From f3f21aff896187f34821a396a26a84efe2e6fc6c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Jul 2025 01:08:23 +0000
Subject: [PATCH 1/2] build(deps): bump the test-and-lint-dependencies group
 with 2 updates

Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/zizmorcore/zizmor).


Updates `ruff` from 0.12.0 to 0.12.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.12.0...0.12.1)

Updates `zizmor` from 1.9.0 to 1.11.0
- [Release notes](https://github.com/zizmorcore/zizmor/releases)
- [Changelog](https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md)
- [Commits](https://github.com/zizmorcore/zizmor/compare/v1.9.0...v1.11.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
- dependency-name: zizmor
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements/lint.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/lint.txt b/requirements/lint.txt
index 1ab9845122..4009445cde 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -6,9 +6,9 @@
 # Lint tools
 # (We are not so interested in the specific versions of the tools: the versions
 # are pinned to prevent unexpected linting failures when tools update)
-ruff==0.12.0
+ruff==0.12.1
 mypy==1.16.1
-zizmor==1.9.0
+zizmor==1.11.0
 
 # Required for type stubs
 freezegun==1.5.2

From 3925818a4460883b9db16e2c8a8a90d58f7d5a22 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Tue, 8 Jul 2025 10:56:43 +0300
Subject: [PATCH 2/2] workflows: Add action/job names

zizmor now requires these and it seems like good practice

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
---
 .github/workflows/_test.yml                       | 2 ++
 .github/workflows/_test_sslib_main.yml            | 1 +
 .github/workflows/conformance.yml                 | 1 +
 .github/workflows/dependency-review.yml           | 1 +
 .github/workflows/specification-version-check.yml | 1 +
 5 files changed, 6 insertions(+)

diff --git a/.github/workflows/_test.yml b/.github/workflows/_test.yml
index 34ad5f2d4d..c3fcf28d47 100644
--- a/.github/workflows/_test.yml
+++ b/.github/workflows/_test.yml
@@ -4,6 +4,7 @@ on:
 
 permissions: {}
 
+name: Lint and run test suite
 jobs:
   lint-test:
     name: Lint Test
@@ -89,6 +90,7 @@ jobs:
       - run: echo "All test jobs have completed successfully."
 
   coveralls-fin:
+    name: Submit coverage to Coveralls.io
     # Always run when all 'tests' jobs have finished even if they failed
     # TODO: Replace always() with a 'at least one job succeeded' expression
     if: always()
diff --git a/.github/workflows/_test_sslib_main.yml b/.github/workflows/_test_sslib_main.yml
index c8cf3107d9..45069f396b 100644
--- a/.github/workflows/_test_sslib_main.yml
+++ b/.github/workflows/_test_sslib_main.yml
@@ -4,6 +4,7 @@ on:
 
 permissions: {}
 
+name: Test securesystemslib main branch
 jobs:
   sslib-main:
     name: Test securesystemslib main branch (not a merge blocker)
diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
index 1c3a414dd6..0078b495f0 100644
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@@ -11,6 +11,7 @@ permissions:
 name: Conformance
 jobs:
   conformance:
+    name: Conformance
     runs-on: ubuntu-latest
     steps:
       - name: Checkout conformance client
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 1400d25cf6..8033ea81c0 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -13,6 +13,7 @@ permissions:
 
 jobs:
   dependency-review:
+    name: Dependency review
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
diff --git a/.github/workflows/specification-version-check.yml b/.github/workflows/specification-version-check.yml
index ed4f6bbe1f..6c89e2014d 100644
--- a/.github/workflows/specification-version-check.yml
+++ b/.github/workflows/specification-version-check.yml
@@ -10,6 +10,7 @@ permissions: {}
 jobs:
   # Get the version of the TUF specification the project states it supports
   get-supported-tuf-version:
+    name: Get TUF spec version supported by python-tuf
     runs-on: ubuntu-latest
     outputs:
       version: ${{ steps.get-version.outputs.version }}