Sviatoslav Sydorenko
820be4e5e3
Normalize pip-tools' header comment @ `runtime.txt`
...
It's currently not prefixed with `requirements/` in most places and
that what Dependabot keeps using.
2024-03-07 23:00:46 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
aec4e82833
Merge pull request #219 from SigureMo/re-generate-requirements
...
build(deps): bump `pkginfo` version to support `Metadata-version=2.3`
2024-03-06 19:16:52 +01:00
SigureMo
b065889f7f
revert other bumps
2024-03-06 19:20:47 +08:00
SigureMo
00a7cd17a2
re-gen on Linux and run command in requirements/
2024-03-06 01:59:27 +00:00
SigureMo
2972d54cda
bump pkginfo only
2024-03-05 18:16:00 +08:00
SigureMo
f6a1bcf881
Revert "build(deps): re-generate requirements to support `Metadata-version=2.3`"
...
This reverts commit e6ed2a4dfb
.
2024-03-05 18:07:49 +08:00
SigureMo
e6ed2a4dfb
build(deps): re-generate requirements to support `Metadata-version=2.3`
2024-03-05 12:56:14 +08:00
William Woodruff
e53eb8b103
Clarify the error during OIDC exchange on PRs from forks
...
This specializes the token retrieval error handling, providing an
alternative error message when the error cause is something
that we know can't possibly work due to GitHub's own restrictions
on PRs from forks.
PR #203
Closes #202
Ref https://github.com/python-pillow/Pillow/pull/7616
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-02-27 05:09:52 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
edfa8f355b
Merge pull request #216 from xuanzhi33/unstable/v1
...
Correct the trusted publishing note admonition markdown syntax in the README
2024-02-24 20:27:48 +01:00
xuanzhi33
aeff019ac8
docs(fix): Fix a markdown alert
2024-02-24 18:46:07 +08:00
Sviatoslav Sydorenko (Святослав Сидоренко)
24c5d5ca4a
Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42.0.4
...
build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
2024-02-22 02:26:27 +01:00
dependabot[bot]
c13b4aa8c5
build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 42.0.2 to 42.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/42.0.2...42.0.4 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-21 20:44:40 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)
72a79c870c
Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42.0.2
...
build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
2024-02-17 03:24:59 +01:00
dependabot[bot]
751e5b80a4
build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 42.0.0 to 42.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/42.0.0...42.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-17 00:58:14 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)
0580fcbb84
Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42.0.0
...
build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
2024-02-08 05:04:39 +01:00
dependabot[bot]
a524841e7b
build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.6 to 42.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-06 03:03:07 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)
3f824c73d9
Merge pull request #204 from pypa/pre-commit-ci-update-config
...
[pre-commit.ci] pre-commit autoupdate
2024-02-05 18:14:39 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
013c017b41
Revert flake8 to v4.0.1 for WPS
2024-02-05 18:13:32 +01:00
pre-commit-ci[bot]
a0620a4177
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/PyCQA/isort.git: 5.12.0 → 5.13.2](https://github.com/PyCQA/isort.git/compare/5.12.0...5.13.2 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.0 → 0.27.3](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.0...0.27.3 )
- [github.com/pre-commit/pre-commit-hooks.git: v4.4.0 → v4.5.0](https://github.com/pre-commit/pre-commit-hooks.git/compare/v4.4.0...v4.5.0 )
- [github.com/adrienverge/yamllint.git: v1.32.0 → v1.33.0](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.33.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0 )
- [github.com/PyCQA/pylint.git: v3.0.0 → v3.0.3](https://github.com/PyCQA/pylint.git/compare/v3.0.0...v3.0.3 )
2024-02-05 18:12:44 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
e82f99a47c
Merge pull request #186 from virtuald/virtuald-patch-1
...
Mention in the docs that reusable workflows aren't supported right now
2024-02-05 18:12:13 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
e080e0073c
Merge pull request #206 from trail-of-forks/ww/update-oidc-endpoint
...
This patch updates the PyPI API minting endpoint used uding the OIDC exchange process.
2024-02-05 17:59:15 +01:00
William Woodruff
cd96453c9d
oidc-exchange: update OIDC minting endpoint
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-01-10 16:05:30 -05:00
Dustin Spicuzza
415d7a6bec
Update README.md
...
Add suggested changes.
2023-12-20 15:11:12 +01:00
Dustin Spicuzza
dea1d707f3
Update oidc-exchange.py
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-12-20 15:11:12 +01:00
Dustin Spicuzza
a1a49954d3
Give more information to users
...
Reusable workflows don't work, and it's challenging to know that. Help the user out.
2023-12-20 15:11:12 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
c12cc61414
Merge pull request #196 from woodruffw-forks/ww/notice-to-debug
...
This replaces the use of `::notice` in each authentication case with `::debug`, reducing the user confusion caused by the these messages. It also simplifies the message in the Trusted Publishing case to make it less ambiguous.
Closes #192 .
2023-12-20 12:12:06 +01:00
William Woodruff
674fb78567
twine-upload: replace notice with debug, simplify msgs
2023-12-04 20:27:16 -05:00
Sviatoslav Sydorenko
2f6f737ca5
Merge commit PR #184 into unstable/v1
2023-11-29 03:25:52 +01:00
Sviatoslav Sydorenko
2fa448ab0c
Merge PRs #190 , #184 , #185 , #189 and #194 into unstable/v1
2023-11-29 03:23:56 +01:00
Sviatoslav Sydorenko
824ad31786
Revert flake8 to v4.0.1 for WPS
2023-11-29 03:23:18 +01:00
dependabot[bot]
41f3f53c75
Bump cryptography from 41.0.3 to 41.0.6 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.3 to 41.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.6 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-28 23:56:20 +00:00
William Woodruff
2319287e0a
twine-upload: ::error, switch nudge order
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-11-22 17:28:02 -05:00
William Woodruff
254a0d4ec4
twine-upload: add a nudge for password auth
...
Closes #187 .
2023-11-05 23:53:52 -05:00
dependabot[bot]
70a33caeb9
Bump pip from 22.3.1 to 23.3 in /requirements
...
Bumps [pip](https://github.com/pypa/pip ) from 22.3.1 to 23.3.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst )
- [Commits](https://github.com/pypa/pip/compare/22.3.1...23.3 )
---
updated-dependencies:
- dependency-name: pip
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-02 21:42:46 +00:00
dependabot[bot]
102f507b75
Bump urllib3 from 2.0.6 to 2.0.7 in /requirements
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.6 to 2.0.7.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-17 21:02:57 +00:00
Sviatoslav Sydorenko
79739dc2f2
Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6
...
Bump urllib3 from 2.0.3 to 2.0.6 in /requirements
2023-10-02 23:46:28 -04:00
pre-commit-ci[bot]
9a3f9ad5bc
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/asottile/add-trailing-comma.git: v3.0.0 → v3.1.0](https://github.com/asottile/add-trailing-comma.git/compare/v3.0.0...v3.1.0 )
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.1 → v1.5.4](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.1...v1.5.4 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.23.2 → 0.27.0](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.23.2...0.27.0 )
- [github.com/codespell-project/codespell: v2.2.5 → v2.2.6](https://github.com/codespell-project/codespell/compare/v2.2.5...v2.2.6 )
- [github.com/PyCQA/flake8.git: 6.0.0 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/6.0.0...6.1.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0 )
- [github.com/PyCQA/pylint.git: v3.0.0a6 → v3.0.0](https://github.com/PyCQA/pylint.git/compare/v3.0.0a6...v3.0.0 )
2023-10-03 00:40:18 +00:00
dependabot[bot]
75ca4c1f12
Bump urllib3 from 2.0.3 to 2.0.6 in /requirements
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.3 to 2.0.6.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.6 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 23:58:34 +00:00
Sviatoslav Sydorenko
a712d989cc
Make the vulnerability report URL direct
2023-09-11 16:40:56 +02:00
Sviatoslav Sydorenko
bbf06d8ae3
Migrate security doc from RST to Markdown
...
RST files are no longer correctly recognized by GitHub.
2023-09-11 16:38:50 +02:00
Sviatoslav Sydorenko
8cdc2ab67c
Merge pull request #179 from pypa/di-patch-1
2023-08-11 17:31:18 +02:00
Dustin Ingram
41c10ee223
Add link to configuration docs for Trusted Publishing
2023-08-11 11:23:40 -04:00
Sviatoslav Sydorenko
b7f401de30
Merge PR #177 into unstable/v1
2023-08-10 22:58:37 +02:00
William Woodruff
ba3ecc9355
oidc-exchange: fix padding
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-10 16:08:35 -04:00
Sviatoslav Sydorenko
ade57f54dc
Merge PRs #174 #175 and #172 into unstable/v1
2023-08-10 18:57:00 +02:00
William Woodruff
637917e5f2
README: re-add "pro tip" language
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 18:01:51 -04:00
William Woodruff
4864f13c38
README: use semantic callouts
...
See: https://github.com/orgs/community/discussions/16925
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 17:58:56 -04:00
William Woodruff
326f9ad1e1
oidc-exchange: add-trailing-comma
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:17:18 -04:00
William Woodruff
e5f0690e91
oidc-exchange: ignore a nested function
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:12:44 -04:00
William Woodruff
8bdd0cc2a0
oidc-exchange: lintage
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:10:56 -04:00