Sviatoslav Sydorenko (Святослав Сидоренко)
e080e0073c
Merge pull request #206 from trail-of-forks/ww/update-oidc-endpoint
...
This patch updates the PyPI API minting endpoint used uding the OIDC exchange process.
2024-02-05 17:59:15 +01:00
William Woodruff
cd96453c9d
oidc-exchange: update OIDC minting endpoint
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-01-10 16:05:30 -05:00
Dustin Spicuzza
415d7a6bec
Update README.md
...
Add suggested changes.
2023-12-20 15:11:12 +01:00
Dustin Spicuzza
dea1d707f3
Update oidc-exchange.py
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-12-20 15:11:12 +01:00
Dustin Spicuzza
a1a49954d3
Give more information to users
...
Reusable workflows don't work, and it's challenging to know that. Help the user out.
2023-12-20 15:11:12 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
c12cc61414
Merge pull request #196 from woodruffw-forks/ww/notice-to-debug
...
This replaces the use of `::notice` in each authentication case with `::debug`, reducing the user confusion caused by the these messages. It also simplifies the message in the Trusted Publishing case to make it less ambiguous.
Closes #192 .
2023-12-20 12:12:06 +01:00
William Woodruff
674fb78567
twine-upload: replace notice with debug, simplify msgs
2023-12-04 20:27:16 -05:00
Sviatoslav Sydorenko
2f6f737ca5
Merge commit PR #184 into unstable/v1
2023-11-29 03:25:52 +01:00
Sviatoslav Sydorenko
2fa448ab0c
Merge PRs #190 , #184 , #185 , #189 and #194 into unstable/v1
2023-11-29 03:23:56 +01:00
Sviatoslav Sydorenko
824ad31786
Revert flake8 to v4.0.1 for WPS
2023-11-29 03:23:18 +01:00
dependabot[bot]
41f3f53c75
Bump cryptography from 41.0.3 to 41.0.6 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.3 to 41.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.6 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-28 23:56:20 +00:00
William Woodruff
2319287e0a
twine-upload: ::error, switch nudge order
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-11-22 17:28:02 -05:00
William Woodruff
254a0d4ec4
twine-upload: add a nudge for password auth
...
Closes #187 .
2023-11-05 23:53:52 -05:00
dependabot[bot]
70a33caeb9
Bump pip from 22.3.1 to 23.3 in /requirements
...
Bumps [pip](https://github.com/pypa/pip ) from 22.3.1 to 23.3.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst )
- [Commits](https://github.com/pypa/pip/compare/22.3.1...23.3 )
---
updated-dependencies:
- dependency-name: pip
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-02 21:42:46 +00:00
dependabot[bot]
102f507b75
Bump urllib3 from 2.0.6 to 2.0.7 in /requirements
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.6 to 2.0.7.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-17 21:02:57 +00:00
Sviatoslav Sydorenko
79739dc2f2
Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6
...
Bump urllib3 from 2.0.3 to 2.0.6 in /requirements
2023-10-02 23:46:28 -04:00
pre-commit-ci[bot]
9a3f9ad5bc
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/asottile/add-trailing-comma.git: v3.0.0 → v3.1.0](https://github.com/asottile/add-trailing-comma.git/compare/v3.0.0...v3.1.0 )
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.1 → v1.5.4](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.1...v1.5.4 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.23.2 → 0.27.0](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.23.2...0.27.0 )
- [github.com/codespell-project/codespell: v2.2.5 → v2.2.6](https://github.com/codespell-project/codespell/compare/v2.2.5...v2.2.6 )
- [github.com/PyCQA/flake8.git: 6.0.0 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/6.0.0...6.1.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0 )
- [github.com/PyCQA/pylint.git: v3.0.0a6 → v3.0.0](https://github.com/PyCQA/pylint.git/compare/v3.0.0a6...v3.0.0 )
2023-10-03 00:40:18 +00:00
dependabot[bot]
75ca4c1f12
Bump urllib3 from 2.0.3 to 2.0.6 in /requirements
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.3 to 2.0.6.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.6 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 23:58:34 +00:00
Sviatoslav Sydorenko
a712d989cc
Make the vulnerability report URL direct
2023-09-11 16:40:56 +02:00
Sviatoslav Sydorenko
bbf06d8ae3
Migrate security doc from RST to Markdown
...
RST files are no longer correctly recognized by GitHub.
2023-09-11 16:38:50 +02:00
Sviatoslav Sydorenko
8cdc2ab67c
Merge pull request #179 from pypa/di-patch-1
2023-08-11 17:31:18 +02:00
Dustin Ingram
41c10ee223
Add link to configuration docs for Trusted Publishing
2023-08-11 11:23:40 -04:00
Sviatoslav Sydorenko
b7f401de30
Merge PR #177 into unstable/v1
2023-08-10 22:58:37 +02:00
William Woodruff
ba3ecc9355
oidc-exchange: fix padding
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-10 16:08:35 -04:00
Sviatoslav Sydorenko
ade57f54dc
Merge PRs #174 #175 and #172 into unstable/v1
2023-08-10 18:57:00 +02:00
William Woodruff
637917e5f2
README: re-add "pro tip" language
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 18:01:51 -04:00
William Woodruff
4864f13c38
README: use semantic callouts
...
See: https://github.com/orgs/community/discussions/16925
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 17:58:56 -04:00
William Woodruff
326f9ad1e1
oidc-exchange: add-trailing-comma
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:17:18 -04:00
William Woodruff
e5f0690e91
oidc-exchange: ignore a nested function
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:12:44 -04:00
William Woodruff
8bdd0cc2a0
oidc-exchange: lintage
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:10:56 -04:00
William Woodruff
71a0032909
oidc-exchange: render claims if exchange fails
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:08:47 -04:00
dependabot[bot]
adef75a5a6
Bump cryptography from 41.0.2 to 41.0.3 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.2 to 41.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-02 02:15:59 +00:00
Sviatoslav Sydorenko
413a8d5d62
Merge pull request #171 from pypa/dependabot/pip/requirements/certifi-2023.7.22
...
Bump certifi from 2023.5.7 to 2023.7.22 in /requirements
2023-07-26 11:43:53 +02:00
dependabot[bot]
c185b8ee4e
Bump certifi from 2023.5.7 to 2023.7.22 in /requirements
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2023.5.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-25 23:36:57 +00:00
Sviatoslav Sydorenko
2a939dd49b
🎨 📝 Link SHA pinning encouragement @ README
...
This article [[1]] describes security flows of using branches and
tags as an end-user. The commit is intended to educate them but not
force doing so if they don't want to.
[1]: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
2023-07-13 16:44:47 +02:00
Sviatoslav Sydorenko
f8c70e705f
Merge pull request #168 from pquentin/bump-dependencies
2023-07-12 02:46:40 +02:00
Sviatoslav Sydorenko
68276eb3e4
Merge pull request #167 from trail-of-forks/tob-nudge
2023-07-12 02:43:50 +02:00
Quentin Pradet
a5d57af63c
Bump runtime dependencies
2023-07-11 09:31:13 +04:00
William Woodruff
e90e853e89
twine-upload: only nudge on PyPI-looking domains
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-07-10 12:11:56 -04:00
William Woodruff
be695966b0
twine-upload: add a nudge for trusted publishing
...
Closes #164 .
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-07-10 11:44:56 -04:00
Sviatoslav Sydorenko
54d67ed3c5
Merge pull request #165 from pypa/pre-commit-ci-update-config
2023-07-09 14:55:23 +02:00
Sviatoslav Sydorenko
d32e2fab32
Revert flake8 to v4.0.1
2023-07-09 14:53:38 +02:00
pre-commit-ci[bot]
a8d92e9876
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/asottile/add-trailing-comma.git: v2.4.0 → v3.0.0](https://github.com/asottile/add-trailing-comma.git/compare/v2.4.0...v3.0.0 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.22.0 → 0.23.2](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.22.0...0.23.2 )
- [github.com/codespell-project/codespell: v2.2.4 → v2.2.5](https://github.com/codespell-project/codespell/compare/v2.2.4...v2.2.5 )
- [github.com/adrienverge/yamllint.git: v1.30.0 → v1.32.0](https://github.com/adrienverge/yamllint.git/compare/v1.30.0...v1.32.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.0.0 )
2023-07-03 22:49:42 +00:00
Sviatoslav Sydorenko
f5622bde02
Merge PRs #159 and #160 into unstable/v1
2023-06-26 18:18:24 +02:00
Sviatoslav Sydorenko
3be882c473
Merge pull request #161 from jaap3/jaap3-patch-1
...
This patch remove extraneous trailing `}` from the annotation note.
2023-06-08 16:22:18 +02:00
Jaap Roes
775be49481
Remove extraneous }
2023-06-08 14:56:32 +02:00
dependabot[bot]
5684530096
Bump cryptography from 39.0.1 to 41.0.0 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 39.0.1 to 41.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/39.0.1...41.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-02 20:16:33 +00:00
Hugo van Kemenade
135d0d5353
Ignore pip's root user warning
2023-05-29 13:42:14 +03:00
Sviatoslav Sydorenko
110f54a387
Merge pull request #157 from pypa/dependabot/pip/requirements/requests-2.31.0
...
Bump requests from 2.28.1 to 2.31.0 in /requirements
2023-05-23 07:41:59 +02:00
dependabot[bot]
c803c91ef0
Bump requests from 2.28.1 to 2.31.0 in /requirements
...
Bumps [requests](https://github.com/psf/requests ) from 2.28.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases )
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md )
- [Commits](https://github.com/psf/requests/compare/v2.28.1...v2.31.0 )
---
updated-dependencies:
- dependency-name: requests
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-23 05:16:54 +00:00