David Lord
560c119e3d
add zizmor to scan workflows
2026-03-08 16:05:00 -07:00
David Lord
64dd0809c2
update dev dependencies
2026-01-24 17:14:20 -08:00
David Lord
97bddc1f61
update dev dependencies
2026-01-05 08:50:52 -08:00
David Lord
da6d075dfd
update dev dependencies
2025-11-17 09:43:40 -08:00
Grant Birkinbine
4dd52ca9c7
Update GitHub Actions workflow for artifact handling
2025-08-19 13:50:03 -07:00
David Lord
55c6255657
update dev dependencies
2025-08-19 13:41:24 -07:00
David Lord
f04c5e6964
update dev dependencies
2025-06-08 09:52:11 -07:00
David Lord
adeea00707
remove slsa provenance
...
PyPI trusted publishing has its own attestation support now.
2025-06-08 09:43:05 -07:00
David Lord
0109e496f6
use uv
2025-05-11 17:58:53 -07:00
David Lord
165af0a090
update dev dependencies
2025-03-29 14:44:59 -07:00
David Lord
70602a196a
remove test pypi
2024-11-13 09:23:24 -08:00
David Lord
6748a09341
update dev dependencies
2024-11-13 08:48:10 -08:00
David Lord
39e7208366
update dev dependencies
2024-10-31 13:08:52 -07:00
David Lord
8f2bc008ad
update dev dependencies
2024-10-24 13:27:52 -07:00
David Lord
b337d21058
update dev dependencies
2024-10-18 10:02:35 -07:00
David Lord
29a94bd102
update dev dependencies
2024-08-23 16:33:27 -07:00
David Lord
87d5f5b9a9
update project files ( #5457 )
...
* update pre-commit hook
* upgrade pip with venv
* update description and version
* show url in publish environment
* update versions
* update versions, separate typing job
* use dependabot grouped updates
ignore upload/download-artifact until slsa updates
* use sphinx.ext.extlinks instead of sphinx-issues
* update dev dependencies
* update editorconfig
* update gitignore
* update .readthedocs.yaml
* license is txt, readme is md
* update pyproject.toml
add typed classifier
add pyright config
simplify urls
* tox builds docs in place
* update min test py version
* add tox env to update all dev dependencies
* update issue and pr templates
* rename security docs page to not conflict with org policy file
* simplify matrix
2024-04-07 10:24:40 -07:00
David Lord
5fcc999b7d
fix create release action
2024-01-18 11:57:22 -08:00
David Lord
da3a0ddfe2
fix slsa generator version
2024-01-18 11:53:19 -08:00
David Lord
5e059be1b3
update actions versions
2024-01-18 11:41:38 -08:00
David Lord
59fd6aa104
use pip-compile instead of pip-compile-multi
2023-11-15 12:44:20 -08:00
David Lord
8037487165
Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10 ( #5248 )
2023-09-05 14:02:38 -07:00
David Lord
e8076d9114
Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0 ( #5247 )
2023-09-05 14:02:28 -07:00
dependabot[bot]
24c6508d39
Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.8 to 1.8.10.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f8c70e705f...b7f401de30
2023-09-01 16:30:35 +00:00
dependabot[bot]
98cef9fcca
Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.7.0 to 1.9.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.9.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-01 16:30:31 +00:00
dependabot[bot]
0c97a411b4
Bump actions/checkout from 3.5.3 to 3.6.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
2023-09-01 16:30:27 +00:00
David Lord
b1385919be
Bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8 ( #5213 )
2023-08-01 09:59:06 -07:00
dependabot[bot]
dcc86ebfce
Bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.7 to 1.8.8.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f5622bde02...f8c70e705f
2023-08-01 16:56:22 +00:00
dependabot[bot]
180ff8853c
Bump actions/setup-python from 4.6.1 to 4.7.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](bd6b4b6205...61a6322f88
2023-08-01 16:56:18 +00:00
David Lord
cb825687a5
Bump actions/checkout from 3.5.2 to 3.5.3 ( #5186 )
2023-07-01 09:24:20 -07:00
David Lord
51bf0fdd90
Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 ( #5185 )
2023-07-01 09:24:11 -07:00
dependabot[bot]
1ce4d95de9
Bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-07-01 16:16:28 +00:00
dependabot[bot]
1fb188636e
Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-01 16:16:25 +00:00
dependabot[bot]
47a89da558
Bump pypa/gh-action-pypi-publish from 1.8.6 to 1.8.7
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.6 to 1.8.7.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](a56da0b891...f5622bde02
2023-07-01 16:16:19 +00:00
David Lord
a3e4013f89
Bump actions/setup-python from 4.6.0 to 4.6.1 ( #5150 )
2023-06-01 11:49:16 -07:00
David Lord
fb20cbbf1e
Bump pypa/gh-action-pypi-publish from 1.8.5 to 1.8.6 ( #5149 )
2023-06-01 11:47:53 -07:00
dependabot[bot]
18e703bc93
Bump actions/setup-python from 4.6.0 to 4.6.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](57ded4d7d5...bd6b4b6205
2023-06-01 16:56:50 +00:00
dependabot[bot]
fc74a114b3
Bump pypa/gh-action-pypi-publish from 1.8.5 to 1.8.6
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.5 to 1.8.6.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](0bf742be3e...a56da0b891
2023-06-01 16:56:46 +00:00
dependabot[bot]
40f31c3078
Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 16:56:43 +00:00
David Lord
d0bf462866
Merge branch '2.3.x'
2023-05-09 12:38:00 -07:00
David Lord
4911012cf4
update workflows
...
update publish parameter names
remove pip update
2023-05-09 12:37:33 -07:00
David Lord
7b31099252
Merge pull request #5106 from pallets/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.5
...
Bump pypa/gh-action-pypi-publish from 1.8.4 to 1.8.5
2023-05-01 10:22:01 -07:00
dependabot[bot]
dcd25d8f07
Bump actions/checkout from 3.5.0 to 3.5.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8f4b7f8486...8e5e7e5ab8
2023-05-01 17:18:16 +00:00
dependabot[bot]
ec8ca69195
Bump pypa/gh-action-pypi-publish from 1.8.4 to 1.8.5
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.4 to 1.8.5.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](29930c9cf5...0bf742be3e
2023-05-01 16:57:14 +00:00
dependabot[bot]
b7b753b96c
Bump actions/setup-python from 4.5.0 to 4.6.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](d27e3f3d7c...57ded4d7d5
2023-05-01 16:57:10 +00:00
David Lord
f7d9956c0f
use oidc instead of token
2023-04-13 08:18:14 -07:00
David Lord
a361ef6368
Merge pull request #5038 from pallets/dependabot/github_actions/pypa/gh-action-pypi-publish-1.8.4
...
Bump pypa/gh-action-pypi-publish from 1.6.4 to 1.8.4
2023-04-03 06:19:09 -07:00
dependabot[bot]
6a6c83789f
Bump actions/checkout from 3.3.0 to 3.5.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...8f4b7f8486
2023-04-01 16:57:06 +00:00
dependabot[bot]
29676a273a
Bump pypa/gh-action-pypi-publish from 1.6.4 to 1.8.4
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.6.4 to 1.8.4.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](c7f29f7ade...29930c9cf5
2023-04-01 16:57:01 +00:00
dependabot[bot]
3cdcc729a7
Bump slsa-framework/slsa-github-generator from 1.4.0 to 1.5.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-01 16:57:31 +00:00
