From bea6b5cd9127313eba64a5b021f8d93d53560030 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Mar 2025 22:30:45 +0000
Subject: [PATCH 1/2] build(deps): bump the minimum-runtime-dependencies group
 across 2 directories with 1 update

Updates the requirements on  and [tuf](https://github.com/theupdateframework/python-tuf) to permit the latest version.

Updates `tuf` to 6.0.0
- [Release notes](https://github.com/theupdateframework/python-tuf/releases)
- [Changelog](https://github.com/theupdateframework/python-tuf/blob/develop/docs/CHANGELOG.md)
- [Commits](https://github.com/theupdateframework/python-tuf/compare/v5.1.0...v6.0.0)

Updates `tuf` to 6.0.0
- [Release notes](https://github.com/theupdateframework/python-tuf/releases)
- [Changelog](https://github.com/theupdateframework/python-tuf/blob/develop/docs/CHANGELOG.md)
- [Commits](https://github.com/theupdateframework/python-tuf/compare/v5.1.0...v6.0.0)

---
updated-dependencies:
- dependency-name: tuf
  dependency-type: direct:production
  dependency-group: minimum-runtime-dependencies
- dependency-name: tuf
  dependency-type: direct:production
  dependency-group: minimum-runtime-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 repo/pyproject.toml   | 2 +-
 signer/pyproject.toml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/repo/pyproject.toml b/repo/pyproject.toml
index a876dc3..39b88e8 100644
--- a/repo/pyproject.toml
+++ b/repo/pyproject.toml
@@ -10,7 +10,7 @@ license-files = [ "LICENSE" ]
 readme = "README.md"
 dependencies = [
   "securesystemslib[awskms, azurekms, gcpkms, sigstore] ~= 1.2",
-  "tuf ~= 5.1",
+  "tuf ~= 6.0",
   "click ~= 8.1",
 ]
 requires-python = ">=3.10"
diff --git a/signer/pyproject.toml b/signer/pyproject.toml
index 0611494..bb82f8b 100644
--- a/signer/pyproject.toml
+++ b/signer/pyproject.toml
@@ -12,7 +12,7 @@ dependencies = [
   "packaging ~= 24.0",
   "platformdirs ~= 4.2",
   "securesystemslib[awskms,azurekms,gcpkms,hsm,sigstore] ~= 1.2",
-  "tuf ~= 5.1",
+  "tuf >= 5.1,< 7.0",
   "click ~= 8.1",
 ]
 requires-python = ">=3.9"

From 197b0ac041a964694cfcf5426f11da23376c409d Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Tue, 18 Mar 2025 11:21:18 +0200
Subject: [PATCH 2/2] repo: Allow tuf 5.x and 6.x

* sigstore still depends on tuf 5 so we can't require 6 yet
* This is what signer already does
---
 repo/pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/repo/pyproject.toml b/repo/pyproject.toml
index 39b88e8..c24baaa 100644
--- a/repo/pyproject.toml
+++ b/repo/pyproject.toml
@@ -10,7 +10,7 @@ license-files = [ "LICENSE" ]
 readme = "README.md"
 dependencies = [
   "securesystemslib[awskms, azurekms, gcpkms, sigstore] ~= 1.2",
-  "tuf ~= 6.0",
+  "tuf >= 5.1,< 7.0",
   "click ~= 8.1",
 ]
 requires-python = ">=3.10"