
William Woodruff	2b46bad8cb	OIDC beta support ... Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>	2023-03-15 17:08:09 -04:00
dependabot[bot]	6a2da9bc3b	Bump cryptography from 38.0.4 to 39.0.1 in /requirements ... Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.4 to 39.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/38.0.4...39.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-08 04:41:02 +00:00