diff --git a/.github/workflows/lock.yaml b/.github/workflows/lock.yaml index 1677663f..22228a1c 100644 --- a/.github/workflows/lock.yaml +++ b/.github/workflows/lock.yaml @@ -16,7 +16,7 @@ jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@7de207be1d3ce97a9abe6ff1306222982d1ca9f9 # v5.0.1 + - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1 with: issue-inactive-days: 14 pr-inactive-days: 14 diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 0d5e126f..b1b29ec1 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -9,8 +9,8 @@ jobs: outputs: hash: ${{ steps.hash.outputs.hash }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: '3.x' cache: pip @@ -23,7 +23,7 @@ jobs: - name: generate hash id: hash run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: path: ./dist provenance: @@ -33,7 +33,7 @@ jobs: id-token: write contents: write # Can't pin with hash due to how this workflow works. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: base64-subjects: ${{ needs.build.outputs.hash }} create-release: @@ -44,7 +44,7 @@ jobs: permissions: contents: write steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - name: create release run: > gh release create --draft --repo ${{ github.repository }} @@ -63,11 +63,11 @@ jobs: permissions: id-token: write steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - - uses: pypa/gh-action-pypi-publish@68e62d4871ad9d14a9d55f114e6ac71f0b408ec0 # v1.8.14 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + - uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0 with: repository-url: https://test.pypi.org/legacy/ packages-dir: artifact/ - - uses: pypa/gh-action-pypi-publish@68e62d4871ad9d14a9d55f114e6ac71f0b408ec0 # v1.8.14 + - uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0 with: packages-dir: artifact/ diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 4df4a546..8e3e553e 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -33,8 +33,8 @@ jobs: - {name: Minimum Versions, python: '3.12', tox: py-min} - {name: Development Versions, python: '3.8', tox: py-dev} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: ${{ matrix.python }} allow-prereleases: true @@ -45,8 +45,8 @@ jobs: typing: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: '3.x' cache: pip diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 82891617..5bee1ca4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,7 +2,7 @@ ci: autoupdate_schedule: monthly repos: - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.3.5 + rev: v0.6.2 hooks: - id: ruff - id: ruff-format diff --git a/requirements/build.txt b/requirements/build.txt index 9ecc4895..4b289ca7 100644 --- a/requirements/build.txt +++ b/requirements/build.txt @@ -6,7 +6,7 @@ # build==1.2.1 # via -r build.in -packaging==24.0 +packaging==24.1 # via build -pyproject-hooks==1.0.0 +pyproject-hooks==1.1.0 # via build diff --git a/requirements/dev.txt b/requirements/dev.txt index 05b8758c..cb7a407c 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -4,7 +4,7 @@ # # pip-compile dev.in # -alabaster==0.7.16 +alabaster==1.0.0 # via # -r docs.txt # sphinx @@ -12,17 +12,17 @@ asgiref==3.8.1 # via # -r tests.txt # -r typing.txt -babel==2.14.0 +babel==2.16.0 # via # -r docs.txt # sphinx -cachetools==5.3.3 +cachetools==5.5.0 # via tox -certifi==2024.2.2 +certifi==2024.7.4 # via # -r docs.txt # requests -cffi==1.16.0 +cffi==1.17.0 # via # -r typing.txt # cryptography @@ -36,22 +36,22 @@ charset-normalizer==3.3.2 # requests colorama==0.4.6 # via tox -cryptography==42.0.5 +cryptography==43.0.0 # via -r typing.txt distlib==0.3.8 # via virtualenv -docutils==0.20.1 +docutils==0.21.2 # via # -r docs.txt # sphinx # sphinx-tabs -filelock==3.13.3 +filelock==3.15.4 # via # tox # virtualenv -identify==2.5.35 +identify==2.6.0 # via pre-commit -idna==3.6 +idna==3.8 # via # -r docs.txt # requests @@ -64,7 +64,7 @@ iniconfig==2.0.0 # -r tests.txt # -r typing.txt # pytest -jinja2==3.1.3 +jinja2==3.1.4 # via # -r docs.txt # sphinx @@ -72,18 +72,18 @@ markupsafe==2.1.5 # via # -r docs.txt # jinja2 -mypy==1.9.0 +mypy==1.11.1 # via -r typing.txt mypy-extensions==1.0.0 # via # -r typing.txt # mypy -nodeenv==1.8.0 +nodeenv==1.9.1 # via # -r typing.txt # pre-commit # pyright -packaging==24.0 +packaging==24.1 # via # -r docs.txt # -r tests.txt @@ -93,34 +93,34 @@ packaging==24.0 # pytest # sphinx # tox -pallets-sphinx-themes==2.1.1 +pallets-sphinx-themes==2.1.3 # via -r docs.txt -platformdirs==4.2.0 +platformdirs==4.2.2 # via # tox # virtualenv -pluggy==1.4.0 +pluggy==1.5.0 # via # -r tests.txt # -r typing.txt # pytest # tox -pre-commit==3.7.0 +pre-commit==3.8.0 # via -r dev.in pycparser==2.22 # via # -r typing.txt # cffi -pygments==2.17.2 +pygments==2.18.0 # via # -r docs.txt # sphinx # sphinx-tabs -pyproject-api==1.6.1 +pyproject-api==1.7.1 # via tox -pyright==1.1.357 +pyright==1.1.377 # via -r typing.txt -pytest==8.1.1 +pytest==8.3.2 # via # -r tests.txt # -r typing.txt @@ -128,9 +128,9 @@ python-dotenv==1.0.1 # via # -r tests.txt # -r typing.txt -pyyaml==6.0.1 +pyyaml==6.0.2 # via pre-commit -requests==2.31.0 +requests==2.32.3 # via # -r docs.txt # sphinx @@ -138,7 +138,7 @@ snowballstemmer==2.2.0 # via # -r docs.txt # sphinx -sphinx==7.2.6 +sphinx==8.0.2 # via # -r docs.txt # pallets-sphinx-themes @@ -146,15 +146,15 @@ sphinx==7.2.6 # sphinxcontrib-log-cabinet sphinx-tabs==3.4.5 # via -r docs.txt -sphinxcontrib-applehelp==1.0.8 +sphinxcontrib-applehelp==2.0.0 # via # -r docs.txt # sphinx -sphinxcontrib-devhelp==1.0.6 +sphinxcontrib-devhelp==2.0.0 # via # -r docs.txt # sphinx -sphinxcontrib-htmlhelp==2.0.5 +sphinxcontrib-htmlhelp==2.1.0 # via # -r docs.txt # sphinx @@ -164,32 +164,29 @@ sphinxcontrib-jsmath==1.0.1 # sphinx sphinxcontrib-log-cabinet==1.0.1 # via -r docs.txt -sphinxcontrib-qthelp==1.0.7 +sphinxcontrib-qthelp==2.0.0 # via # -r docs.txt # sphinx -sphinxcontrib-serializinghtml==1.1.10 +sphinxcontrib-serializinghtml==2.0.0 # via # -r docs.txt # sphinx -tox==4.14.2 +tox==4.18.0 # via -r dev.in types-contextvars==2.4.7.3 # via -r typing.txt types-dataclasses==0.6.6 # via -r typing.txt -typing-extensions==4.11.0 +typing-extensions==4.12.2 # via # -r typing.txt # mypy -urllib3==2.2.1 +urllib3==2.2.2 # via # -r docs.txt # requests -virtualenv==20.25.1 +virtualenv==20.26.3 # via # pre-commit # tox - -# The following packages are considered to be unsafe in a requirements file: -# setuptools diff --git a/requirements/docs.txt b/requirements/docs.txt index 09752974..651e9b2d 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -4,41 +4,41 @@ # # pip-compile docs.in # -alabaster==0.7.16 +alabaster==1.0.0 # via sphinx -babel==2.14.0 +babel==2.16.0 # via sphinx -certifi==2024.2.2 +certifi==2024.7.4 # via requests charset-normalizer==3.3.2 # via requests -docutils==0.20.1 +docutils==0.21.2 # via # sphinx # sphinx-tabs -idna==3.6 +idna==3.8 # via requests imagesize==1.4.1 # via sphinx -jinja2==3.1.3 +jinja2==3.1.4 # via sphinx markupsafe==2.1.5 # via jinja2 -packaging==24.0 +packaging==24.1 # via # pallets-sphinx-themes # sphinx -pallets-sphinx-themes==2.1.1 +pallets-sphinx-themes==2.1.3 # via -r docs.in -pygments==2.17.2 +pygments==2.18.0 # via # sphinx # sphinx-tabs -requests==2.31.0 +requests==2.32.3 # via sphinx snowballstemmer==2.2.0 # via sphinx -sphinx==7.2.6 +sphinx==8.0.2 # via # -r docs.in # pallets-sphinx-themes @@ -46,19 +46,19 @@ sphinx==7.2.6 # sphinxcontrib-log-cabinet sphinx-tabs==3.4.5 # via -r docs.in -sphinxcontrib-applehelp==1.0.8 +sphinxcontrib-applehelp==2.0.0 # via sphinx -sphinxcontrib-devhelp==1.0.6 +sphinxcontrib-devhelp==2.0.0 # via sphinx -sphinxcontrib-htmlhelp==2.0.5 +sphinxcontrib-htmlhelp==2.1.0 # via sphinx sphinxcontrib-jsmath==1.0.1 # via sphinx sphinxcontrib-log-cabinet==1.0.1 # via -r docs.in -sphinxcontrib-qthelp==1.0.7 +sphinxcontrib-qthelp==2.0.0 # via sphinx -sphinxcontrib-serializinghtml==1.1.10 +sphinxcontrib-serializinghtml==2.0.0 # via sphinx -urllib3==2.2.1 +urllib3==2.2.2 # via requests diff --git a/requirements/tests.txt b/requirements/tests.txt index 2146b275..3a24fc51 100644 --- a/requirements/tests.txt +++ b/requirements/tests.txt @@ -8,11 +8,11 @@ asgiref==3.8.1 # via -r tests.in iniconfig==2.0.0 # via pytest -packaging==24.0 +packaging==24.1 # via pytest -pluggy==1.4.0 +pluggy==1.5.0 # via pytest -pytest==8.1.1 +pytest==8.3.2 # via -r tests.in python-dotenv==1.0.1 # via -r tests.in diff --git a/requirements/typing.txt b/requirements/typing.txt index fa18143c..99753c70 100644 --- a/requirements/typing.txt +++ b/requirements/typing.txt @@ -6,27 +6,27 @@ # asgiref==3.8.1 # via -r typing.in -cffi==1.16.0 +cffi==1.17.0 # via cryptography -cryptography==42.0.5 +cryptography==43.0.0 # via -r typing.in iniconfig==2.0.0 # via pytest -mypy==1.9.0 +mypy==1.11.1 # via -r typing.in mypy-extensions==1.0.0 # via mypy -nodeenv==1.8.0 +nodeenv==1.9.1 # via pyright -packaging==24.0 +packaging==24.1 # via pytest -pluggy==1.4.0 +pluggy==1.5.0 # via pytest pycparser==2.22 # via cffi -pyright==1.1.357 +pyright==1.1.377 # via -r typing.in -pytest==8.1.1 +pytest==8.3.2 # via -r typing.in python-dotenv==1.0.1 # via -r typing.in @@ -34,8 +34,5 @@ types-contextvars==2.4.7.3 # via -r typing.in types-dataclasses==0.6.6 # via -r typing.in -typing-extensions==4.11.0 +typing-extensions==4.12.2 # via mypy - -# The following packages are considered to be unsafe in a requirements file: -# setuptools