From e96bd75b975177f205fffc32487848e43c835514 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Mar 2025 22:30:02 +0000
Subject: [PATCH 1/2] build(deps): bump the pinned-test-dependencies group
 across 3 directories with 2 updates

Bumps the pinned-test-dependencies group with 1 update in the /actions directory: [zizmor](https://github.com/woodruffw/zizmor).
Bumps the pinned-test-dependencies group with 1 update in the /repo directory: [ruff](https://github.com/astral-sh/ruff).
Bumps the pinned-test-dependencies group with 1 update in the /signer directory: [ruff](https://github.com/astral-sh/ruff).


Updates `zizmor` from 1.4.1 to 1.5.1
- [Release notes](https://github.com/woodruffw/zizmor/releases)
- [Changelog](https://github.com/woodruffw/zizmor/blob/main/docs/release-notes.md)
- [Commits](https://github.com/woodruffw/zizmor/compare/v1.4.1...v1.5.1)

Updates `ruff` from 0.9.10 to 0.11.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.10...0.11.0)

Updates `ruff` from 0.9.10 to 0.11.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.10...0.11.0)

---
updated-dependencies:
- dependency-name: zizmor
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pinned-test-dependencies
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pinned-test-dependencies
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pinned-test-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 actions/lint-requirements.txt | 2 +-
 repo/pyproject.toml           | 2 +-
 signer/pyproject.toml         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/actions/lint-requirements.txt b/actions/lint-requirements.txt
index 0f2e8ee..fd19426 100644
--- a/actions/lint-requirements.txt
+++ b/actions/lint-requirements.txt
@@ -1 +1 @@
-zizmor == 1.4.1
\ No newline at end of file
+zizmor == 1.5.1
\ No newline at end of file
diff --git a/repo/pyproject.toml b/repo/pyproject.toml
index a876dc3..85cb6fc 100644
--- a/repo/pyproject.toml
+++ b/repo/pyproject.toml
@@ -32,7 +32,7 @@ tuf-on-ci-update-targets = "tuf_on_ci:update_targets"
 [project.optional-dependencies]
 lint = [
   "mypy == 1.15.0",
-  "ruff == 0.9.10",
+  "ruff == 0.11.0",
 ]
 
 [tool.hatch.version]
diff --git a/signer/pyproject.toml b/signer/pyproject.toml
index 0611494..af10873 100644
--- a/signer/pyproject.toml
+++ b/signer/pyproject.toml
@@ -30,7 +30,7 @@ tuf-on-ci-sign = "tuf_on_ci_sign:sign"
 [project.optional-dependencies]
 lint = [
   "mypy == 1.15.0",
-  "ruff == 0.9.10",
+  "ruff == 0.11.0",
 ]
 
 [tool.hatch.version]

From a98ab652af0c6db8d4bf4726214a68b1a3f1a961 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Tue, 18 Mar 2025 11:30:01 +0200
Subject: [PATCH 2/2] repo: Avoid logging with root logger

Linter complains about this
---
 repo/tuf_on_ci/create_signing_events.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/repo/tuf_on_ci/create_signing_events.py b/repo/tuf_on_ci/create_signing_events.py
index 9eabb0c..9858f23 100644
--- a/repo/tuf_on_ci/create_signing_events.py
+++ b/repo/tuf_on_ci/create_signing_events.py
@@ -48,7 +48,7 @@ def create_signing_events(verbose: int, push: bool) -> None:
         rolename = filename[: -len(".json")]
         version = repo.bump_expiring(rolename)
         if version is None:
-            logging.debug("No version bump needed for %s", rolename)
+            logger.debug("No version bump needed for %s", rolename)
             continue
 
         msg = f"Periodic version bump: {rolename} v{version}"
@@ -62,7 +62,7 @@ def create_signing_events(verbose: int, push: bool) -> None:
         _git(["commit", "-m", msg, "--signoff"])
         try:
             _git(["show-ref", "--quiet", "--verify", ref])
-            logging.debug("Signing event branch %s already exists", event)
+            logger.debug("Signing event branch %s already exists", event)
         except subprocess.CalledProcessError:
             events.append(event)
             if push: